Cyble

Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active FreePBX exploitation campaign, with high confidence tied to INJ3CTOR3, an actor with a documented history of targeting VoIP infrastructure for financial gain since 2019. The campaign deploys a multi-stage Bash dropper that introduces JOMANGY, a PHP webshell family with no prior public documentation, alongside Zen…

In a digital landscape that moves at the speed of AI, we feel recognition is more than just a market positioning—it is a validation of vision. We are proud to announce that Cyble has been named a Challenger in the first-ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies . For us, being positioned in the Challengers Quadrant in this inaugural report is a testament to our rapid…

The Gulf Cooperation Council (GCC) region has spent the last several years building one of the world’s most ambitious digital economies. Across Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the UAE, governments and enterprises have accelerated investments in cloud infrastructure, AI-driven services, smart cities, and digital banking technology at a pace rarely seen elsewhere. Banks are rolling …

In 2026, opportunistic assaults and isolated breaches will no longer characterize Australia's cyber risk environment. Industrialized data theft, in which stolen data is packaged, repackaged, and marketed on underground marketplaces, is influencing it. Threat actors are already combining Australian data into composite "breach packages," increasing both its commercial worth and its downstream dange…

This morning, Cyble was recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies as a Challenger . I want to use this post for two things. First, to thank the people who got us here. Second, to share what we believe this recognition actually signals — because the more interesting story isn’t about Cyble at all. It’s about where this category is going. A milestone …

Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign leveraging social engineering and trusted infrastructure to establish persistent, covert access to victim systems. The attack is delivered via phishing emails containing a malicious LNK file disguised within a RAR archive, using a Russian humanitarian aid request form to exploit contextu…

The modern enterprise is no longer breached in the traditional sense. Firewalls remain intact; endpoints appear compliant, and credentials are often never “stolen” in the usual way. Yet attackers still get in—and stay in. The difference lies in how trust is being weaponized. Threat actors are executing what looks like a supply chain attack without ever touching the actual supply chain infrastruct…

Recognized for Completeness of Vision and Ability to Execute We are excited to share that Cyble has been recognized as a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence. Check back for a complimentary copy of the full report soon! In our view, this recognition reflects what we hear from the security […] The post Cyble Named a Challenger in the 2026 Gartner® Magic Qua…

The latest weekly vulnerability Insights report to clients by Cyble provides a detailed view of vulnerabilities tracked between April 15, 2026, and April 21, 2026. The findings highlight a slight dip in overall disclosures compared to the previous week, but the persistence of active exploitation and evidence of real-world attacks continues to target enterprise, cloud, and open-source ecosystems. …

Modern cyberattacks no longer follow predictable patterns or slow timelines. They unfold at machine speed, often moving from initial access to data exfiltration in minutes. In this environment, security teams face a paradox: they are surrounded by vast amounts of data yet struggle to extract clarity from it quickly enough to prevent damage. This is where Cyble Blaze AI introduces a different oper…

The conversation around ANZ ransomware threats has shifted noticeably over the past year. What once looked like sporadic, high-profile incidents has evolved into a sustained and structured campaign against organizations across Australia and New Zealand. Signals emerging from underground forums and marketplaces reveal a sobering reality: ransomware is no longer just a technical problem; it is an e…

The idea that cyber conflict operates quietly in the background no longer holds. What used to be a shadow contest of espionage and occasional disruption has evolved into something far more direct and consequential. Today, the cyber war on US infrastructure is not a supporting element of geopolitical tension—it is one of its primary arenas. Recent global conflicts have shown that digital operation…

Executive Summary Cyble Research and Intelligence Labs (CRIL) identified a campaign of over 16,800 malicious domains active since early 2026. It uses a potent technique — embedding government labels as subdomains to fake trust without DNS authority. We have dubbed this 'Operation TrustTrap'. Spoofed portals resolve to infrastructure concentrated across Tencent Cloud and Alibaba Cloud APAC nodes ,…

Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,675 vulnerabilities, last week, reflecting continued high disclosure volume across enterprise software, cloud services, and emerging AI ecosystems. Of these, more than 205 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of exploitation and shortening att…

Cybersecurity is no longer a luxury or an afterthought for Australian organizations; it is a necessity. The scale and complexity of cyberattacks have reached unprecedented levels, and businesses, government bodies, and critical infrastructure sectors are feeling the strain. No longer confined to isolated breaches or small-scale data thefts, cyber threats now target entire systems, aiming to disru…

The underground economy of stolen credentials has matured into a structured, high-volume marketplace, and Indian enterprises are at the center. What makes this trend notable is not just the scale of cyber incidents in India, but the type of data being exposed and how efficiently it is monetized on dark web credential markets India forums. This has evolved into a corporate data leak India dark web…

Cyble Research & Intelligence Labs (CRIL) in its monthly threat landscape analysis observed a highly active threat environment throughout March 2026 , shaped by large-scale ransomware campaigns, persistent data breach activity, growing initial access brokerage markets, and exploitation of critical vulnerabilities affecting widely deployed enterprise systems. Threat actors continued to prioritize …

The tempo of UK cyberattacks has shifted from sporadic disruption to something far more systemic. When incidents reach a frequency of four national events each week, the issue stops being purely technical and becomes structural. It raises a more uncomfortable question than whether attacks will happen; it asks whether UK cybersecurity readiness is evolving fast enough to keep pace with a threat en…

Cyble Research & Intelligence Labs (CRIL) in its weekly vulnerability report tracked 1,431 bugs last week. Of these, over 270 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly accelerating exploitation timelines and increasing real-world attack likelihood. Additionally, 3 vulnerabilities were actively discussed across underground forums, signaling strong adver…

Modern cybersecurity no longer suffers from a lack of data; it suffers too much of it, scattered across systems that rarely speak the same language. Security teams today must monitor endpoints, cloud workloads, SaaS applications, and an ever-expanding universe of external threats, including those emerging from hidden corners of the internet. This is where Cyble Blaze AI introduces a different app…