Search results for tag #checkpoint
#CheckPoint Research has profiled #SilverDragon, a Chinese-aligned group linked to #APT41 that targeted government and enterprise networks across Southeast Asia and Europe. Recent operations used the #GearDoor #backdoor with SSHcmd and SilverScreen, enabling remote access, covert screen capture, and stealthy control after #phishing and server exploitation.
#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.
#CheckPoint Research has published its Untold Stories of 2025, a compilation covering multiple notable campaigns that occurred during 2025. These include exploitation of #Microsoft #SharePoint (“ToolShell”), and adversary-in-the-middle #phishing used to bypass MFA, as well as state-linked operations attributed to groups such as Camaro Dragon and COLDRIVER. The report also highlights evolving command-and-control techniques observed across Europe and Central Asia.
https://research.checkpoint.com/2026/2025-the-untold-stories-of-check-point-research/
#CheckPoint Research summarizes five key Iranian threat actor clusters relevant to the current conflict in the Middle East. It outlines the main TTPs these groups have recently used against targets in the Middle East and the United States and shares six defensive measures IT teams should take to help prevent attacks during the ongoing conflict.
https://blog.checkpoint.com/research/what-defenders-need-to-know-about-irans-cyber-capabilities/
Back home at my desk this week after an intense week of advanced Maestro training. It was so much fun to sit in a room of skilled engineers listening to one of our Maestro experts, discussing different scenarios & deployments, and playing with the boxes in the lab.
https://www.checkpoint.com/quantum/maestro-hyperscale-network-security/
#CheckPoint researchers described a #phishing campaign that abused legitimate SaaS notifications from #Microsoft, #Zoom, #Amazon, #PayPal, #YouTube, and #Malwarebytes to drive phone-based scams. The operation sent 133,260 emails to 20,049 organizations, intensifying in recent months as attackers leveraged trusted messages to bypass link-focused defenses and steer targets to attacker-controlled phone numbers.
#CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
R82 fresh install, migrate_server import, policy installed.
It’s always more nerve wracking at home with limited resources and no TAC support to back you up than in a production environment.
If you know, you know.
#CheckPoint Research has published the 2026 #CyberSecurity Report, highlighting #AI as a force multiplier across attacks, fragmentation in #ransomware with data only extortion, and multi-channel #socialengineering attacks. It maps threat activity to geopolitics and identity driven paths, quantifies risky AI usage, and provides sector and regional breakouts.
https://research.checkpoint.com/2026/cyber-security-report-2026/
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
For the latest discoveries in cyber research for the week of 26th January, please download our Threat Intelligence Bulletin: https://research.checkpoint.com/2026/26th-january-threat-intelligence-report/
#CheckPoint researchers describe a #MicrosoftTeams #phishing campaign abusing guest invitations and finance-themed team names to mimic billing notices. More than 12K emails were observed hitting 6,135 users via invite emails with obfuscated text. The campaign targeted US-based organizations across manufacturing, technology, and education.
#CheckPoint Research identified an ongoing #phishing campaign associated with #KONNI, a North Korean–linked threat actor active since at least 2014. The campaign targets software developers and engineering teams across the Asia-Pacific region, including Japan, Australia, and India, using blockchain-themed lures to prompt interaction and deliver malicious content. In observed activity, the threat actor deploys AI-generated #PowerShell #backdoors.
https://research.checkpoint.com/2026/konni-targets-developers-with-ai-malware/
#CheckPoint Research revealed that #VoidLink, a recently exposed cloud-native #Linux #malware framework, is authored almost entirely by AI, likely under the direction of a single individual. The malware was produced predominantly through AI-driven development, reaching the first functional implant in under a week. From a methodology perspective, the actor used the model beyond coding, adopting an approach called Spec Driven Development (SDD).
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/
Did you miss the biggest #CheckMates event of the year?
The full recording of #CheckMatesFest2026 is now live on CheckMates.
Watch the complete celebration, hear insights from #CheckPoint leadership on what’s ahead, and catch the full R&D Q&A, including questions from the community.
If you couldn’t join us live on Wednesday, this is your chance to experience it all!
🚨 MASS EXPLOITATION ALERT – PATCH NOW
If you use #HPE #OneView, your systems could already be compromised. #CheckPoint Research has detected an active exploitation campaign against a critical #vulnerability.
Attackers can execute commands on your systems without authentication. Government, financial, and industrial sectors are already being hit hard and need to act fast.
👉 Find out more in our full report: https://blog.checkpoint.com/research/patch-now-active-exploitation-underway-for-critical-hpe-oneview-vulnerability/
When the immune system detects a protein from a pathogen,
it’s supposed to dispatch killer T cells to eliminate the invader.
Some cancers can interfere with this process by hijacking the checkpoint proteins that keep our immune system from revving out of control
and using them to turn T cells off.
Starting in the mid-1990s, several research teams found success by treating mice with #checkpoint #inhibitors,
-- then a new class of drugs designed to keep tumor cells from concealing their identity and signaling, effectively, “nothing to see here.”
Thirty years on, checkpoint inhibitors have become a transformative tool in cancer treatment, especially for melanoma.
The research that went into developing checkpoint inhibitors showed conclusively that immune cells detect cancer much in the same way they identify other pathogens:
through differences in protein structure determined by DNA
—a crucial insight.
But as revolutionary as checkpoint inhibitors have been for immunotherapy, they don’t work for everyone
—far from it.
Some 80 percent of patients do not respond to this class of drugs.
Researchers are still trying to understand all the mechanisms that play a role in determining who does respond,
but one key factor is whether the immune system is able to recognize tumor cells on the basis of their mutations.
This is where mRNA vaccines come in.
#Jason #Luke, a melanoma researcher who now serves as chief medical officer of mRNA-medicine start-up #Strand #Therapeutics,
helped to design several ongoing clinical trials of mRNA vaccines for cancer.
He explains that both checkpoint inhibitors and mRNA vaccines build on our deep evolutionary adaptation for fighting pathogens
by identifying the proteins they shed in our bodies.
But checkpoint inhibitors are effective only if the patient’s immune system recognizes the cancer as a threat.
In contrast, mRNA vaccines have the potential to work even in patients whose cancers haven’t spurred much immune response.
The trick, Luke says, is using computational tools to decipher which of a given tumor’s mutations are most likely to be found by the immune system.
For the latest discoveries in cyber research for the week of 5th January, please download our Threat Intelligence Bulletin from #CheckPoint Research.
It covers the latest cyber threats you need to know about this week!
https://research.checkpoint.com/2026/5th-january-threat-intelligence-report/
#CheckPoint Research noticed a surge in #darknet campaigns #recruiting insiders at banks, crypto exchanges, telecoms, and major tech firms to sell access and data. Listings advertise payouts of $3,000 to $15,000, offer datasets like 37 million records for $25,000, and solicit telecom staff for SIM swapping to bypass two-factor authentication.
#CheckPoint Research analyzed #GachiLoader, a Node.js–based #malware loader observed in a campaign linked to the #YouTube #GhostNetwork. The campaign is notable for extensive obfuscation and a previously undocumented PE injection technique. GachiLoader deploys a second-stage loader, #Kidkadi, which abuses Vectored Exception Handling (VEH) in a novel method, dubbed Vectored Overloading.
https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/
For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin from #CheckPoint Research. It covers the top breaches, threat actors and threat intelligence you need to know this week.
https://research.checkpoint.com/2025/22nd-december-threat-intelligence-report/
Google just lost its “trusted sender” advantage.
Our Email Security researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails that look like routine Google notifications — and they’re landing straight in inboxes.
No spoofing. No fake domains. Just trusted infrastructure used against users.
👉 See how it works, who’s being targeted, and why it’s so hard to detect: https://blog.checkpoint.com/research/phishing-campaign-leverages-trusted-google-cloud-automation-capabilities-to-evade-detection/
Join the conversation! This week a CheckMate posed an interesting question about site-to-site VPN outgoing route selection.
We want your input! Share your insights with the community and see if you have a solution to this community based inquiry!
Take a look a the post here: https://community.checkpoint.com/t5/Security-Gateways/About-site-to-site-VPN-outgoing-route-selection/m-p/265603#M52323
#CheckPoint researchers revealed a #phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. The attackers sent over 40,000 phishing emails targeting roughly 6,100 customers over the past two weeks, abusing Mimecast’s secure-link rewriting feature as a smokescreen to make their links appear safe and authenticated.
Happy hump day! We’re celebrating our one and only #CheckMates MVP, Danny Jung.
If you’ve been in the #community for a while, Danny’s name should sound familiar. A former CheckMates Champion, he’s behind some of the most popular tools and posts in the community, including the legendary CCC – Common #CheckPoint Commands: https://community.checkpoint.com/t5/Scripts/ccc-Common-Check-Point-Commands/td-p/38488
Congratulations, Danny, on your Platinum MVP status. Can’t wait to celebrate you at #CheckMatesFest: https://checkpoint.zoom.us/webinar/register/3117654458096/WN_3F5pHP-JTlmSHy3pv_kOUQ
#CheckPoint Research exposed #ValleyRAT’s modular system, including a kernel-mode #rootkit that can remain loadable on fully updated #Windows 11 despite built-in protections. The research linked leaked builder artifacts to plugins and identified about 6,000 samples, with roughly 85 percent emerging in the last six months after the builder’s public release.
https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/
For the latest discoveries in cyber research for the week of 15th December, please download our Threat Intelligence Bulletin from #CheckPoint Research.
https://research.checkpoint.com/2025/15th-december-threat-intelligence-report/
#CheckPoint Research reports a global rise in cyber attacks in November 2025, averaging 2,003 weekly attempts per organization, with education most targeted sector and rising exposure from generative AI. 727 ransomware incidents were recorded, a 22% increase YoY, with North America accounting for 55% of cases and industrial manufacturing being the top victim industry.
Today’s CheckMates MVP Heiko Akenbrand is behind some of the most widely used tools in the CheckMates Toolbox including the SmartConsole Extension - Easy deletion of unused rules and the Easy Backup Tool. These scripts have been used consistently by CheckMates all over the world and have made a real impact on our community.
Congratulations Heiko, we are grateful for your contributions!
Take a look at it: https://community.checkpoint.com/t5/SmartConsole-Extensions/SmartConsole-Extension-Easy-deletion-of-unused-rules/m-p/256149#M403
#CheckPoint Research shared details of a critical exploit in #Yearn Finance’s yETH pool, where an attacker abused a smart contract flaw to mint trillions of tokens with a minuscule deposit, resulting in the theft of approximately $9 million in assets from the Ethereum-based DeFi protocol.
We are excited to announce the release of the full video showcasing Check Point’s latest addition to the Quantum Force family. This introduction highlights how the new appliance brings advanced threat prevention, accelerated performance, and simple scalability to branch offices and distributed environments. Watch the Full Video here:
#CheckPoint Research revealed a #vulnerability in #OpenAI Codex CLI that allowed attackers to achieve remote code execution via malicious project-local configuration files (MCP entries) executed without user prompts. OpenAI released a patch in version 0.23.0 to address the automatic execution risk.
https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/
For the latest discoveries in cyber research for the week of 8th December, please download our Threat Intelligence Bulletin from Check Point Research.
https://research.checkpoint.com/2025/8th-december-threat-intelligence-report/
#CheckPoint has elaborated on the critical #React2Shell vulnerability, CVE-2025-55182, that affects React 19.x and related server-side frameworks such as Next.js 15.x/16.x. The vulnerability enables unauthenticated remote code execution via malicious HTTP requests targeting the server’s decoding process. Exploitation allows attackers to gain full control over application servers...
We’re gearing up for the end of the week but not before celebrating another CheckMates Platinum MVP! This time we’re giving a proper shout-out to one of our long-time community leaders. With over 300 posts, self-run Maestro workshops, and a track record of leading discussions since 2016, Lari Luoma has been shaping this community for years. Congratulations Lari and thank you for everything you do!
https://www.linkedin.com/feed/update/urn:li:share:7402351232520179714/
#CheckPoint researchers analyzed the Shai-Hulud 2.0 #npm supply chain campaign that compromised over 600 npm packages and 25,000 GitHub repositories. Malicious preinstall scripts stole developer and multi-cloud credentials, exfiltrated them to attacker #GitHub repos, registered infected hosts as self-hosted runners, and used the stolen tokens for worm-like propagation across npm and GitHub.
This weeks Post of the Week is on Best-in-Class GenAI Security with CloudGuard WAF + Lakera.
We’re excited to announce the expansion of CloudGuard WAF with integrated Lakera GenAI security now delivering prevention-first protection for Web, API, and GenAI applications.
If you want a quick breakdown of what’s new and why it matters, we put it all into one place.
Read the full post here: https://ow.ly/HBH350XBbXT
#CheckPoint overviews expected cyber risks in 2026, including converging agentic #AI, quantum computing, and Web 4.0. The blog outlines 12 trends: autonomous AI operations, digital-twin/XR environments, #LLM-native attacks, #deepfake fraud, #quantum “harvest-now, decrypt-later” exposure, data-pressure #ransomware, expanding supply-chain, #SaaS, and identity threats.
https://blog.checkpoint.com/executive-insights/the-2026-tech-tsunami-ai-quantum-and-web-4-0-collide/
#CheckPoint researchers uncovered #GhostAd, a large-scale #Android adware campaign where at least 15 #GooglePlay applications, with millions of installs, abuse foreground services and blank notifications to run persistent background ads and drain device resources. These applications also use background execution and storage permissions to persist, hide, and silently exfiltrate external-storage files, including corporate documents, to attackers’ infrastructure.
For the latest discoveries in cyber research for the week of 1st December, please check our Threat Intelligence Report: https://research.checkpoint.com/2025/1st-december-threat-intelligence-report/
💸 Is your WAF quietly burning budget behind the scenes?
Manual rule updates, constant triage, blocked customers, and the looming cost of a breach… traditional WAFs stack hidden expenses fast.
#CheckPoint's #CloudGuard #WAF does the opposite. Its AI-driven engine delivers ~99.4% accuracy and near-zero false positives.
The result:
✔️ Up to 3x lower operational costs
✔️ Fewer business losses
✔️<1% breach probability
👉 Dive into the full blog + try our TCO calculator: https://blog.checkpoint.com/securing-the-cloud/how-cloudguard-waf-lowers-risk-and-total-cost-of-ownership-tco
The Black Friday Cyber Crime Economy
#CheckPoint Research uncovered a surge in fraudulent #BlackFriday domains and brand impersonation. Roughly 1 in 11 new Black Friday domains are malicious, and 1 in 25 domains referencing #Amazon, #AliExpress, or #Alibaba pose active threats, with fake storefronts stealing credentials and payment data. Recent examples also mimic HOKA and AliExpress.
🔥 Big things are happening! Our biggest AI security event of the year is right around the corner.
#CheckPoint's CEO Nadav Zafrir and CTO Jonathan Zanger, VP of Agentic AI David Haber, and NVIDIA SVP Kevin Deierling will be diving into the top cyber challenges shaping the AI era — and what organizations can do to stay protected.
Make sure you’re registered!
🤯 Google Play missed this, and millions paid the price.
#CheckPoint Research just uncovered #GhostAd — a large-scale #Android #adware campaign hiding inside popular utility and emoji-editing apps on Google Play.
Battery drain, data consumption, disappearing icons… with the millions that downloaded these apps, you'll want to read for yourself how to avoid them and what this means for your mobile security.
👉 Read the findings: https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
See how top WAFs including #Microsoft Azure, #Cloudflare, #AWS, and #CheckPoint #CloudGuard #WAF -performed in real-world traffic simulations.
Metrics that matter: Detection Rate | False Positive Rate | Balanced Accuracy.
👉 Check the WAF Comparison Project 2025: https://blog.checkpoint.com/artificial-intelligence/waf-security-test-results-how-does-your-vendor-rate/
Cyber insurance is meant to protect you... so why are so many claims denied? 🤔
Turns out the biggest breach drivers aren’t sophisticated attacks — they’re the everyday hygiene gaps insurers assume you’ve already handled.
#MFA, #patching, leaked credentials… if these slip, payouts often do, too.
👉 Learn more as Coral Tayar uncovers why “mundane” threats are causing the biggest financial surprises: https://blog.checkpoint.com/security/cyber-insurance-wont-save-you-from-bad-hygiene/
IT Services Associate in the IT Services Industry gives #CheckPoint #CloudGuard WAF 5/5 Rating in Gartner Peer Insights™ API Protection Market.
Read the full review here: https://gtnr.io/bCz77yqmB
Global Analysis – October 2025
#CheckPoint Research published its October 2025 global threat report, highlighting a continued rise in #cyberattacks, with organizations averaging 1,938 weekly attacks (+5% YoY) and #ransomware #incidents surging 48% YoY. The report also notes escalating GenAI-related data leakage risks, with 1 in 44 enterprise prompts exposing sensitive information.
The State of Ransomware – Q3 2025
#CheckPoint Research reports on a fragmented #ransomware landscape in Q3 2025, with 85 active groups and 1,592 victims listed across leak sites, averaging 535 victims per month. Qilin led activity, while LockBit 5.0 returned, signaling potential recentralization. Manufacturing and business services remained the most affected sectors.
https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/
🤝 Two leaders in AI security just joined forces.
Check Point's CloudGuard WAF + Lakera now delivers best-in-class prevention for GenAI apps, APIs, and agents — blocking prompt injection, data leakage, and abuse in real time!
If you're building with AI, this is the upgrade your security stack has been waiting for.
Explore how this changes the security game 👇
https://blog.checkpoint.com/securing-the-cloud/best-in-class-genai-security-when-cloudguard-waf-meets-lakera/
Somehow bot-detecting algorithms have been degrading over time.
This is a troubling trend because people who aren't using the anointed access points of the internet struggle more and more to connect and interact. Large entities like CloudFlare choke off more and more avenues of access in the name of "security", enforcing digital checkpoints without any accountability to anyone.
#dev #tech #web #bot #DarkPattern #security #infosec #cybersecurity #checkpoint