< ciso
brief />
Tag Banner

All news with #check point tag

115 articles

New Iran-linked hacking group targets Israeli IT

🛡️ Check Point Research has identified a new Iran-linked cyber threat group, dubbed Cavern Manticore, targeting Israeli government and IT organizations since early 2026. The group leverages abused RMM tools and browser-based remote desktop features for initial access and persistence, often deploying malicious updates via SysAid. Researchers observed a previously undocumented modular .NET-based C2 framework composed of a persistent Cavern agent and specialized Cavern modules, designed to evade detection and hinder forensic analysis.
read more →

Monday Recap: Proxy Botnets, Browser Ransomware

⚡ Google and partners disrupted the NetNut residential proxy network (aka Popa), which abused smart home devices and preinstalled SDKs to route malicious traffic through an estimated 2 million devices. Other incidents this week include fake PoC repos delivering the ChocoPoC RAT via a dependency, a 19-year-old alleged Scattered Spider suspect extradited to the U.S., and a Brazilian Ousaban banking trojan targeting Spain and Portugal. Check Point flagged AI-generated browser ransomware leveraging the File System Access API, illustrating AI can autonomously devise working attack techniques.
read more →

Qilin Emerges as Dominant Ransomware Operation

🛡️ Check Point and Sophos research shows Qilin has consolidated a large share of the ransomware market after disruption of rival groups. Active since 2022, Qilin lists the most victims and attracts affiliates with high payouts, mature infrastructure and AI-enabled tools. Rival groups like The Gentlemen have resurged, while increased prominence raises the likelihood of law enforcement action.
read more →

AI-generated browser ransomware risk emerges

🛡️ Researchers warn of an AI-generated Python web app, attributed to DeepSeek, that demonstrates a practical in-browser ransomware and information-stealing toolkit affecting Chromium-based browsers on Windows and Android. The sample, named InfernoGrabber v9.0, uses a phishing decoy to gain File System Access API permissions, then enumerates, exfiltrates, encrypts files, and displays a ransomware note without installing native payloads. Check Point highlights the lowered expertise barrier as LLMs can now independently surface viable attack paths.
read more →

Pre-positioned cyber threats around FIFA 2026 event

⚠️ Check Point Research found that cybercriminals pre-built and partially deployed fraud infrastructure targeting FIFA World Cup 2026 before the June 11 kickoff, focusing on financial services, transportation, hospitality, and gambling. Pre-tournament research highlighted weak DMARC enforcement among partners, a 60x surge in fake sportsbook apps concentrated on Google Play, and large volumes of lookalike travel and hotel domains created two months prior. Check Point's exposure, brand protection, and dark web monitoring capabilities flagged the activity and report rapid remediation metrics.
read more →

ClickFix: New social engineering that forces execution

🛡️ The ClickFix technique tricks users into executing malicious commands themselves by presenting convincing prompts like fake CAPTCHAs, Cloudflare checks, or “browser update” notices. Attackers rely on clipboard copy and instruct victims to paste commands into the Windows Run dialog, bypassing endpoint defenses that see the activity as legitimate user action. Check Point’s ThreatCloud AI team developed the ClickFix Engine, integrated into Gateways, Email Security, and Browse Security, to detect behavioral signals in page HTML and block such attacks irrespective of domain reputation.
read more →

Check Point Integrates OpenAI Frontier Cyber Models

🤖 Check Point is embedding OpenAI frontier cyber models into its security products through the Daybreak Cyber Partner Program to deliver sharper prevention, faster remediation, and stronger security operations. The partnership emphasizes built-in guardrails, misuse monitoring, and task-focused outputs. Initial explorations target agentic network security orchestration and CTEM Agentic Exposure Validation to improve policy translation, configuration validation, exposure summarization, prioritization, and remediation drafting.
read more →

Prime Day 2026: Surge in Amazon-Themed Scams

🛡️ Check Point Research warns that Amazon Prime Day (June 23–26, 2026) is generating a large pre-event surge in phishing, fake storefronts, and domain-squatting operations. Between December 2025 and May 2026, thousands of Amazon-themed domains were registered, with many already flagged as malicious. Attackers are building multi-TLD campaigns, regional IDN spoofs, and convincing counterfeit product pages to steal credentials and payments.
read more →

Securing AI Agent Behavior with AgentCore and Check Point

🔒 Check Point and AWS are collaborating to secure enterprise AI agents by integrating Amazon Bedrock AgentCore with Check Point AI Security. This partnership extends AgentCore’s identity, gateway, registry, and policy capabilities with runtime behavioral protections that monitor agent actions across models, tools, data, and applications. The integration enables policy-driven governance, visibility into agent deployments, and prevention of misuse such as prompt injection or unintended data exposure.
read more →

Fake Reputation Campaign Pushes Crypto Clipper

🛡️ Check Point Research found a coordinated campaign using paid posts, fake accounts, and a WordPress phishing hub to promote malicious warez. The operators pushed a Rust-based clipboard hijacker hidden in Solana and sniper bot packages targeting Windows and macOS, replacing crypto wallet addresses to steal funds. They used GitHub, SourceForge, YouTube, VirusTotal manipulation, and press release services to fabricate trust and inflate metrics.
read more →

Fake Reputation Economy Behind Crypto Clipboard Hijackers

🔍 Check Point Research uncovered a coordinated campaign that built a cross-platform false reputation to push a crypto clipboard hijacker. The actor used WordPress phishing hubs, multiple GitHub and SourceForge projects, AI-narrated YouTube tutorials, and forum posts to manufacture trust and inflate engagement. The campaign targeted Windows and macOS, including a macOS persistence mechanism, and manipulated reputation systems like VirusTotal to make malicious files appear safe.
read more →

NCSC Warning: Prepare for an Unprecedented Patch Wave

🔔 The NCSC warns organisations to brace for a large-scale “patch wave” as AI accelerates exploitation of technical debt. Check Point outlines how Exposure Management helps public sector and CNI teams identify internet-facing assets, prioritise exploitable vulnerabilities, and remediate safely. The guidance emphasises discovery, exploitability-based prioritisation, and compensating controls to reduce MTTR.
read more →

Midwest Sees Rising Cyber Attacks on Key Sectors

📊 Check Point Research found that organizations in the Central US faced higher weekly cyber attack volumes through May 2026 compared with the national average. The region averaged about 1,552 attacks per week, rising to 1,612 in May versus a national 1,442. Energy, healthcare, and financial services drove the regional increases, with energy up 45% and healthcare the most targeted by volume.
read more →

Summer travel phishing surges; hospitality attacks rise

📈 Check Point Research warns of a sharp seasonal surge in travel-related cyberattacks ahead of summer 2026, with the hospitality sector experiencing a 24% year-over-year increase in weekly attacks and a 122% rise over three years. The team found nearly 50,000 new travel-related domains in May 2026—many linked to coordinated bulk-registration campaigns—and active phishing sites impersonating major booking platforms to harvest credentials and payments. Travelers are urged to verify domains, use credit cards, enable two-factor authentication, and avoid clicking links in unsolicited messages.
read more →

Check Point expands Claude compliance coverage

🔒 Check Point now integrates its Workforce AI governance with Claude’s Compliance API to close substantial visibility gaps in enterprise AI usage. The integration provides continuous, audit-grade records across web, desktop, and mobile surfaces, addressing a critical mobile blind spot that proxies, CASBs, and endpoint DLP cannot cover. It combines content-level exposure analysis, per-user adoption analytics, and unified policy enforcement to enable secure, frictionless AI adoption across the organization.
read more →

Public Sector Security: AI as the New Battlefield

🛡️ At Check Point Engage Public Sector 2026, leaders and practitioners convened to examine how AI is transforming cyber defense and offense for government organizations. Panels highlighted that AI enables automated, fast, and scalable attacks while also becoming core infrastructure for missions. Speakers urged a shift from reactive models to proactive, prevention-first strategies, emphasizing visibility, governance, and workforce controls to secure AI adoption.
read more →

Check Point Joins OpenAI TAC and Daybreak Initiative

🔒 Check Point announced it has joined OpenAI’s Trusted Access for Cyber (TAC) program and the Daybreak initiative to access advanced cyber-capable models. The company will use GPT-5.5, OpenAI’s Codex agentic framework, and direct support from OpenAI to enhance threat analysis, incident investigation, detection engineering, and secure code review. Check Point emphasizes disciplined, focused application of these models to strengthen prevention, speed delivery, and maintain product security for enterprise customers.
read more →

Investigation Identifies Alleged Administrator of The Gentlemen

🔍 Check Point and other cyber intelligence firms have been tracking The Gentlemen, a fast-growing RaaS operation that offers affiliates a 90/10 revenue split and has become the second most active ransomware group by victim count. Researchers link the group’s administrator to the handles Hastalamuerte and Zeta88, and trace forum registrations, email addresses, Telegram IDs, and phone numbers to a likely real-world identity in Izhevsk, Russia. Open-source and breach data suggest the suspect may be Alexander Yapaev, who lists employment at Uralenergo Udmurtia; he did not respond to requests for comment.
read more →

May 2026 Cyber Attack Trends: Ransomware Surges

🔍 Check Point Research reports that global cyber-attack volumes slightly eased in May 2026, averaging 2,055 weekly attacks per organization, a 2% year‑over‑year increase but a 7% month‑over‑month decline. While overall volumes moderated, ransomware rose sharply—698 incidents, a 48% increase year‑over‑year—and GenAI-related data exposure risks expanded as enterprises adopted more tools without adequate governance. The report highlights shifting sector targets and regional variations.
read more →

Check Point warns of IKEv1 VPN authentication flaw

🔒 Check Point released emergency hotfixes for IKEv1-related VPN vulnerabilities after confirming active exploitation of a critical authentication bypass. The primary flaw (CVE-2026-50571) can let unauthenticated attackers establish VPN sessions without valid passwords, providing a foothold for further intrusions. A second issue (CVE-2026-50752) risks MITM interference in site-to-site VPNs. Check Point urges immediate patching and migration to IKEv2 where possible.
read more →