Check Point Research

"The Gentlemen" ran a tight RaaS operation. Then they got breached. CPR analyzed the full leak: org structure, access brokers, active CVEs, victim comms, and financials. Real operators, real tradecraft, fully exposed. research.checkpoint.com/2026/thus-spok…

VECT RaaS is making headlines via partnerships with BreachForums and TeamPCP. Behind the polished image is a weak operator: the ransomware is bug-ridden, poorly built, and most encrypted files aren’t fully recoverable, even with the decryption key. research.checkpoint.com/2026/vect-rans…

Rare glimpse behind the 2nd most dangerous RaaS for 2026, publicly claiming 225+ victims. CP<r> shares behind-the-scenes details that reveal the real number is potentially over 1,570 victims. research.checkpoint.com/2026/dfir-repo…

⚠️ Iranian APT conducts a wide M365 password spray campaign - focus on Israeli and UAE orgs 🌐TOR used to scan and spray, Israeli VPN infrastructure used for successful logins 🏙️ Israeli municipalities - key focus, likely for missiles BDA Read more : blog.checkpoint.com/research/iran-…

Operation TrueChaos Zero-day exploited in the wild by Chinese-nexus actor 💥 TrueConf client CVE-2026-3502 🌏 Southeast Asian government entities 🧰 Havoc C2, DLL sideloading, UAC bypass Read more : research.checkpoint.com/2026/operation…

One malicious prompt was enough. We found a way to turn ChatGPT into a covert data exfiltration channel. No warning. No approval. research.checkpoint.com/2026/chatgpt-d…

🎯Yesterday, “Handala Hack,” operated by MOIS-affiliated threat actor, expanded its disruptive operations into the US 👁️ After years of tracking its activity, we’re sharing the latest and most common TTPs of to this actor: Void Manticore Read More : research.checkpoint.com/2026/handala-h…

🦹Iranian actors are using ransomware affiliate programs, stealers, and MaaS to expand their reach and capabilities. 🔖Dive in to see how these threat actors leverage the cybercrime ecosystem to pursue strategic goals while complicating attribution: research.checkpoint.com/2026/iranian-m…

🚨ALERT🚨 Gulf countries, Cyprus & Israel - A massive wave of IP camera scanning and exploitation from Iran-linked infrastructure. ✅ Patch to the latest version 🔐 Enforce strong, unique passwords and restrict external access Read More : research.checkpoint.com/2026/interplay…

#SilverDragon is a new threat cluster with ties to #APT41. 🎯Activity across Asia & Europe, exploiting internet-facing servers and running targeted phishing. ☁️New .NET implants alongside Cobalt Strike and abuse of cloud services for C2. Read more -> research.checkpoint.com/2026/silver-dr…

📜🤫2025: The Untold Stories of Check Point Research Zero-days, wipers, election interference - much of what we uncover never makes it into public reports. From #APT36 to #MuddyWater, #COLDRIVER to #FlaxTyphoon, here's what we tracked across every region. research.checkpoint.com/2026/2025-the-…

AI tools are now part of the attack surface. CPR demonstrated “AI as a proxy”: Grok & Copilot can be steered to fetch attacker URLs and relay C2. Pair that with AI-driven malware, and you get prompt-powered implants that adapt at runtime. research.checkpoint.com/2026/ai-in-the…

In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. research.checkpoint.com/2026/amaranth-…

Cyber Security Report 2026 📣 Check Point Research breaks down how 2025 reshaped the threat landscape: Multi-Channel social engineering, Geopolitical conflicts, Chinese-nexus threat actors, Ransomware, and more. Plus stats you'll want to see📊 Download: research.checkpoint.com/2026/cyber-sec…

KONNI’s latest phishing campaign is targeting developers across APAC and featuring an AI-generated PowerShell backdoor. 🧑‍💻 Read more --> research.checkpoint.com/2026/konni-tar…

#Voidlink, A new era of malware has arrived! We discovered that the framework was built nearly end-to-end using agentic AI. It stands as an alarming example of what experienced actors are capable of using artificial intelligence. research.checkpoint.com/2026/voidlink-…