Check Point Research

🎯Yesterday, “Handala Hack,” operated by MOIS-affiliated threat actor, expanded its disruptive operations into the US 👁️ After years of tracking its activity, we’re sharing the latest and most common TTPs of to this actor: Void Manticore Read More : research.checkpoint.com/2026/handala-h…

🦹Iranian actors are using ransomware affiliate programs, stealers, and MaaS to expand their reach and capabilities. 🔖Dive in to see how these threat actors leverage the cybercrime ecosystem to pursue strategic goals while complicating attribution: research.checkpoint.com/2026/iranian-m…

🚨ALERT🚨 Gulf countries, Cyprus & Israel - A massive wave of IP camera scanning and exploitation from Iran-linked infrastructure. ✅ Patch to the latest version 🔐 Enforce strong, unique passwords and restrict external access Read More : research.checkpoint.com/2026/interplay…

#SilverDragon is a new threat cluster with ties to #APT41. 🎯Activity across Asia & Europe, exploiting internet-facing servers and running targeted phishing. ☁️New .NET implants alongside Cobalt Strike and abuse of cloud services for C2. Read more -> research.checkpoint.com/2026/silver-dr…

📜🤫2025: The Untold Stories of Check Point Research Zero-days, wipers, election interference - much of what we uncover never makes it into public reports. From #APT36 to #MuddyWater, #COLDRIVER to #FlaxTyphoon, here's what we tracked across every region. research.checkpoint.com/2026/2025-the-…

AI tools are now part of the attack surface. CPR demonstrated “AI as a proxy”: Grok & Copilot can be steered to fetch attacker URLs and relay C2. Pair that with AI-driven malware, and you get prompt-powered implants that adapt at runtime. research.checkpoint.com/2026/ai-in-the…

In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. research.checkpoint.com/2026/amaranth-…

Cyber Security Report 2026 📣 Check Point Research breaks down how 2025 reshaped the threat landscape: Multi-Channel social engineering, Geopolitical conflicts, Chinese-nexus threat actors, Ransomware, and more. Plus stats you'll want to see📊 Download: research.checkpoint.com/2026/cyber-sec…

KONNI’s latest phishing campaign is targeting developers across APAC and featuring an AI-generated PowerShell backdoor. 🧑‍💻 Read more --> research.checkpoint.com/2026/konni-tar…

#Voidlink, A new era of malware has arrived! We discovered that the framework was built nearly end-to-end using agentic AI. It stands as an alarming example of what experienced actors are capable of using artificial intelligence. research.checkpoint.com/2026/voidlink-…

The Starlink IPs used by "Handala Hack" are : 188[.]92[.]255[.]96 188[.]92[.]255[.]57

Iran’s internet has gone dark and Iranian hackers are using #Starlink. After a week of quiet we are seeing that “Handala Hack” of MOIS is back, operating from Starlink IP ranges and hitting targets across the Middle East. We continue tracking.

Deep dive into the new #Sicarii ransomware: technical details and the bigger question - is it pure cybercrime, political signaling, or a possible false flag operation? Read More : research.checkpoint.com/2026/sicarii-r…

Check Point Research unveils #VoidLink, a highly modular Linux malware framework with 30+ plugins, cloud/container persistence, robust OPSEC (runtime encryption, rootkits, self-delete), and links to Chinese-affiliated actors. Full analysis on our blog research.checkpoint.com/2026/voidlink-…

GoBruteforcer turns AI-generated defaults and legacy XAMPP installations into a botnet, exposing FTP and weak database credentials that feed password spraying and TRON/BSC token sweeps from compromised projects. research.checkpoint.com/2026/inside-go…