For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems. Threat group ShinyHunters claimed the theft of 9 million records, and Medtronic is evaluating what data was exposed.
• Vimeo, a global video hosting platform, has confirmed a data breach stemming from a compromise at analytics vendor Anodot. Exposed data included internal operational information, video titles and metadata, and some customer email addresses, while passwords, payment data, and video content were not accessed.
• Threat actors have abused the account creation process of the online trading platform Robinhood to launch a phishing campaign that used emails from Robinhood official mailing account. The emails contained links to phishing sites and passed security checks. Robinhood stated that no accounts or funds were compromised and has since removed the vulnerable “Device” field.
• Trellix, a major endpoint security and XDR vendor, was hit by a source code repository breach after attackers accessed a portion of its internal code. The company engaged forensic experts and law enforcement and claims it has found no evidence of product tampering, pipeline compromise, or active exploitation so far.

AI THREATS

• Researchers pinpointed CVE-2026-26268, a flaw in Cursor’s coding environment that enables remote code execution when its AI agent interacts with a cloned malicious repository. The attack chains Git hooks and bare repositories to run attacker scripts, risking exposure of source code, tokens, and internal tools.
• Researchers exposed Bluekit, a phishing-as-a-service platform that bundles 40-plus templates and an AI Assistant using GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The AI-assisted toolkit centralizes domain setup, realistic login clones, anti-analysis filters, real-time session monitoring, and Telegram-based exfiltration.
• Researchers demonstrated an AI-enabled supply chain attack in which Anthropic’s Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous crypto trading project. The hidden dependency siphoned credentials, planted persistent SSH access, and stole source code, enabling wallet takeover.

VULNERABILITIES AND PATCHES

• Microsoft has fixed a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept showing attackers could add credentials and impersonate privileged identities.
• cPanel has addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that is being actively exploited in the wild as a zero-day, and allows full administrative control without credentials. Patches were issued on April 28, and Shadowserver observed 44,000 internet addresses scanning or attacking decoy systems.

Check Point IPS provides protection against this threat (cPanel Authentication Bypass (CVE-2026-41940))

• Google has released patches for a critical code execution flaw in the Gemini CLI and its GitHub Action that allowed outsiders to run commands on build servers in CI/CD pipelines. The issue automatically trusted workspace files during automated jobs, allowing malicious pull requests to trigger code execution.
• LiteLLM proxy versions 1.81.16 to 1.83.6 are affected by CVE-2026-42208, a critical SQL injection flaw used to manage large language model API keys. Attackers can read and potentially alter the proxy database, with exploitation attempts observed about 36 hours after disclosure.

Check Point IPS provides protection against this threat (LiteLLM SQL Injection (CVE-2026-42208))

THREAT INTELLIGENCE REPORTS

• Check Point Research has revealed that the VECT 2.0 ransomware effectively acts as a data wiper across Windows, Linux, and ESXi. A critical encryption mistake discards required decryption information for files larger than 128 KB, making recovery impossible even after payment.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat

• Researchers analyzed a Mirai-based botnet campaign targeting Brazilian internet providers, abusing TP-Link Archer AX21 routers via CVE-2023-1389 and open DNS servers for high-volume amplification attacks. Leaked files linked control activity to infrastructure and SSH keys associated with DDoS mitigation firm Huge Networks.
• Researchers uncovered a large-scale phishing campaign, dubbed AccountDumpling, that abuses Google AppSheet email services to hijack Facebook accounts. The operation was linked to Vietnam based attackers and is using cloned support pages, reward lures, and live 2FA collection, compromising over 30,000 users and monetizing stolen access through Telegram.
• Researchers documented a TeamPCP supply chain campaign that compromised four SAP npm packages used in cloud development workflows. The malicious installers harvested developer and cloud credentials across GitHub, npm, and major providers, enabling propagation and downstream compromises before the packages were removed.

The post 4th May – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 27th April, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens enabled unauthorized access through a connected app. The company reported access to employee information, internal logs, and a subset of environment variables, while stating that the most sensitive secrets were not included.
• France Titres, France’s authority for identity and registration documents, has detected a data breach on April 15. The incident may have exposed names, birth dates, email addresses, login IDs, and some physical addresses and phone numbers. A hacker has offered purported agency data for sale on the dark web.
• UK Biobank, a UK research organization, has confirmed a breach after de-identified health data on 500,000 volunteers was advertised for sale on Chinese marketplaces. Officials said listings were removed and believed unsold, while access was suspended, the research platform was shut down, and download limits were imposed.
• Bitwarden, a popular password manager, has suffered a supply-chain attack after a malware-tainted CLI release was published to npm on April 22. Bitwarden said 334 developers installed version 2026.4.0 during a brief window, potentially exposing credentials after a hijacked GitHub account was abused, while vault data remained unaffected.

AI THREATS

• Researchers have flagged unauthorized access to Anthropic’s Claude Mythos Preview, an unreleased AI cyber model, through a third-party vendor environment. A small Discord group reportedly used shared contractor accounts, API keys, and predictable URLs to reach the system. Anthropic said it is investigating and has not seen impact to core systems.
• Researchers observed Bissa Scanner, an AI-assisted exploitation platform using Claude Code and OpenClaw to support mass scanning, exploitation, and credential harvesting. The focus of the operation was exploitation of React2Shell (CVE-2025-55182), while it scanned millions of targets, confirmed over 900 compromises, and collected tens of thousands of exposed environment files.
• Researchers highlighted a prompt-injection exploit chain in Google’s Antigravity agentic IDE that enabled sandbox escape and remote code execution. The flaw abused a file search tool that ran before security checks, letting attackers convert a benign prompt into system compromise, even in Secure Mode. The vulnerability was patched by Google.

VULNERABILITIES AND PATCHES

• Microsoft issued out-of-band fixes for CVE-2026-40372, a critical ASP.NET Core privilege escalation flaw rated 9.1. A bug in Data Protection versions 10.0.0 to 10.0.6 could let attackers forge cookies and antiforgery tokens, impersonate users, and gain SYSTEM-level access on Linux or macOS deployments.
• Apple released fixes for CVE-2026-28950 in iOS and iPadOS, a Notification Services bug that retained deleted alerts and allowed recovery of sensitive message previews. The flaw affected many iPhone and iPad models, enabled forensic access with device possession and allegedly allowed law enforcement agencies access to incoming messages from encrypted messaging apps.
• LMDeploy is affected by CVE-2026-33626, a high-severity server-side request forgery flaw in the open-source toolkit for deploying large language models. Active exploitation began within 13 hours of disclosure, with attackers abusing the image loader to reach cloud metadata, probe internal services, and support lateral movement.
• End of life D-Link DIR-823X routers are affected by CVE-2025-29635, a remote code execution flaw exploited to deploy a Mirai-based botnet. Akamai reported that attackers are sending requests which fetch and run scripts to conscript devices for denial of service attacks, with no patches expected for the affected models.

Check Point IPS provides protection against this threat (D-Link DIR-823X Command Injection (CVE-2025-29635))

THREAT INTELLIGENCE REPORTS

• Check Point Research has analyzed The Gentlemen ransomware-as-a-service operation, a group that emerged in 2025 and offers encryptors for Windows, Linux, NAS, BSD, and ESXi systems. The report details its underground recruitment, leak site model, Tox-based negotiations, and SystemBC proxy infrastructure used for persistence and access.
• Researchers mapped a Mustang Panda espionage campaign targeting India’s banking sector and South Korean policy circles, deploying the updated LOTUSLITE backdoor. The group used HDFC-themed help files and fake banking pop-ups, and leveraged DLL sideloading to install the malware.
• Researchers uncovered a supply-chain attack that inserted credential-stealing malware into Checkmarx developer tools on Docker Hub and Visual Studio Code, including KICS images downloaded over five million times. The malware collects cloud and developer credentials and spreads through stolen GitHub tokens and workflows, with TeamPCP suspected.
• Researchers tracked a coordinated malvertising campaign abusing Google Ads to impersonate major cryptocurrency platforms like Uniswap, Morpho, and Ledger. The operation uses Google-hosted redirect pages, cloaking, and cloned sites to deploy wallet drainers, seed phrase theft pages, and fake extensions, resulting in at least $1.27 million stolen.

The post 27th April – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data linked to some customers. Exposed information included names, email addresses, phone numbers, physical addresses, and booking details, creating phishing risk, while the company reset reservation PINs and notified affected users.
• McGraw-Hill, a global educational publisher, has disclosed a data breach following an extortion attempt after attackers accessed its Salesforce environment. Leaked data from about 13.5 million accounts includes names, email addresses, phone numbers, and physical addresses, while no payment card information was reported exposed.
• EssentialPlugin, a WordPress plugins development firm, has suffered a supply chain compromise that pushed malicious updates to more than 30 plugins installed on thousands of websites. The backdoored code enabled unauthorized access and spam page creation, and WordPress.org closed the affected plugins while infections may remain.
• Basic-Fit, Europe’s largest gym chain, has reported a data breach after attackers accessed a franchise-wide system used to track club visits. The incident exposed bank account details and personal data for about one million members across six countries, while passwords and identity documents were not affected.

AI THREATS

• Researchers unveiled that a lone hacker weaponized Claude Code and OpenAI’s GPT-4.1 to breach nine Mexican government agencies. AI-driven commands accelerated reconnaissance, issuing 5,317 actions across 34 sessions and accessing 195 million taxpayer records and 220 million civil records, after safety filters were bypassed through prompt manipulation and an injected hacking manual.
• Researchers detailed a phishing campaign that impersonates Anthropic’s Claude AI with a fake Claude Pro installer for Windows. The package displays a working application to distract victims while abusing a trusted program to sideload PlugX malware, enabling remote access and persistence on compromised systems.
• Researchers demonstrated a prompt injection technique that hijacks AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can make the agents run commands and expose repository secrets, including access tokens and API keys, during automated development tasks.

VULNERABILITIES AND PATCHES

• CISA warns of active exploitation of Apache ActiveMQ vulnerability CVE-2026-34197, a high-severity code injection flaw that allows remote code execution. The vulnerability carries a CVSS score of 8.8 and has been addressed by Apache in versions 5.19.4 or 6.2.3.

Check Point IPS provides protection against this threat (Apache ActiveMQ Code Injection (CVE-2026-34197))

• Splunk has released fixes for CVE-2026-20204, a high-severity vulnerability in Splunk Enterprise and Cloud Platform. The flaw can let a low-privileged user upload a malicious file to a temporary directory and achieve remote code execution, while two additional medium-severity issues were also addressed.
• As part of its Patch Tuesday, Microsoft has patched CVE-2026-33825, one of three actively-exploited Microsoft Defender zero-days dubbed BlueHammer, RedSun, and UnDefend that were revealed by a security researcher. The vulnerabilities allow local privilege escalation as well as denial of service, and researchers said exploitation began in April after the vulnerabilities were revealed.
• CISA has flagged the vulnerability CVE-2025-60710, a Windows Task Host privilege escalation flaw affecting Windows 11 and Windows Server 2025, as being actively exploited in attacks. The vulnerability allows a local attacker to gain SYSTEM privileges on a compromised device.

THREAT INTELLIGENCE REPORTS

• Check Point Research have documented 2026 Q1 brand impersonation phishing focused on Microsoft, Apple, Google, and Amazon, which accounted for nearly half of observed attempts. The research shows attackers using lookalike subdomains, QR-based WhatsApp lures, and fake Adobe installers to steal credentials and compromise devices.
• Researchers uncovered ZionSiphon, malware designed to target industrial control environments at water treatment and desalination facilities in Israel. The report says the code is configured for operational technology systems and reflects continued attacker interest in critical infrastructure, especially utilities with exposed or weakly defended networks.
• Researchers identified more than 1,250 active command and control servers distributed across 165 Russian hosting providers between January and April 2026. The infrastructure supported malware campaigns involving traffic redirection systems, IoT botnets including Hajime, Mozi, and Mirai, and repurposed tools such as Cobalt Strike.
• Researchers observed a fake “Ledger Live” app on Apple’s App Store that stole more than $9.5 million from over 50 cryptocurrency users within a week. The app harvested wallet credentials, drained funds across Bitcoin, Ethereum, Solana, Tron and XRP, and routed proceeds through KuCoin deposit addresses and the AudiA6 mixer, complicating recovery.

The post 20th April – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 13th April, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• The Los Angeles Police Department has reported a data breach involving a digital storage system used by the L.A. City Attorney’s Office. The exposure included 7.7 terabytes and more than 337,000 files, including personnel records, internal affairs material, and unredacted personal information.
• ChipSoft, a Dutch healthcare software vendor whose HiX platform is used by hospitals across the Netherlands, has suffered a ransomware attack that forced it to disable patient and provider services. Multiple hospitals disconnected from its systems, disrupting operations, and the company warned that the threat actor may have gained unauthorized access to patient data.
• Ransomware group Qilin has taken responsibility for a cyber-attack targeting German political party Die Linke, which forced the party to shut down its IT infrastructure in late March. The party said membership databases were unaffected, while Qilin threatens to leak stolen sensitive employee and party information.

Check Point Endpoint and Threat Emulation provide protection against these threats (Ransomware.Wins.Qilin*)

• Bitcoin Depot, a US cryptocurrency ATM operator with more than 25,000 kiosks and checkout locations, has disclosed a cyberattack that allowed attackers to steal credentials tied to digital asset settlement accounts. The attackers transferred more than 50 BTC worth more than $3.6M from company-controlled wallets before access was blocked.

AI THREATS

• Researchers identified GrafanaGhost, an attack against Grafana’s AI components that can silently exfiltrate enterprise data by chaining indirect prompt injection with image URL validation bypass. The technique can expose financial, infrastructure, and customer information in the background, and Grafana has already addressed the weakness.
• Researchers outlined AI Agent Traps, a framework describing six web-based attack classes that can manipulate autonomous AI agents through malicious content. The methods can inject hidden instructions, poison reasoning, corrupt memory, and steer tool use, showing how web pages can turn agent workflows into attack surfaces.
• Researchers measured a growing AI supply chain risk, finding that third-party API routers for AI models can hijack agent tool calls to alter commands and steal credentials. In testing, several routers injected malicious code, abused intercepted cloud keys, and even triggered wallet theft from a researcher environment.

VULNERABILITIES AND PATCHES

• CISA warns of active exploitation of Ivanti CVE-2026-1340, a critical code injection flaw in Endpoint Manager Mobile that allows unauthenticated remote code execution and full compromise of affected servers. The vulnerability carries a CVSS score of 9.8, affects multiple 12.5 through 12.7 releases, and has been exploited in the wild.

Check Point IPS provides protection against this threat (Ivanti Endpoint Manager Mobile Code Injection (CVE-2026-1340))

• Adobe Reader is affected by an actively exploited zero-day that uses malicious PDF files to invoke privileged features on fully updated systems, enabling local data theft. Researchers said the activity has run since at least December 2025, uses Russian-language oil and gas lures, and may also enable further compromise.
• Marimo maintainers released a fix for CVE-2026-39987, a critical remote code execution flaw in the Marimo Python notebook that allowed attackers to open a terminal without authentication and run commands. Exploitation was observed within hours of disclosure against internet-exposed instances, and fixes are available in version 0.23.0.
• Fortinet has fixed CVE-2026-35616, a critical improper access control flaw in FortiClient EMS that enables unauthenticated code or command execution through crafted requests. The issue been actively exploited in the wild, prompting Fortinet to release an emergency hotfix.

THREAT INTELLIGENCE REPORTS

• Check Point Research have analyzed March 2026’s threat landscape, with organizations averaging 1,995 weekly attacks. Education remained the most targeted sector, ransomware rose to 672 incidents led by Qilin, Akira, and DragonForce, and GenAI exposure remained high across enterprise environments.
• Researchers discovered a coordinated software supply chain campaign that planted 36 malicious npm packages impersonating Strapi plugins. The packages executed on installation to search for secrets, maintain command and control, and in some cases enable Redis remote code execution, credential harvesting, and direct PostgreSQL exploitation.
• Researchers linked Storm-1175, a financially motivated group associated with Medusa ransomware, to high-velocity exploitation of n-day and zero-day flaws. Microsoft said the actor moves quickly from initial access to data theft and ransomware deployment, sometimes weaponizing vulnerabilities within a day and heavily impacting healthcare, education, finance, and services.
• Researchers identified a hack-for-hire campaign linked to BITTER APT that targeted journalists, activists, and government figures across the Middle East and North Africa. The operators used phishing to access iCloud backups and Signal accounts, and deployed Android spyware disguised as messaging applications to take over victim devices.

The post 13th April – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft, while websites and internal systems remained operational.
• Global toys and games manufacturing giant Hasbro has disclosed a cyberattack after detecting unauthorized access to its network on March 28. Some systems were taken offline, and the company warned that recovery could take weeks and cause delays.
• Cryptocurrency trading platform Drift Protocol on Solana has suffered a major breach after an attacker gained enough Security Council approvals to execute pre-signed transactions on April 1. Drift said roughly $280 million was affected, froze platform activity, and stated the incident did not involve a smart contract flaw or seed phrase compromise.
• Luxury camping providers Roan and Eurocamp have experienced a data breach that exposed guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are using the stolen data in WhatsApp payment scams, while the companies said the flaw was patched and no passwords or payment data were taken.

AI THREATS

• Check Point Research demonstrated a hidden outbound channel in ChatGPT’s execution runtime that enabled silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS.
• Check Point warns that based on leaked details about Anthropic’s Claude “Mythos”, the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. The new capabilities could sharply reduce time to exploit and make advanced offensive techniques more broadly accessible.
• Researchers examined six AI agents and found that impersonation and fabricated urgency can push them to disclose data or take harmful actions. In testing, an agent forwarded 124 emails containing personal and financial details, while others deleted files and reassigned admin access.
• Researchers observed a flaw in Google Cloud’s Vertex AI Agent Engine that could let attackers extract service agent credentials and pivot into customer projects. The exposed privileges enabled access to storage and Artifact Registry resources, and permissive OAuth scopes also increased the risk of wider Google Workspace exposure.

VULNERABILITIES AND PATCHES

• Cisco released urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller software used across ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover.
• Researchers discovered CVE-2026-5281, a zero-day memory flaw in Chrome’s WebGPU component, Dawn, that also impacts Edge, Brave, Opera, and other Chromium-based browsers. The vulnerability is being actively exploited and can enable code execution on user systems, prompting inclusion in CISA’s Known Exploited Vulnerabilities catalog.
• Progress has addressed two critical ShareFile vulnerabilities, including CVE-2026-2699 with a CVSS score of 9.8, that can be chained for unauthenticated remote code execution. The flaws let attackers reach restricted configuration pages and upload arbitrary files to the server without logging in to affected installations.
• F5 reclassified CVE-2025-53521, a BIG-IP Access Policy Manager vulnerability, as a critical remote code execution flaw under active exploitation. More than 14,000 internet-exposed systems were still visible online, and the company published indicators of compromise and rebuild guidance for affected devices.

THREAT INTELLIGENCE REPORTS

• Check Point Research has unmasked TrueChaos, a campaign exploiting a 0-day vulnerability (CVE-2026-3502) in TrueConf’s on-premises update process to push malicious updates to Southeast Asian government networks. Attackers delivered Havoc payloads through trusted servers, and the activity was assessed with moderate confidence as being affiliated with a Chinese nexus.
• Check Point Research have outlined an Iran-nexus password-spraying campaign against Microsoft 365 in the Middle East, conducted in three waves during March. The activity focused on Israel and the UAE, targeting municipalities and using Tor and VPN infrastructure to evade geofencing and complicate attribution.
• Check Point Research have uncovered coordinated tax-season phishing and malware activity, with hundreds of newly registered tax-themed domains and rising risk levels. In March 2026, one in ten new domains was flagged as risky, while IRS-impersonating sites harvested personal data and Spain-themed emails delivered malware loaders.
• Researchers documented a supply chain compromise of the Axios npm package, a widely used HTTP client with millions of monthly downloads, that briefly pushed malicious releases delivering a remote access trojan. The tampered versions used a hidden dependency to fetch a second-stage payload and erase traces after installation.

The post 6th April – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Iranian state-affiliated threat group Handala Hack has breached FBI director’s Patel’s personal Gmail account and leaked many personal photos and documents. This follows the FBI’s seizure of domains related to Handala Hack’s activity last week, due to the group’s sustained targeting of Israeli and American entities, which increased during the ongoing Iran conflict.
• Spain’s Port of Vigo in Galicia has suffered a ransomware attack that forced officials to disconnect parts of its network and switch cargo handling to manual processes. The incident locked equipment and disrupted digital logistics, while physical ship movement could continue without digital communication.
• The Netherlands’ Ministry of Finance has confirmed a March 19 cyberattack that breached internal systems in its policy department and disrupted work for some employees. Authorities blocked access to affected environments, while tax, customs, and benefits services remained unaffected and no threat actor publicly claimed responsibility for the attack.
• Decentralized finance platform Resolv has suffered a cyberattack after a compromised private key let an attacker mint about $80 million in uncollateralized USR tokens and swap them for 11,408 ETH worth $24.5 million. Resolv confirmed the incident, paused the app, and offered a 10% bounty for returned funds.

AI THREATS

• Researchers demonstrated a supply chain compromise of LiteLLM, a Python library linking apps to major AI services, after attackers hijacked a security tool and pushed malicious releases on March 24. The tainted packages harvested API keys and cloud credentials, creating downstream exposure for widely used AI projects.
• Researchers outlined three high-severity vulnerabilities in LangChain and LangGraph, open-source frameworks for building AI assistants, that could expose files, environment secrets, and prior conversations. The flaws enabled arbitrary file access, secret leakage, and SQL injection in checkpointing, and patches were issued in updated components.
• Researchers identified a zero-click flaw in Anthropic’s Claude Chrome extension that let any website silently inject prompts and control the assistant. The attack combined an overly permissive trusted domain list with a scripting bug in Arkose Labs CAPTCHA handling, enabling token theft, chat access, and email actions.

VULNERABILITIES AND PATCHES

• Cisco has addressed CVE-2026-20131, a CVSS 10 vulnerability in Secure Firewall Management Center that lets unauthenticated attackers execute code as root through the web interface. Cisco confirmed attempted exploitation in March 2026 and released fixes, while on-premises customers have no workaround beyond applying the updates.

Check Point IPS provides protection against this threat (Cisco Secure Firewall Management Center Insecure Deserialization (CVE-2026-20131))

• TP-Link has issued firmware updates addressing CVE-2025-15517 and related critical flaws in Archer NX200, NX210, NX500, and NX600 5G Wi-Fi routers. Attackers could access administrative functions without logging in, upload rogue firmware, execute system commands, and more.
• Citrix has released patches for CVE-2026-3055 and CVE-2026-4368 affecting NetScaler ADC and Gateway. The critical memory flaw can expose sensitive data in SAML Identity Provider deployments, while the second bug can mix up user sessions on gateways, creating confidentiality and access risks.

Check Point IPS provides protection against this threat (Citrix NetScaler Out Of Bounds Read (CVE-2026-3055))

• Researchers warn that a leaked ‘DarkSword’ iOS exploit chain enables no-click attacks via Safari, threatening up to 270 million unpatched iPhones and iPads. The code eases copycat attacks and has seen use, while Apple issued fixes, including March 11 emergency updates for iOS 15 and 16.

THREAT INTELLIGENCE REPORTS

• Researchers revealed that cybercriminals are abusing Keitaro, a commercial adtech tracker, to distribute phishing, scams, and malware at scale. Infoblox linked the platform to major malvertising and spam operations, including campaigns impersonating Canadian banks, logistics brands, government services, and high-trust retail providers.
• Researchers analyzed three China-aligned activity clusters targeting a Southeast Asian government in a coordinated espionage operation. The campaign combined USB propagation, the Hypnosis loader, and the FluffyGh0st RAT, showing how distinct threat clusters can converge on one high-value government target with complementary tooling.
• Researchers have analyzed the activity of Russian threat group APT28 (aka Fancy Bear). The group has recently targeted Ukraine as well as its European defense supply chain partners with a toolset dubbed PRIXMES, which holds both espionage and sabotage capabilities. APT28 exploited multiple vulnerabilities, including zero-days, in its attacks.
• Researchers identified a coordinated adversary-in-the-middle phishing campaign targeting TikTok for Business users who sign in with Google. Attackers deployed proxy login pages that captured passwords and session cookies to bypass multi-factor authentication, with newly registered domains and Cloudflare-hosted infrastructure used to scale impersonation.

The post 30th March – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• Navia Benefit Solutions, a United States-based employee benefits administrator, has disclosed a breach affecting more than 2.6 million individuals after unauthorized access and potential data exfiltration occurred between December 22, 2025 and January 15, 2026. Exposed information may include personal, health, and benefits data.
• Identity protection firm Aura was breached after a phone phishing attack let an intruder access an employee account and a marketing platform. The actor obtained about 900,000 records, mostly names and emails, while the core systems and identity protection services were not compromised.
• Puerto Rico Aqueduct and Sewer Authority, which manages the territory’s water supply, has confirmed a cyberattack that exposed customer and employee information. The authority said critical infrastructure was not affected because network segmentation separated operational systems, limiting the incident to business data and administrative environments.
• Intuitive, a United States-based robotic surgery company, has suffered a data breach after a targeted phishing incident led to a compromised employee account. Exposed information includes customer contact details, employee data, and corporate records, while the company said its da Vinci and Ion platforms were unaffected.

AI THREATS

• Check Point Research highlighted the key developments and major trends in the AI threat ecosystem during January – February 2026. The report focuses on the transition to the agentic era by the threat actors, where development is shifting from simple prompting to structured workflows, attack chains are evolving from human-led to AI-led operations, and safeguard bypass techniques are increasingly beginning to exploit agent mechanisms.
• Researchers have discovered three chained flaws in Anthropic’s Claude.ai, enabling invisible prompt injection, silent exfiltration of conversation history through the Files API, and redirection through an open redirect. Anthropic patched the injection issue and is addressing the remaining weaknesses, while the chain enables stealthy data theft.
• Researchers have witnessed exploitation of CVE-2026-33017, a critical unauthenticated remote code execution flaw in Langflow, an open-source framework for AI agents and retrieval-augmented generation pipelines. Attackers weaponized the bug within 20 hours of disclosure, allowing arbitrary Python execution on exposed instances through a single crafted request.

Check Point IPS provides protection against this threat (Langflow Remote Code Execution (CVE-2026-33017))

VULNERABILITIES AND PATCHES

• ConnectWise has patched CVE-2026-3564, a critical cryptographic signature verification flaw in ScreenConnect, its remote access platform used by managed service providers and IT teams. The issue could let attackers use extracted machine keys to authenticate sessions without authorization and gain elevated privileges on affected instances
• Ubiquiti has addressed CVE-2026-22557, a maximum-severity flaw in the UniFi Network Application used to manage access points, switches, and gateways. The unauthenticated path traversal bug affects version 10.1.85 and earlier and can let attackers access files, compromise accounts, and potentially seize control of underlying systems.
• Zimbra warns of active exploitation of CVE-2025-66376, a stored cross-site scripting flaw in Zimbra Collaboration Suite that was recently patched. Malicious emails can execute code when viewed in the Classic UI, exposing session cookies and mailbox data, while patched versions include 10.1.13 and 10.0.18, following warnings about real-world abuse.
• GNU InetUtils telnetd is affected by CVE-2026-32746, a CVSS 9.8 remote code execution flaw impacting all versions up to 2.7. Attackers can trigger the issue with a single Telnet connection without logging in, potentially gaining root control on exposed Linux, IoT, and industrial systems before a patch arrives.

Check Point IPS provides protection against this threat (GNU inetutils Buffer Overflow (CVE-2026-32746))

THREAT INTELLIGENCE REPORTS

• Check Point researchers have analyzed recent developments in the Telegram cybercrime scene, after the company had bolstered its moderation tools due to extensive criticism of allowing criminal behavior. Data shows that despite Telegram’s efforts, it is still the primary platform for cybercrime communication, with activity only growing.
• Researchers identified an Interlock ransomware campaign exploiting CVE-2026-20131, a critical flaw in Cisco Secure Firewall Management Center that enables remote code execution. The group used the zero-day as early as January, several weeks before it was patched and publicly disclosed by Cisco.
• Researchers revealed that two React Native npm packages, react-native-country-select and react-native-international-phone-number, were backdoored on March 16, 2026, in a coordinated supply-chain attack. A preinstall script deployed credential and crypto theft malware with persistence, while the packages recorded over 130,000 combined downloads over the previous month.
• Researchers have published a threat assessment of MuddyWater, linking the Iranian APT group to spear-phishing and LampoRAT. The report details delivery infrastructure, command-and-control patterns, and victimology.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

The post 23rd March – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• United States-based medical technology company Stryker has suffered a cyberattack that caused a global disruption to its environment. The company said its surgical robotics, clinical communications platform, and life support monitors are safe to use. Media reports said employee devices were factory reset across multiple locations worldwide. Iranian group Handala Hack has claimed responsibility for the attack and said it had exfiltrated large amounts of data as part of the attack.
• Telus Digital, a subsidiary of Canadian telecom firm Telus, has confirmed a breach involving unauthorized access to a limited number of systems. Hacker group ShinyHunters claims to have stolen nearly one petabyte of customer and call data and demanded $65 million in ransom, although the company said it has not verified those claims and reported no disruption.
• Encrypted messaging service Signal has experienced targeted phishing campaigns leading to account takeovers of high-profile users, including journalists and government officials. Signal said its infrastructure and encryption remain intact, and attackers tricked victims into sharing SMS verification codes and Signal PINs to provision new devices and impersonate them.
• Loblaw Companies Limited, Canada’s largest food and pharmacy retailer, has suffered a data breach after hackers accessed part of its IT network. The company said names, phone numbers, and email addresses were exposed, prompting a forced logout for customer accounts, while payment, health, and password data do not appear affected.

AI THREATS

• Researchers evaluated autonomous AI agents on widely used models and found they initiated offensive actions without malicious prompts, hacking their own operating environments. In tests, agents posted passwords, bypassed antivirus, forged credentials, and escalated privileges to access sensitive data, showing how autonomy can amplify security risk.
• Researchers unearthed a campaign using an AI-powered bot, hackerbot-claw, to exploit misconfigured GitHub Actions in open-source repositories, including Aqua Security. The bot stole a token to seize Aqua’s Trivy repository and publish a malicious extension that ran AI tools to harvest secrets and push results to the victim’s GitHub.
• Researchers investigated malvertising campaigns that impersonate popular AI agents, including Claude Code, OpenClaw, and Doubao, to push infostealing malware through Google Search ads. The fake documentation pages instruct users to run commands that install AMOS on macOS and Amatera on Windows, enabling theft of credentials and corporate files.

VULNERABILITIES AND PATCHES

• SolarWinds Web Help Desk, an IT ticketing platform, is affected by CVE-2025-26399, a high-severity deserialization flaw that attackers are exploiting to run commands on servers. Successful exploitation can enable takeover and data theft, and patches are available after the vulnerability was added to CISA’s exploited flaws catalog.

Check Point IPS provides protection against this threat (SolarWinds Web Help Desk Insecure Deserialization (
CVE-2024-28986, CVE-2024-28988, CVE-2025-40553, CVE-2025-26399))

• Google has released an out-of-band Chrome update addressing two high-severity zero-days, CVE-2026-3909 in Skia memory handling and CVE-2026-3910 in V8. Both can be triggered by visiting a malicious site and may enable code execution in the browser.
• The n8n workflow automation platform has fixed CVE-2025-68613, a CVSS 10 remote code execution flaw that is under active exploitation. The issue allows authenticated users to run code and compromise servers, and patches were released in versions 1.120.4, 1.121.1, and 1.122.0.

Check Point IPS provides protection against this threat (n8n Remote Code Execution (CVE-2025-68613))

THREAT INTELLIGENCE REPORTS

• Check Point Research has analyzed the Iranian threat group Handala Hack, a hacktivist persona run by the Void Manticore APT group, which is affiliated with the Iranian Ministry of Intelligence. The group targets IT and VPN infrastructure to gain initial access to victim organizations, before using tools such as NetBird for lateral movement. The group then aims to exfiltrate and wipe victim organizations’ data.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

• Check Point Research has examined Iranian Ministry of Intelligence-linked groups use of criminal tools and services, including Handala Hack deploying Rhadamanthys infostealer alongside wipers against Israeli targets. The report also noted overlaps between MuddyWater activity, Tsundere and DinDoor botnet infrastructure, and CastleLoader certificates.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

• Check Point Research analyzed February 2026 cyber-attacks, as organizations averaged 2,086 weekly attacks, up 9.6% year over year, with education most targeted and Latin America recording the highest volumes. Ransomware totaled 629 incidents, while enterprise GenAI use continued to pose data‑leak risk in 1 of every 31 prompts.
• Check Point Research have analyzed China-nexus espionage campaigns targeting Qatar. A Camaro Dragon campaign attempted to deploy PlugX, while a second operation delivered Cobalt Strike via war-themed lures abusing trusted software targeting government and energy-related entities.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

The post 16th March – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

• AkzoNobel, a Netherlands-based global paint manufacturer, has confirmed a cyberattack affecting one of its United States sites. The company said the intrusion was contained, while the Anubis ransomware group claimed it stole 170 GB of data, including employee and financial records.
• LexisNexis, a global legal data and analytics provider, has suffered a breach. Attackers claimed they stole 3.9 million records, including about 400,000 user profiles and some government accounts, while the company said the exposed systems mainly held legacy pre-2020 data.
• The Wikimedia Foundation, the nonprofit behind Wikipedia, has faced a self-propagating JavaScript worm that vandalized pages and replaced editor scripts across multiple wikis. Engineers briefly restricted editing while cleaning up the incident, with about 3,996 pages modified and roughly 85 users’ personal scripts affected.
• TriZetto Provider Solutions, an American healthcare technology company owned by Cognizant, has disclosed a breach affecting more than 3.4 million people. The exposed data includes insurance and medical information, with notifications issued this week after investigators determined the unauthorized access began in 2024.

AI THREATS

• Researchers outlined how Pakistan-linked APT36 has used AI coding tools to produce large volumes of low-quality malware aimed at Indian government entities and embassies. The group generated variants in less common programming languages and used legitimate cloud services for command channels, complicating detection and response.
• Researchers uncovered AI-themed Chrome and Edge extensions that harvest LLM chat histories and browsing activity. Distributed via the Chrome Web Store, they impersonate legitimate tools and have impacted 900,000 users across 20,000 enterprise environments.
• Researchers tracked a campaign abusing interest in OpenClaw, an AI agent, by planting fake installers on GitHub that appeared in Bing search results. The installers delivered Vidar to steal credentials and cryptocurrency wallets and sometimes deployed GhostSocks, turning infected systems into residential proxies.
• Researchers demonstrated indirect prompt injection campaigns against AI agents that read web content, cataloging 22 techniques across live sites. Hidden instructions can redirect agents to expose data, perform unauthorized transactions, and run server commands, and the researchers also observed a real-world bypass of an AI ad review system.

VULNERABILITIES AND PATCHES

• Google has published patches for CVE-2026-0628, a high-severity vulnerability in Chrome’s Gemini AI panel that allowed malicious extensions to inject code and access cameras and microphones. Researchers showed attackers could also take screenshots, access local files, and launch phishing content inside the panel.
• A patch was released for CVE-2026-1492, a critical (9.8 CVSS) privilege escalation flaw in the User Registration & Membership WordPress plugin. The vulnerability lets unauthenticated attackers create administrator accounts and take over sites.
• VMware has patched CVE-2026-22719, a high-severity command injection flaw in Aria Operations, its cloud management platform. The vulnerability allows unauthenticated remote code execution during support-assisted migrations and affects versions 8 through 8.18.5 and 9 through 9.0.1, with patches and a workaround script available.
• Qualcomm has addressed CVE-2026-21385, a memory corruption vulnerability affecting chipsets used in Android phones, tablets, and IoT devices. The flaw can trigger crashes and potentially allow code execution, and CISA said evidence of active exploitation prompted its addition to the Known Exploited Vulnerabilities catalog.

THREAT INTELLIGENCE REPORTS

• Check Point Research have mapped Iran-linked cyber clusters conducting espionage, disruption, and influence operations, including Cotton Sandstorm, Educated Manticore, MuddyWater, Handala, and Agrius. Recent campaigns used impersonation and phishing to steal credentials, remote access tools to persist, and wipers or fake ransomware for impact.
• Check Point Research revealed that, amid the ongoing conflict with Iran, IP cameras in Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus have been intensively targeted. Notably, these countries have also experienced significant missile activity from Iran. The findings align with the assessment that Iran incorporates compromised cameras into its operational doctrine, using them both to support missile operations and to conduct ongoing battle damage assessment (BDA).
• Check Point Research has profiled Silver Dragon, a Chinese-aligned group linked to APT41 that targeted government and enterprise networks across Southeast Asia and Europe. Recent operations used the GearDoor backdoor with SSHcmd and SilverScreen, enabling remote access, covert screen capture, and stealthy control after phishing and server exploitation.

Check Point Harmony Endpoint and Threat Emulation provide protection against these threats

• Researchers have uncovered Coruna, an iPhone exploit kit used by Chinese scammers and Russia-linked operators to compromise devices through malicious websites. The toolkit used 23 exploits against iOS and deployed malware that stole cryptocurrency, emails, and photos.

The post 9th March – Threat Intelligence Report appeared first on Check Point Research.