The financial sector experienced an unprecedented rise in cyber incidents in 2025, with attacks more than doubling from 864 in 2024 to 1,858 in 2025. This acceleration reflects a dramatic shift in threat actor behavior, ranging from ideologically-motivated disruptions to commercialized cyber crime as a service. Below is a concise snapshot of the three dominant trends before we unpack them in detail. Quick Overview of Key Trends DDoS attacks surged 105%, driven by coordinated hacktivist campaigns targeting high visibility financial platforms and services. Data breaches & leaks jumped 73%, exposing persistent weaknesses in cloud security, identity governance, and third party […]

The post The Three Most Disruptive Cyber Trends Impacting the Financial Industry Today appeared first on Check Point Blog.

At Check Point, our partners are more than collaborators. They are the driving force behind our customers’ success, our innovation, and our ability to stay ahead of today’s rapidly evolving cyber threat landscape. This year, we are thrilled to recognize an extraordinary group of partners who demonstrated exceptional performance, growth, technical excellence, and commitment to helping organizations stay secure. These awards celebrate not just results, but leadership, trust, and the relentless pursuit of excellence. We are proud to announce the 2025 Americas Partner Award winners: Partner of the Year: World Wide Technology Latin America Partner of the Year: NTSec Group […]

The post Celebrating Check Point’s 2025 Americas Partner Award Winners appeared first on Check Point Blog.

Security programs are being asked to defend increasingly complex environments against cyber attacks that are faster, more automated, and harder to isolate. The past year of attacks reveals a measurable shift in how adversaries operate, coordinate, and scale across enterprise environments.  The Cyber Security Report 2026 is based on direct analysis of global attack activity spanning AI driven attacks, ransomware operations, hybrid environments, and multi channel social engineering. It documents how these techniques are being executed in practice, at scale, across industries and regions. The data points to a clear pattern. Attacks have moved beyond isolated methods, deliberately combining AI, identity abuse, ransomware, edge […]

The post The Trends Defining Cyber Security in 2026: Cyber Security Report 2026 appeared first on Check Point Blog.

The cyber security industry faces a critical challenge: a growing skills gap that leaves organizations exposed to increasingly sophisticated threats. Businesses need qualified professionals who can secure systems and respond effectively, but finding and training those experts remains a global concern. To address this challenge, Infinity Global Services, which delivers practical learning designed to build real-world cyber security expertise, has partnered with CompTIA, a global leader in IT and cyber security education. This collaboration combines Infinity Global Services’ hands-on training approach with CompTIA’s globally recognized certifications, creating a powerful pathway for professionals to advance their careers and organizations to build […]

The post Closing the Cyber Security Skills Gap: Check Point Partners with CompTIA appeared first on Check Point Blog.

Cyber security is often framed as a problem for enterprises, governments, and seasoned professionals. But by the time organizations begin searching for talent, the damage has often already been done. Threat actors don’t wait for workforce pipelines to catch up and our approach to cyber security education shouldn’t either. Today’s digital threats target schools, hospitals, municipalities, and small businesses just as aggressively as large enterprises. Ransomware attacks shut down classrooms. Phishing campaigns exploit young users as easily as experienced employees. Yet cyber security education is still treated as a late-stage specialization, introduced only when individuals enter the workforce or pursue […]

The post Building Cyber Readiness Early: Why Youth Education Is a Security Necessity appeared first on Check Point Blog.

Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat actor active since at least 2014. Historically, KONNI focused on South Korean diplomatic, academic, and government-linked targets, using geopolitical themes as phishing lures. This latest activity marks a clear shift. In the current campaign, KONNI targets software developers and engineering teams, particularly those involved in blockchain and cryptocurrency projects. The lures are designed to resemble legitimate project documentation, indicating an effort to compromise individuals with access to valuable technical infrastructure rather than traditional political targets. The campaign stands out for two reasons: its expanded geographic […]

The post AI-Powered North Korean Konni Malware Targets Developers appeared first on Check Point Blog.

Overview This report describes a phishing campaign in which attackers abuse Microsoft Teams functionality to distribute phishing content that appears to originate from legitimate Microsoft services. The attack leverages guest invitations and phishing-themed team names to impersonate billing and subscription notifications, encouraging victims to contact a fraudulent support phone number. Campaign scale Total phishing messages: 12,866 Daily average: 990 Affected customers: 6,135 Method of attack The attacker begins by creating a new team in Microsoft Teams and assigning it a malicious, finance-themed name designed to resemble an urgent billing or subscription notice. An example of the naming pattern observed includes […]

The post Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users appeared first on Check Point Blog.

Of course, organizations see risk. It’s just that they struggle to turn insight into timely, safe action. That gap is why exposure management has emerged, and also why it is now becoming a foundational security discipline. What the diagram makes clear is that risk doesn’t stay flat while organizations deliberate. From the moment an exposure is discovered and is reachable, exploitable, and known – the clock starts ticking. As time passes, environments change, dependencies grow, and attackers adapt faster. Remediation workflows fall behind. Manual coordination, unclear ownership, and fear of disruption all extend what is increasingly referred to as ‘exposure […]

The post Why Exposure Management Is Becoming a Security Imperative appeared first on Check Point Blog.

Check Point Research has identified VoidLink, one of the first known examples of advanced malware largely generated using artificial intelligence. Unlike earlier AI-assisted malware, which was typically low-quality or derivative, VoidLink demonstrates a high level of sophistication and rapid evolution. AI dramatically accelerated development, enabling what appears to be a single actor to plan, build, and iterate a complex malware framework in days rather than months. This marks a turning point: AI is no longer just supporting malware development. It is actively reshaping how advanced threats are created. Defenders must adapt, as AI lowers the barrier to high-complexity attacks and […]

The post VoidLink Signals the Start of a New Era in AI-Generated Malware appeared first on Check Point Blog.

In Q4 2025, Microsoft once again ranked as the most impersonated brand in phishing attacks, accounting for 22% of all brand phishing attempts, according to data from Check Point Research. This continues a multi-quarter trend in which attackers increasingly abuse trusted enterprise and consumer brands to harvest credentials and gain initial access. Google followed in second place with 13%, while Amazon climbed into third position at 9%, fueled by Black Friday and holiday sales, overtaking Apple. After a prolonged absence, Facebook (Meta) re-entered the top 10, landing in fifth place, highlighting renewed interest among attackers in social media account takeover. […]

The post Microsoft Remains the Most Imitated Brand in Phishing Attacks in Q4 2025 appeared first on Check Point Blog.

Executive Summary Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The exploitation campaign is attributed to the RondoDox botnet and escalated rapidly to tens of thousands of automated attack attempts. Check Point blocked tens of thousands of exploitation attempts through its security infrastructure, highlighting both the severity of the risk and the importance of layered defenses. Check Point reported the active exploitation to CISA on January 7, 2026, and the vulnerability was added to the Known Exploited Vulnerabilities KEV catalog the same day. Organizations running HPE OneView should patch immediately […]

The post Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability appeared first on Check Point Blog.

In December 2025, organizations experienced an average of 2,027 cyber attacks per organization per week. This represents a 1% month-over-month increase and a 9% year-over-year increase. While overall growth remained moderate, Latin America recorded the sharpest regional increase, with organizations experiencing an average of 3,065 attacks per week, a 26% increase year over year. The data points to sharper regional and sector-level spikes in activity, driven primarily by ransomware operations and expanding exposure linked to enterprise adoption of generative AI (GenAI). Latin America experienced the sharpest rise in cyber attacks globally, with organizations in the region facing an average of […]

The post Latin America Sees Sharpest Rise in Cyber Attacks in December 2025 as Ransomware Activity Accelerates appeared first on Check Point Blog.

Key Points: VoidLink is a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints. It reflects a shift in attacker focus away from Windows systems toward the Linux environments that power cloud services and critical operations. Its modular, plug-in-driven design allows threat actors to customize capabilities over time, expanding attacks quietly as objectives evolve. Adaptive stealth enables it to operate differently depending on defenses, prioritizing evasion in monitored environments and speed where visibility is limited. Check Point Research has identified a new and highly advanced malware framework, VoidLink, designed specifically to […]

The post VoidLink: The Cloud-Native Malware Framework Weaponizing Linux Infrastructure appeared first on Check Point Blog.

Today’s security teams work in complex, multi-tool environments. Alerts flow from SIEMs, tickets are created in ITSM platforms, actions occur in cloud and network controls, and workflows span countless third-party services. To keep pace, automation must be open, flexible, and seamlessly connected across every system that matters. We’re excited to introduce two powerful new capabilities in Infinity Playblocks that take us one step closer to a truly open automation ecosystem: API Request Step and Webhook Trigger. Together, they unlock a new open garden approach to security automation – where Infinity Playblocks seamlessly integrates with any system, inbound or outbound, without […]

The post Opening the Automation Garden: API Request & Webhook Trigger in Infinity Playblocks appeared first on Check Point Blog.

Executive Summary The OPCOPRO “Truman Show” operation is a fully synthetic, AI‑powered investment scam that uses legitimate Android and iOS apps from the official mobile app stores, and AI‑generated communities to steal money and identity data from victims. Instead of relying on malicious code, the attackers use social engineering. The attackers pull victims using phishing SMS/ads/Telegram into tightly-controlled WhatsApp and Telegram groups, where AI‑generated “experts” and synthetic peers simulate an institutional‑grade trading community for weeks before any money or personal details are requested. The mobile apps themselves contain no trading logic and act only as WebView shells connected to attacker‑controlled […]

The post The Truman Show Scam: Trapped in an AI-Generated Reality appeared first on Check Point Blog.

Simplifying Cloud Network Security When securing cloud landscapes, it’s critically important to eliminate any downtime or performance degradation that firewall or gateway implementation may cause. To address these challenges, Check Point is proud to announce our support for Google Cloud Network Security Integration. This innovation creates a nondisruptive approach to cloud firewall deployment, increasing network security without negatively impacting performance. Scaling Hybrid Cloud Network Security Network security and performance are critical to any organization, but this is especially true for industries under heavy regulations like financial services, healthcare, and government. So over time these organizations gain comfort, expertise, and confidence […]

The post Check Point Supports Google Cloud Network Security Integration appeared first on Check Point Blog.

As businesses and service providers deploy AI tools and systems, having strong cyber security across the entire AI pipeline is a foundational requirement, from design to deployment. Even at this stage of AI adoption, attacks on AI infrastructure and prompt-based manipulation are gaining traction. Per a recent Gartner report, 32% of organizations have already experienced an AI attack involving prompt manipulation, while 29% faced attacks on their GenAI infrastructure in the past year. Nearly 70% of cyber security leaders said emerging GenAI risks demand significant changes to existing cyber security approaches. And a recent Lakera survey found that only 19% of organizations […]

The post Check Point Secures AI Factories with NVIDIA appeared first on Check Point Blog.

Define Security Success Organizations face an escalating threat landscape and a widening cyber security skills gap. Compliance-driven training alone cannot prepare teams for real-world challenges like incident response, SOC operations, and threat hunting. Without robust, practical training, defenses weaken, and vulnerabilities multiply. Recent data from Cybrary – a leading cyber security training platform – shows how modern approaches are transforming readiness. Cybrary specializes in practical, role-based learning for security professionals. Through its partnership with Check Point’s Infinity Global Services, organizations gain access to structured programs that combine industry-recognized certifications, hands-on labs, and customized learning paths. The Impact of Cyber Security […]

The post Cyber Resilience Starts with Training: Why Skills Define Security Success appeared first on Check Point Blog.

As a global leader in cyber security, Check Point proudly highlights its 2025 recognition from leading analyst firms and research labs. Check Point believes these honors highlight the company’s commitment to protecting AI-driven environments and securing distributed networks that underpin digital trust. This year made it clear that as AI adoption accelerates, security teams are under growing pressure to protect an expanding landscape of data, applications, and infrastructure. Check Point helps organizations stay ahead with a prevention-first approach that unifies security management, strengthens Zero Trust frameworks, and enables the safe use of AI across the enterprise. With cyber attacks rising […]

The post Check Point Celebrates 2025 with Top Analyst and Research Lab Recognitions appeared first on Check Point Blog.

This report describes a phishing campaign in which attackers impersonate legitimate Google generated messages by abusing Google Cloud Application Integration to distribute malicious emails that appear to originate from trusted Google infrastructure. The emails mimic routine enterprise notifications such as voicemail alerts and file access or permission requests, making them appear normal and trustworthy to recipients. In this incident, attackers sent 9,394 phishing emails targeting approximately 3,200 customers over the past 14 days. All messages were sent from the legitimate Google address noreply-application-integration@google.com, which significantly increased their credibility and likelihood of reaching end users’ inboxes. Method of attack Based on […]

The post Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection appeared first on Check Point Blog.