As malware evades detection by hiding inside password-protect zip files, new Threat Emulation capabilities enable inspecting and blocking malicious ZIP files without requiring their password. As cyber defenses evolve, so do attacker tactics. One of the most persistent evasion techniques in the wild involves embedding malware inside password-protected ZIP files, making it difficult for traditional security tools to inspect their content. The Challenge: Breaking the Password Delivery Chain Attackers have adapted. Their new strategy? Splitting the delivery path: The malicious ZIP file is sent via email. The password arrives through an out-of-band channel, often SMS or messaging apps. This multi-channel […]

The post Unzipping the Threat: How to Block Malware Hidden in Password-Protected ZIP Files appeared first on Check Point Blog.

AI is moving faster than most security teams can keep up with. As AI reshapes how work gets done, and how attacks are carried out, Check Point believes organizations need to rewire security for the AI era: not by adding more tools, but by rethinking how security is designed and operated when both attackers and defenders use AI. First, security leaders must revalidate their security foundations. AI-driven attacks are faster and more adaptive, so core controls across networks, endpoints, email, SASE, and cloud must be strengthened to keep pace with the proliferation of AI-powered threats. Second, organizations must enable secure […]

The post Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World appeared first on Check Point Blog.

As Valentine’s Day 2026 approaches, people are turning to online shopping, digital dating, and last‑minute gift ideas. Unfortunately, cyber criminals are doing the same. Check Point researchers have identified a sharp rise in Valentine‑themed phishing websites, fraudulent stores, and fake dating platforms designed to steal personal data and payment information. A Seasonal Spike in Valentine-Themed Domains From March to December 2025, new Valentine-related domains averaged 474 per month. But in January 2026, registrations jumped to 696 — a 44% increase. In just the first five days of February, researchers detected 152 additional domains, a further 36% rise in daily average […]

The post Love Is in the Air — and So Are Scammers: Valentine’s Day 2026 Threats to Watch For appeared first on Check Point Blog.

Introduction: Security Testing Must Evolve with Attacks As cyber threats rise, web applications, GenAI workloads, and APIs have become prime targets. WAFs remain a critical first line of defense, but as attackers move beyond basic OWASP Top 10 techniques, WAF testing must evolve. Modern attacks increasingly rely on evasion methods, payload padding, and zero-day techniques designed to bypass signature-based WAFs. The WAF Comparison Project 2026 presents the results of our third annual, real-world evaluation of WAF efficacy (see the last year result here), using over 1 million legitimate requests and 74,000 malicious payloads to assess 14 leading WAF vendors, including […]

The post WAF Security Test Results 2026: Why Prevention-First Matters More Than Ever appeared first on Check Point Blog.

Global Attack Volumes Climb Worldwide In January 2026, the global volume of cyber attacks continued its steady escalation. Organizations worldwide experienced an average of 2,090 cyber‑attacks per organization per week, marking a 3% increase from December and a 17% rise compared to January 2025. This growth reflects a landscape increasingly shaped by the expansion of ransomware activity and mounting data‑exposure risks driven by widespread GenAI adoption. Check Point Research data shows that January’s upward trajectory underscores a persistent and evolving cyber threat environment — one defined by fast‑moving ransomware operations and intensifying GenAI‑related risks. Critical Sectors Face Intensified Pressure The […]

The post Global Cyber Attacks Rise in January 2026 Amid Increasing Ransomware Activity and Expanding GenAI Risks appeared first on Check Point Blog.

Overview This report documents a large-scale phishing campaign in which attackers abused legitimate software-as-a-service (SaaS) platforms to deliver phone-based scam lures that appeared authentic and trustworthy. Rather than spoofing domains or compromising services, the attackers deliberately misused native platform functionality to generate and distribute emails that closely resembled routine service notifications, inheriting the trust, reputation, and authentication posture of well-known SaaS providers. The campaign generated approximately 133,260 phishing emails, impacting 20,049 organizations. It is part of a broader and rapidly escalating trend in which attackers weaponize trusted brands and native cloud workflows to maximize delivery, credibility, and reach. Observed brands […]

The post SaaS Abuse at Scale: Phone-Based Scam Campaign Leveraging Trusted Platforms appeared first on Check Point Blog.

Executive Summary Check Point Research uncovered highly targeted cyber espionage campaigns aimed at government and law enforcement agencies across the ASEAN region throughout 2025. The activity is attributed to Amaranth-Dragon, a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem. The group weaponized newly disclosed vulnerabilities within days, including a critical WinRAR flaw, and paired them with lures tied to real-world political and security events. These operations demonstrate state-level discipline and precision, using country-restricted infrastructure, trusted cloud services, and stealthy tooling to quietly collect intelligence. A New Cyber Espionage Campaign Unfolds in Southeast Asia […]

The post Amaranth-Dragon: Targeted Cyber Espionage Campaigns Across Southeast Asia appeared first on Check Point Blog.

Check Point® Software Technologies today announced the 2025 Check Point Software Technologies EMEA Partner Award Winners, recognizing outstanding partners across the region who continue to deliver AI‑powered, prevention‑first cyber security outcomes for customers. The winners were honoured during the Check Point Software Technologies EMEA Sales Kickoff event in Vienna, attended by more than 1,000 employees and partners. As the cyber threat landscape across Europe, the Middle East, and Africa continues to accelerate in sophistication — driven by AI‑enhanced attacks, hybrid‑cloud complexity, and increasing regulatory pressure — these top‑performing partners delivered exceptional value, helping organizations strengthen resilience through AI‑powered, prevention‑first security. […]

The post Celebrating the 2025 Check Point Software EMEA Partner Award Winners — Recognizing Excellence Across the Region appeared first on Check Point Blog.

The financial sector experienced an unprecedented rise in cyber incidents in 2025, with attacks more than doubling from 864 in 2024 to 1,858 in 2025. This acceleration reflects a dramatic shift in threat actor behavior, ranging from ideologically-motivated disruptions to commercialized cyber crime as a service. Below is a concise snapshot of the three dominant trends before we unpack them in detail. Quick Overview of Key Trends DDoS attacks surged 105%, driven by coordinated hacktivist campaigns targeting high visibility financial platforms and services. Data breaches & leaks jumped 73%, exposing persistent weaknesses in cloud security, identity governance, and third party […]

The post The Three Most Disruptive Cyber Trends Impacting the Financial Industry Today appeared first on Check Point Blog.

At Check Point, our partners are more than collaborators. They are the driving force behind our customers’ success, our innovation, and our ability to stay ahead of today’s rapidly evolving cyber threat landscape. This year, we are thrilled to recognize an extraordinary group of partners who demonstrated exceptional performance, growth, technical excellence, and commitment to helping organizations stay secure. These awards celebrate not just results, but leadership, trust, and the relentless pursuit of excellence. We are proud to announce the 2025 Americas Partner Award winners: Partner of the Year: World Wide Technology Latin America Partner of the Year: NTSec Group […]

The post Celebrating Check Point’s 2025 Americas Partner Award Winners appeared first on Check Point Blog.

Security programs are being asked to defend increasingly complex environments against cyber attacks that are faster, more automated, and harder to isolate. The past year of attacks reveals a measurable shift in how adversaries operate, coordinate, and scale across enterprise environments.  The Cyber Security Report 2026 is based on direct analysis of global attack activity spanning AI driven attacks, ransomware operations, hybrid environments, and multi channel social engineering. It documents how these techniques are being executed in practice, at scale, across industries and regions. The data points to a clear pattern. Attacks have moved beyond isolated methods, deliberately combining AI, identity abuse, ransomware, edge […]

The post The Trends Defining Cyber Security in 2026: Cyber Security Report 2026 appeared first on Check Point Blog.

The cyber security industry faces a critical challenge: a growing skills gap that leaves organizations exposed to increasingly sophisticated threats. Businesses need qualified professionals who can secure systems and respond effectively, but finding and training those experts remains a global concern. To address this challenge, Infinity Global Services, which delivers practical learning designed to build real-world cyber security expertise, has partnered with CompTIA, a global leader in IT and cyber security education. This collaboration combines Infinity Global Services’ hands-on training approach with CompTIA’s globally recognized certifications, creating a powerful pathway for professionals to advance their careers and organizations to build […]

The post Closing the Cyber Security Skills Gap: Check Point Partners with CompTIA appeared first on Check Point Blog.

Cyber security is often framed as a problem for enterprises, governments, and seasoned professionals. But by the time organizations begin searching for talent, the damage has often already been done. Threat actors don’t wait for workforce pipelines to catch up and our approach to cyber security education shouldn’t either. Today’s digital threats target schools, hospitals, municipalities, and small businesses just as aggressively as large enterprises. Ransomware attacks shut down classrooms. Phishing campaigns exploit young users as easily as experienced employees. Yet cyber security education is still treated as a late-stage specialization, introduced only when individuals enter the workforce or pursue […]

The post Building Cyber Readiness Early: Why Youth Education Is a Security Necessity appeared first on Check Point Blog.

Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat actor active since at least 2014. Historically, KONNI focused on South Korean diplomatic, academic, and government-linked targets, using geopolitical themes as phishing lures. This latest activity marks a clear shift. In the current campaign, KONNI targets software developers and engineering teams, particularly those involved in blockchain and cryptocurrency projects. The lures are designed to resemble legitimate project documentation, indicating an effort to compromise individuals with access to valuable technical infrastructure rather than traditional political targets. The campaign stands out for two reasons: its expanded geographic […]

The post AI-Powered North Korean Konni Malware Targets Developers appeared first on Check Point Blog.

Overview This report describes a phishing campaign in which attackers abuse Microsoft Teams functionality to distribute phishing content that appears to originate from legitimate Microsoft services. The attack leverages guest invitations and phishing-themed team names to impersonate billing and subscription notifications, encouraging victims to contact a fraudulent support phone number. Campaign scale Total phishing messages: 12,866 Daily average: 990 Affected customers: 6,135 Method of attack The attacker begins by creating a new team in Microsoft Teams and assigning it a malicious, finance-themed name designed to resemble an urgent billing or subscription notice. An example of the naming pattern observed includes […]

The post Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users appeared first on Check Point Blog.

Of course, organizations see risk. It’s just that they struggle to turn insight into timely, safe action. That gap is why exposure management has emerged, and also why it is now becoming a foundational security discipline. What the diagram makes clear is that risk doesn’t stay flat while organizations deliberate. From the moment an exposure is discovered and is reachable, exploitable, and known – the clock starts ticking. As time passes, environments change, dependencies grow, and attackers adapt faster. Remediation workflows fall behind. Manual coordination, unclear ownership, and fear of disruption all extend what is increasingly referred to as ‘exposure […]

The post Why Exposure Management Is Becoming a Security Imperative appeared first on Check Point Blog.

Check Point Research has identified VoidLink, one of the first known examples of advanced malware largely generated using artificial intelligence. Unlike earlier AI-assisted malware, which was typically low-quality or derivative, VoidLink demonstrates a high level of sophistication and rapid evolution. AI dramatically accelerated development, enabling what appears to be a single actor to plan, build, and iterate a complex malware framework in days rather than months. This marks a turning point: AI is no longer just supporting malware development. It is actively reshaping how advanced threats are created. Defenders must adapt, as AI lowers the barrier to high-complexity attacks and […]

The post VoidLink Signals the Start of a New Era in AI-Generated Malware appeared first on Check Point Blog.

In Q4 2025, Microsoft once again ranked as the most impersonated brand in phishing attacks, accounting for 22% of all brand phishing attempts, according to data from Check Point Research. This continues a multi-quarter trend in which attackers increasingly abuse trusted enterprise and consumer brands to harvest credentials and gain initial access. Google followed in second place with 13%, while Amazon climbed into third position at 9%, fueled by Black Friday and holiday sales, overtaking Apple. After a prolonged absence, Facebook (Meta) re-entered the top 10, landing in fifth place, highlighting renewed interest among attackers in social media account takeover. […]

The post Microsoft Remains the Most Imitated Brand in Phishing Attacks in Q4 2025 appeared first on Check Point Blog.

Executive Summary Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The exploitation campaign is attributed to the RondoDox botnet and escalated rapidly to tens of thousands of automated attack attempts. Check Point blocked tens of thousands of exploitation attempts through its security infrastructure, highlighting both the severity of the risk and the importance of layered defenses. Check Point reported the active exploitation to CISA on January 7, 2026, and the vulnerability was added to the Known Exploited Vulnerabilities KEV catalog the same day. Organizations running HPE OneView should patch immediately […]

The post Patch Now: Active Exploitation Underway for Critical HPE OneView Vulnerability appeared first on Check Point Blog.

In December 2025, organizations experienced an average of 2,027 cyber attacks per organization per week. This represents a 1% month-over-month increase and a 9% year-over-year increase. While overall growth remained moderate, Latin America recorded the sharpest regional increase, with organizations experiencing an average of 3,065 attacks per week, a 26% increase year over year. The data points to sharper regional and sector-level spikes in activity, driven primarily by ransomware operations and expanding exposure linked to enterprise adoption of generative AI (GenAI). Latin America experienced the sharpest rise in cyber attacks globally, with organizations in the region facing an average of […]

The post Latin America Sees Sharpest Rise in Cyber Attacks in December 2025 as Ransomware Activity Accelerates appeared first on Check Point Blog.