Normal view

Received — 18 June 2026 Check Point Blog

From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers

By: anap
17 June 2026 at 15:11

Key Findings Trust is being manufactured at scale. A single threat actor built a cross-platform ecosystem: a WordPress phishing hub, GitHub and SourceForge projects, a YouTube channel, crypto forums, and even posts on legitimate news sites, all engineered to make a malicious “tool” look popular, vetted, and safe Reputation systems themselves are now a target. The actor seeds benign votes and “safe” community comments on VirusTotal samples that already carry low detection rates, nudging reputation-based defenses toward misclassifying clearly malicious files as harmless AI is woven into the lure. Fake “tutorial” videos pair real-looking desktop demos with AI-generated narrators and […]

The post From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers appeared first on Check Point Blog.

Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here’s What Cyber Criminals Are Actually Doing

15 June 2026 at 15:00

Every summer, hundreds of millions of people book flights, reserve hotels, and plan vacations online. And every summer, cyber criminals show up to take advantage of exactly that. Check Point Research tracked the threat landscape heading into the 2026 summer travel season, and what they found should give travelers pause before they click “confirm booking.”  The hospitality sector is under targeted attack  The hospitality, travel, and recreation sector recorded 2,291 average weekly cyberattacks per organization in May 2026, a 24% increase compared to the same month last year. To put that in context, the global year-over-year rise across all industries […]

The post Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here’s What Cyber Criminals Are Actually Doing appeared first on Check Point Blog.

When Your AI Agent’s Memory Becomes a Security Liability

11 June 2026 at 15:00

Key Findings:   Check Point Research identified a critical vulnerability chain in LangGraph, an open-source framework from the creators of LangChain that enables developers to build complex, stateful, and controllable AI agent workflows using LLMs; they have approximately 46.5 million monthly downloads, making it one of the most widely adopted AI agent platforms in the world An SQL injection in LangGraph’s function could allow attackers to gain full control via remote code execution of a server by exploiting weaknesses in how the system processes and handles data. A compromised LangGraph server exposes everything the agent touches, including LLM API keys, customer data, CRM credentials, conversation history, and internal network […]

The post When Your AI Agent’s Memory Becomes a Security Liability appeared first on Check Point Blog.

Received — 8 June 2026 Check Point Blog

The Server Seizure That Affects Also Iran’s Cyber Operations

1 June 2026 at 10:55

On May 22, 2026, Dutch financial-crime investigators walked into data centers in Dronten and Schiphol-Rijk and seized approximately 800 servers. The target was WorkTitans B.V., a hosting provider that, on the surface, looked like any other internet infrastructure company. What investigators uncovered, however, was something far more significant: a ghost operation built on sanctioned infrastructure, quietly serving as the backbone for some of Iran’s most active cyber espionage campaigns. The story starts a year earlier. In May 2025, the European Union sanctioned Stark Industries, an internet service provider linked to Russian information-warfare operations. Rather than shutting down, the people behind […]

The post The Server Seizure That Affects Also Iran’s Cyber Operations appeared first on Check Point Blog.

Received — 19 May 2026 Check Point Blog

Hacktivists, Ransomware, and a 124% Surge Across DACH

18 May 2026 at 15:00

Hacktivism and ransomware targeting organizations across Germany, Austria, and Switzerland increased 124% in 2025, according to Check Point Exposure Management (based on published attacks on the web and dark web). Three distinct dynamics drove the surge, each with its own logic and its own implications for security teams in 2026.  Germany Absorbed Most of It  Germany accounted for more than 80% of regional incidents, with Switzerland at 12% and Austria at 8%. Across Europe, the DACH region represented 18% of all recorded attacks, placing Germany above France, Spain, and Italy by individual country share.  The concentration reflects Germany’s economic and […]

The post Hacktivists, Ransomware, and a 124% Surge Across DACH appeared first on Check Point Blog.

Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026

14 May 2026 at 14:55

The FIFA World Cup 2026 is one of the most anticipated sporting events in history, and cyber criminals are already capitalizing on excitement. As matches kick off across the United States, Canada, and Mexico, threat actors are flooding the internet with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal your money and personal data. This report breaks down the latest threat landscape so fans can stay safe while enjoying the beautiful game.  As the host countries of the FIFA World Cup 2026, the United States, Canada, and Mexico all recorded an increase in the weekly average number of cyber-attacks per organization in April 2026 compared to both […]

The post Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 appeared first on Check Point Blog.

When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk

13 May 2026 at 14:55

Key Findings  The Gentlemen RaaS has 400+ public victims and is the #2 most active ransomware group globally in 2026   Their internal systems were breached in May 2026, exposing their full operational structure   The group is run by approximately nine named operators organized around a single administrator (zeta88 / hastalamuerte), who not only manages the platform but personally participates in encryption events  That administrator has been identified as a former affiliate of the Qilin ransomware program — a career criminal who learned the trade under an established operation before building a competing one  Initial access is almost exclusively via unpatched edge devices or purchased credentials   Data stolen from one […]

The post When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk appeared first on Check Point Blog.

Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation

12 May 2026 at 15:00

Every Region Recorded Higher Attack Volumes in April In April 2026, global cyber-attack activity rebounded sharply following the brief moderation observed in March. Organizations experienced an average of 2,201 weekly cyber-attacks, representing a 10% increase month over month and an 8% increase year over year. This reversal underscores the volatility of today’s threat landscape. After three consecutive months of gradual decline, April’s data confirms that the earlier easing was temporary rather than structural. Attackers continue to leverage automation, expanded digital footprints, and exposed cloud and GenAI environments to sustain elevated pressure across industries and regions. Check Point Research data shows […]

The post Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation appeared first on Check Point Blog.

Received — 11 May 2026 Check Point Blog

Q1 2026 Ransomware Report: Fewer Groups, Higher Impact

11 May 2026 at 12:00

Ransomware activity remained elevated in Q1 2026, continuing the trend established over the past year. According to the State of Ransomware Q1 2026 report from Check Point Research, overall attack volume stayed near historic highs. At the same time, the structure of the ransomware ecosystem changed materially. After two years of increasing fragmentation, activity is consolidating around a smaller number of dominant groups. For organizations, this shift reduces the number of active actors but increases the potential impact of individual incidents.  Key Findings: 2,122 organizations were listed on ransomware data leak sites in Q1 2026, making it the second-highest Q1 on record The top […]

The post Q1 2026 Ransomware Report: Fewer Groups, Higher Impact appeared first on Check Point Blog.

VECT Ransomware: Why Paying Won’t Get Your Files Back

28 April 2026 at 15:00

Do not pay the ransom. VECT permanently destroys large files rather than locking them. Even the attackers cannot recover them. Payment will not restore your data  VECT partnered with TeamPCP and BreachForums to build one of the largest ransomware affiliate networks ever assembled, giving them a ready-made pipeline to thousands of potential victims  The encryption flaw exists across all versions. Windows, Linux, and ESXi variants are all affected. The bug has been present since before the public 2.0 release and has never been fixed  Advertised features don’t work. Encryption speed modes, anti-analysis protections, and other capabilities are either unimplemented or broken  Check Point Threat Emulation and Harmony Endpoint provide full protection against all known […]

The post VECT Ransomware: Why Paying Won’t Get Your Files Back appeared first on Check Point Blog.

Received — 23 April 2026 Check Point Blog

The Gentlemen: A New Ransomware Threat Climbing the Charts — Fast

20 April 2026 at 14:00

Key Findings  The Gentlemen ransomware-as-a-service (RaaS) operation has claimed over 320 victims since mid-2025, with 240 attacks occurring in 2026 alone, making it the #2 most active ransomware group by victim count so far this year  Check Point Research gained rare access to a live command-and-control server linked to a Gentlemen affiliate, revealing a botnet of over 1,570 likely corporate victims, surpassing the group’s own publicly claimed numbers.  The group deliberately targets internet-facing devices (VPNs, firewalls) as their entry point, and once inside, moves quickly to encrypt entire networks within hours  Manufacturing and technology are the most frequently targeted sectors, with healthcare a growing third target — a […]

The post The Gentlemen: A New Ransomware Threat Climbing the Charts — Fast appeared first on Check Point Blog.

The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice

16 April 2026 at 14:00

In Q1 2026, Microsoft continued to be the most impersonated brand in phishing attacks, accounting for 22% of all brand impersonation attempts, according to data from Check Point Research (CPR). The results reinforce a long‑standing trend: attackers consistently exploit highly trusted brands to steal credentials and gain initial access to personal and enterprise environments. Apple climbed to second place with 11%, reflecting attackers’ increasing focus on consumer ecosystems tied to payments, identity, and personal devices. Google followed closely in third place at 9%, while Amazon ranked fourth with 7%. LinkedIn rose to fifth place with 6%, highlighting sustained attacker interest […]

The post The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice appeared first on Check Point Blog.

March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify

9 April 2026 at 14:00

Global Attack Volumes Begin to Moderate  In March 2026, global cyber attack activity showed early signs of moderation while remaining at historically elevated levels. The average number of weekly cyber-attacks per organization reached 1,995, representing a 4% decrease month over month and a 5% decline compared to March 2025.   Despite this easing, the overall threat environment remains intense. Nearly 2,000 weekly attacks per organization continue to reflect sustained adversary pressure, driven by automation, broad attack surface expansion, and persistent exposure risks tied to cloud adoption and GenAI usage. Check Point Research data indicates that while short term fluctuations are emerging, cyber threats have not returned to pre-surge baselines and remain a constant operational reality for organizations worldwide.  Critical Sectors Continue to Face […]

The post March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify appeared first on Check Point Blog.

Received — 12 March 2026 Check Point Blog

Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline

10 March 2026 at 13:00

Global Attack Volumes Remain Elevated Worldwide  In February 2026, global cyber attack activity remained near record levels, confirming that elevated attack volumes are becoming the new normal for organizations worldwide. The average number of weekly cyber attacks per organization reached 2,086, representing a 9.6% increase year over year, while remaining essentially flat month over month (-0.2% compared to January 2026). This stabilization at a high baseline reflects a sustained pressure environment rather than a short‑term surge. Despite a slowdown in ransomware activity compared to the same period last year, overall attack volumes continue to rise, driven by automation, expanding digital footprints, and persistent exposure risks linked to enterprise GenAI usage. Check Point Research data shows that February’s […]

The post Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline appeared first on Check Point Blog.

China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions

9 March 2026 at 20:34

Key Findings Since the recent escalation in the Middle East, Check Point Research has observed increased activity by Chinese-nexus APT actors in the region, particularly targeting Qatar The Chinese-nexus threat actor Camaro Dragon attempted to deploy a variant of PlugX malware against Qatari targets within one day of the launch of Operation Epic Fury and the onset of the escalation in the Middle East The attackers leveraged the ongoing war in the Middle East to make their lures more credible and engaging, demonstrating the ability to rapidly adapt to major developments and breaking news The use of payloads such as […]

The post China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions appeared first on Check Point Blog.

The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path

4 March 2026 at 13:00

Your whitelist is not a wall. For nation-state attackers, it’s a map, showing exactly who to compromise to get to your assets. $1,788,000,000 STOLEN FROM INSTITUTIONS WITH WHITELISTS, MULTISIGS, AND HARDWARE WALLETS IN PLACE TL;DR When you hold significant assets on a public blockchain, nation-state groups will target you – not if, but when Your whitelist tells attackers exactly which vendors and counterparties to compromise to reach your funds Bybit ($1.5B), WazirX ($235M), and Radiant ($53M) all had whitelists. All were drained through whitelisted entities The correct assumption: every whitelisted address is potentially compromised. Trust must be verified in real […]

The post The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path appeared first on Check Point Blog.

Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe

3 March 2026 at 13:00

Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia, with additional victims identified in Europe The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns aimed at government entities It maintains long-term persistence by hijacking legitimate Windows services, thus allowing malware processes to blend into normal system activity A custom backdoor, GearDoor, enables covert command-and-control communications via Google Drive, blending malicious traffic with normal cloud usage The campaign remains relevant as attackers continue to abuse trusted enterprise services and legitimate system components to evade detection Based […]

The post Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe appeared first on Check Point Blog.

How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization

2 March 2026 at 13:00

The CVSS Blind Spot For years, CVSS scores have been the default metric for vulnerability severity. But severity does not equal risk. A CVSS 9.8 vulnerability that is never exploited is less dangerous than a CVSS 6.5 actively used in ransomware campaigns. Yet many organizations still chase the highest scores first, wasting time and leaving real threats exposed. KEV lists help, but they are reactive and often lag behind active exploitation. Attackers move faster than static scoring systems. If your prioritization strategy starts and ends with CVSS, you are playing catch-up. If vulnerability management feels overwhelming, the numbers explain why. […]

The post How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization appeared first on Check Point Blog.

What Defenders Need to Know about Iran’s Cyber Capabilities

1 March 2026 at 21:34

With the current Iran crisis at its peak, cyber activity is a relevant part of the threat picture alongside kinetic and political pressure. Iran’s ecosystem includes multiple clusters aligned with state entities, the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), as well as deniable operators and “hacktivist” groups. This ecosystem supports a broad set of objectives: espionage to gain intelligence and footholds; disruption and destructive activity, including DDoS attacks, pseudo-ransomware, and data wipers to impose costs; and information operations that pair destructive activity or data leaks with coordinated online amplification. This activity is expected to intensify and broaden across the Middle East, the United States, and […]

The post What Defenders Need to Know about Iran’s Cyber Capabilities appeared first on Check Point Blog.

Two Types of Threat Intelligence That Make Security Work

18 February 2026 at 13:00

The problem isn’t that we lack threat intelligence. It’s that we lack the right kind of intelligence, intelligence that connects what’s happening inside your environment with what attackers are planning outside it. That’s why two types of threat intelligence matter: internal and external. Alone, each tells part of the story. Together, they create clarity. Why Threat Intelligence Alone Falls Short Most organizations subscribe to multiple threat feeds. They pour in from every direction, generic, fragmented, and often delayed. Instead of clarifying risk, they confuse it. “Organizations still make critical decisions based on incomplete or underrefined threat data.” — Gartner, The […]

The post Two Types of Threat Intelligence That Make Security Work appeared first on Check Point Blog.

❌