❌

Normal view

The Gentlemen: A New Ransomware Threat Climbing the Charts β€” Fast

20 April 2026 at 14:00

Key FindingsΒ  The Gentlemen ransomware-as-a-service (RaaS) operation has claimed over 320 victims since mid-2025, with 240 attacks occurring in 2026 alone,Β making it the #2 most active ransomware group by victim count so far this yearΒ  Check Point Research gained rare access to a live command-and-control server linked to a Gentlemen affiliate, revealing a botnet of over 1,570Β likely corporateΒ victims,Β surpassing the group’s own publicly claimed numbers.Β  The group deliberately targets internet-facing devices (VPNs, firewalls) as their entry point, and once inside, moves quickly to encrypt entire networks within hoursΒ  Manufacturing andΒ technology are the mostΒ frequentlyΒ targeted sectors, withΒ healthcare a growing third target β€” a […]

The post The Gentlemen: A New Ransomware Threat Climbing the Charts β€” Fast appeared first on Check Point Blog.

The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice

16 April 2026 at 14:00

In Q1 2026, Microsoft continued to be the most impersonated brand in phishing attacks, accounting for 22% of all brand impersonation attempts, according to data from Check Point Research (CPR). The results reinforce a long‑standing trend: attackers consistently exploit highly trusted brands to steal credentials and gain initial access to personal and enterprise environments. Apple climbed to second place with 11%, reflecting attackers’ increasing focus on consumer ecosystems tied to payments, identity, and personal devices. Google followed closely in third place at 9%, while Amazon ranked fourth with 7%. LinkedIn rose to fifth place with 6%, highlighting sustained attacker interest […]

The post The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice appeared first on Check Point Blog.

March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify

9 April 2026 at 14:00

Global Attack Volumes Begin to ModerateΒ  In March 2026, globalΒ cyberΒ attackΒ activity showed early signs of moderation whileΒ remainingΒ at historically elevated levels. The average number of weekly cyber-attacks per organization reachedΒ 1,995,Β representingΒ aΒ 4% decrease month over monthΒ and aΒ 5% decline compared to March 2025.Β Β  Despite this easing, the overallΒ threatΒ environmentΒ remainsΒ intense.Β Nearly 2,000Β weekly attacks per organizationΒ continueΒ to reflect sustained adversary pressure, driven by automation, broad attack surface expansion, and persistent exposure risks tied to cloud adoption and GenAI usage. Check Point Research dataΒ indicatesΒ that while shortΒ term fluctuations are emerging, cyber threats have not returned to pre-surge baselines and remain a constant operational reality for organizations worldwide.Β  Critical Sectors Continue to Face […]

The post March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify appeared first on Check Point Blog.

PS Private Training: Turning Cyber Complexity into Operational Control

7 April 2026 at 14:00

TheΒ World Economic Forum’sΒ Global Cybersecurity Outlook 2025Β concurred that cyber risk is increasingly driven by operational complexity rather than lack of technology. As security environments expand, many organizations struggle with hands‑on skill gaps, slow issue resolution, and training that does not reflect how their environments de-factoΒ operate. The result: higher operational risk – even in well‑equipped organizations.Β  To address these challenges, Check Point Services offers PS Private Training (Custom ILT): a tailored, instructor‑led program designed to strengthen operational mastery in real environments. The service replaces one‑size‑fits‑all instruction with customized training, hands‑on labs, and field‑proven best practices delivered by active Professional Services consultants, enabling […]

The post PS Private Training: Turning Cyber Complexity into Operational Control appeared first on Check Point Blog.

Check Point Accelerates the Rollout of Secure AI Data Centers with NVIDIA DSX Air

16 March 2026 at 21:30

Check Point is proud to integrate with NVIDIA DSX Air’s testing environment, enabling organizations to pre-validate their security aware AI data center designs before ever deploying their first piece of hardware in production to build and run their own AI.Β  Testing AI Factory deployments end-to-end is challenging and can require complex multi-vendor orchestration. FromΒ computeΒ to networking, orchestration,Β and security, ensuring integrations, configurations and automations perform as expected can become resource-intensive with so many factors at play.Β Β  Now, organizations can perform large-scale cyber security validation testing before deploying AI Factories, using theΒ NVIDIAΒ DSX Air cloud-based simulation and validation platform.Β  Why are Organizations Building Their […]

The post Check Point Accelerates the Rollout of Secure AI Data Centers with NVIDIA DSX Air appeared first on Check Point Blog.

Augmented Phishing: Social Engineering in the Age of AI

11 March 2026 at 13:00

The rise ofΒ GenAIΒ has pushed social engineering andΒ phishingΒ to new levels. What onceΒ requiredΒ manual effort can now be generated in seconds, resulting in hyper-personalized messages, cloned executive voices, and even realistic video impersonations. Deepfake incidents have already moved from online curiosity toΒ real businessΒ risk, drivingΒ financial lossΒ and operational disruption in organizations worldwide.Β  On everyday collaboration platforms, verifying identity has become increasingly difficult. Real-time face and voice cloning remove many traditional warning signs, makingΒ scamsΒ harder to spot than ever. As theΒ threatΒ landscape shifts, organizations need modern defenses and smarter awareness programs designed for the realities of the AI era.Β  Check PointΒ ServicesΒ has recently expanded its training portfolio to help […]

The post Augmented Phishing: Social Engineering in the Age of AI appeared first on Check Point Blog.

Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline

10 March 2026 at 13:00

Global Attack Volumes Remain Elevated WorldwideΒ  In February 2026, globalΒ cyberΒ attackΒ activity remained near record levels, confirming that elevated attack volumes are becoming the new normal for organizations worldwide. The average number of weeklyΒ cyber attacksΒ per organization reachedΒ 2,086,Β representingΒ aΒ 9.6% increase year over year, whileΒ remainingΒ essentially flatΒ month over month (-0.2% compared to January 2026). This stabilization at a high baseline reflects a sustained pressure environment rather than a short‑term surge. Despite a slowdown inΒ ransomwareΒ activity compared to the same period last year, overall attack volumes continue to rise, driven by automation, expanding digital footprints, and persistent exposure risks linked to enterprise GenAI usage.Β Check Point ResearchΒ dataΒ shows that February’s […]

The post Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline appeared first on Check Point Blog.

China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions

9 March 2026 at 20:34

Key Findings Since the recent escalation in the Middle East, Check Point Research has observed increased activity by Chinese-nexus APT actors in the region, particularly targeting Qatar The Chinese-nexus threat actor Camaro Dragon attempted to deploy a variant of PlugX malware against Qatari targets within one day of the launch of Operation Epic Fury and the onset of the escalation in the Middle East The attackers leveraged the ongoing war in the Middle East to make their lures more credible and engaging, demonstrating the ability to rapidly adapt to major developments and breaking news The use of payloads such as […]

The post China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions appeared first on Check Point Blog.

Introducing CPR Act: A Unified Approach for a Full‑Lifecycle Security

5 March 2026 at 13:00

Fragmented products and solutions sprawled across multiple environments create significant visibility gaps, which attackers look for to exploit. To close these gaps, Check Point Services has now introduced CPR Act, an expert‑led unit that covers the entire security lifecycle with continuous intelligence, coordinated action, and clear outcomes. This unified approach eliminates blind spots and ensures that every phase of security feeds into the next, creating a connected and predictable defense.Β  This elite team of experts brings top researchers, analysts, and responders together to provide organizations with a clear, research‑based insight to act decisively. It operates through four foundational pillars:Β  Intelligence: […]

The post Introducing CPR Act: A Unified Approach for a Full‑Lifecycle Security appeared first on Check Point Blog.

Powering Cyber Resilience Across APAC: Celebrating Check Point’s APAC FY25 Partner Award Winners

4 March 2026 at 15:30

Recognizing Excellence, Innovation, and Impact Across the RegionΒ  Check Point Software TechnologiesΒ recognized the top partners across the Asia PacificΒ region,Β during theΒ Check Point Software Technologies SalesΒ KickoffΒ APAC event in Bangkok,Β Thailand, attended byΒ almost 1,000Β employees and partners.Β TheseΒ awards are handedΒ out toΒ outstanding partners across Asia Pacific who have delivered exceptional customer outcomes, driven sustained growth, and advanced preventionΒ first, AIΒ powered cyber security across the region.Β Β  As cyber threats acrossΒ Asia PacificΒ continue to intensify in both scale and sophistication β€” fuelled by AI-driven attacks, expanding hybrid and cloud ecosystems, and growing regulatory and operational complexity across the variedΒ APAC countries,Β especially around AI,Β our top-performing partners play a critical role in helpingΒ organizations strengthen […]

The post Powering Cyber Resilience Across APAC: Celebrating Check Point’s APAC FY25 Partner Award Winners appeared first on Check Point Blog.

The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path

4 March 2026 at 13:00

Your whitelist is not a wall. For nation-state attackers, it’s a map, showing exactly who to compromise to get to your assets. $1,788,000,000 STOLEN FROM INSTITUTIONS WITH WHITELISTS, MULTISIGS, AND HARDWARE WALLETS IN PLACE TL;DR When you hold significant assets on a public blockchain, nation-state groups will target you – not if, but when Your whitelist tells attackers exactly which vendors and counterparties to compromise to reach your funds Bybit ($1.5B), WazirX ($235M), and Radiant ($53M) all had whitelists. All were drained through whitelisted entities The correct assumption: every whitelisted address is potentially compromised. Trust must be verified in real […]

The post The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path appeared first on Check Point Blog.

Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe

3 March 2026 at 13:00

Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia, with additional victims identified in Europe The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns aimed at government entities It maintains long-term persistence by hijacking legitimate Windows services, thus allowing malware processes to blend into normal system activity A custom backdoor, GearDoor, enables covert command-and-control communications via Google Drive, blending malicious traffic with normal cloud usage The campaign remains relevant as attackers continue to abuse trusted enterprise services and legitimate system components to evade detection Based […]

The post Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe appeared first on Check Point Blog.

How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization

2 March 2026 at 13:00

The CVSS Blind Spot For years, CVSS scores have been the default metric for vulnerability severity. But severity does not equal risk. A CVSS 9.8 vulnerability that is never exploited is less dangerous than a CVSS 6.5 actively used in ransomware campaigns. Yet many organizations still chase the highest scores first, wasting time and leaving real threats exposed. KEV lists help, but they are reactive and often lag behind active exploitation. Attackers move faster than static scoring systems. If your prioritization strategy starts and ends with CVSS, you are playing catch-up. If vulnerability management feels overwhelming, the numbers explain why. […]

The post How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization appeared first on Check Point Blog.

National Cyber Resilience in the AI Era

26 February 2026 at 13:00

A Practical Q&A Guide for Leaders Navigating NIST, Zero Trust, and AI GovernanceΒ  Q1. Why does national cyberΒ security feel more urgent than ever?Β  Answer:Β  CyberΒ security is no longer something that happens quietly in server rooms or security operations centers. It now affects fuel availability, hospital operations, elections, financial markets, and public trust.Β  What has changed is not just the volume ofΒ cyberΒ attacks, but theirΒ intent. Adversaries are no longer satisfied with stealing data. They are embedding themselves into systems, waiting patiently, and positioning for disruption at moments of national stress. Cloud platforms, AI systems, and operational technology have dramatically expanded the attack […]

The post National Cyber Resilience in the AI Era appeared first on Check Point Blog.

Two Types of Threat Intelligence That Make Security Work

18 February 2026 at 13:00

The problem isn’t that we lack threat intelligence. It’s that we lack the right kind of intelligence, intelligence that connects what’s happening inside your environment with what attackers are planning outside it. That’s why two types of threat intelligence matter: internal and external. Alone, each tells part of the story. Together, they create clarity. Why Threat Intelligence Alone Falls Short Most organizations subscribe to multiple threat feeds. They pour in from every direction, generic, fragmented, and often delayed. Instead of clarifying risk, they confuse it. β€œOrganizations still make critical decisions based on incomplete or underrefined threat data.” β€” Gartner, The […]

The post Two Types of Threat Intelligence That Make Security Work appeared first on Check Point Blog.

Check Point Named Leader in GigaOm Radar for Cloud Network Security For 3 Years in a Row – Protects 22 Cloud Vendors

17 February 2026 at 13:00

In today’s multi-cloud world, businesses deploy workloads across dozens of public and private clouds, each with their own network topology, security controls, and operational quirks. Over time this flexibility comes at a cost of increasing complexity and risk. How can budget minded IT team sanely enforce complex security policies, prevent AI-powered cyber breaches by foreign entities, and maintain geographical compliance across such a diverse environment?Β  They can do so with a partner that leads with an open garden, agnostic approach. Check Point cloud firewalls, called CloudGuard Network Security, provide integrations across 22 leading public and private cloud vendors from AWS, […]

The post Check Point Named Leader in GigaOm Radar for Cloud Network Security For 3 Years in a Row – Protects 22 Cloud Vendors appeared first on Check Point Blog.

Using AI for Covert Command-and-Control Channels

16 February 2026 at 13:00

Check Point Research identified a potential future attack technique in which AI assistants with web-browsing capabilities could be abused as covert command-and-control (C2) channels. As AI services become widely adopted and implicitly trusted, their network traffic increasingly blends into normal enterprise activity, expanding the attack surface. AI-enabled C2 could allow attacker communications to evade traditional detection by hiding inside legitimate-looking AI interactions. The same building blocks point toward a broader shift to AI-driven malware, where AI systems influence targeting, prioritization, and operational decisions rather than serving only as development tools. Check Point Research has identified a potential new abuse pattern: […]

The post Using AI for Covert Command-and-Control Channels appeared first on Check Point Blog.

The UK’s Cyber Threat Has Changed. Most Organizations Haven’t.

16 February 2026 at 13:00

For years, ransomware shaped how UK organizations thought about cyber risk. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16% of all recorded attacks across the region. But volume alone doesn’t explain what changed. The real shift was intent. Attackers didn’t just increase activity; they changed tactics. Disruption overtook monetization. Organizations that spent years preparing for one dominant threat model found themselves exposed to another. A Threat Model That No Longer Fits Reality In 2024, ransomware dominated the UK cyber risk conversation. In 2025, it was no longer the primary attack […]

The post The UK’s Cyber Threat Has Changed. Most Organizations Haven’t. appeared first on Check Point Blog.

Unzipping the Threat: How to Block Malware Hidden in Password-Protected ZIP Files

13 February 2026 at 13:00

As malware evades detection by hiding inside password-protect zip files, new Threat Emulation capabilities enable inspecting and blocking malicious ZIP files without requiring their password. As cyber defenses evolve, so do attacker tactics. One of the most persistent evasion techniques in the wild involves embedding malware inside password-protected ZIP files, making it difficult for traditional security tools to inspect their content. The Challenge: Breaking the Password Delivery Chain Attackers have adapted. Their new strategy? Splitting the delivery path: The malicious ZIP file is sent via email. The password arrives through an out-of-band channel, often SMS or messaging apps. This multi-channel […]

The post Unzipping the Threat: How to Block Malware Hidden in Password-Protected ZIP Files appeared first on Check Point Blog.

Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World

12 February 2026 at 11:02

AI is moving faster than most security teams can keep up with. As AI reshapes how work gets done, and how attacks are carried out, Check Point believes organizations need to rewire security for the AI era: not by adding more tools, but by rethinking how security is designed and operated when both attackers and defenders use AI. First, security leaders must revalidate their security foundations. AI-driven attacks are faster and more adaptive, so core controls across networks, endpoints, email, SASE, and cloud must be strengthened to keep pace with the proliferation of AI-powered threats. Second, organizations must enable secure […]

The post Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World appeared first on Check Point Blog.

❌