The problem isn’t that we lack threat intelligence. It’s that we lack the right kind of intelligence, intelligence that connects what’s happening inside your environment with what attackers are planning outside it. That’s why two types of threat intelligence matter: internal and external. Alone, each tells part of the story. Together, they create clarity. Why Threat Intelligence Alone Falls Short Most organizations subscribe to multiple threat feeds. They pour in from every direction, generic, fragmented, and often delayed. Instead of clarifying risk, they confuse it. “Organizations still make critical decisions based on incomplete or underrefined threat data.” — Gartner, The […]

The post Two Types of Threat Intelligence That Make Security Work appeared first on Check Point Blog.

In today’s multi-cloud world, businesses deploy workloads across dozens of public and private clouds, each with their own network topology, security controls, and operational quirks. Over time this flexibility comes at a cost of increasing complexity and risk. How can budget minded IT team sanely enforce complex security policies, prevent AI-powered cyber breaches by foreign entities, and maintain geographical compliance across such a diverse environment?  They can do so with a partner that leads with an open garden, agnostic approach. Check Point cloud firewalls, called CloudGuard Network Security, provide integrations across 22 leading public and private cloud vendors from AWS, […]

The post Check Point Named Leader in GigaOm Radar for Cloud Network Security For 3 Years in a Row – Protects 22 Cloud Vendors appeared first on Check Point Blog.

Check Point Research identified a potential future attack technique in which AI assistants with web-browsing capabilities could be abused as covert command-and-control (C2) channels. As AI services become widely adopted and implicitly trusted, their network traffic increasingly blends into normal enterprise activity, expanding the attack surface. AI-enabled C2 could allow attacker communications to evade traditional detection by hiding inside legitimate-looking AI interactions. The same building blocks point toward a broader shift to AI-driven malware, where AI systems influence targeting, prioritization, and operational decisions rather than serving only as development tools. Check Point Research has identified a potential new abuse pattern: […]

The post Using AI for Covert Command-and-Control Channels appeared first on Check Point Blog.

For years, ransomware shaped how UK organizations thought about cyber risk. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16% of all recorded attacks across the region. But volume alone doesn’t explain what changed. The real shift was intent. Attackers didn’t just increase activity; they changed tactics. Disruption overtook monetization. Organizations that spent years preparing for one dominant threat model found themselves exposed to another. A Threat Model That No Longer Fits Reality In 2024, ransomware dominated the UK cyber risk conversation. In 2025, it was no longer the primary attack […]

The post The UK’s Cyber Threat Has Changed. Most Organizations Haven’t. appeared first on Check Point Blog.

As malware evades detection by hiding inside password-protect zip files, new Threat Emulation capabilities enable inspecting and blocking malicious ZIP files without requiring their password. As cyber defenses evolve, so do attacker tactics. One of the most persistent evasion techniques in the wild involves embedding malware inside password-protected ZIP files, making it difficult for traditional security tools to inspect their content. The Challenge: Breaking the Password Delivery Chain Attackers have adapted. Their new strategy? Splitting the delivery path: The malicious ZIP file is sent via email. The password arrives through an out-of-band channel, often SMS or messaging apps. This multi-channel […]

The post Unzipping the Threat: How to Block Malware Hidden in Password-Protected ZIP Files appeared first on Check Point Blog.

AI is moving faster than most security teams can keep up with. As AI reshapes how work gets done, and how attacks are carried out, Check Point believes organizations need to rewire security for the AI era: not by adding more tools, but by rethinking how security is designed and operated when both attackers and defenders use AI. First, security leaders must revalidate their security foundations. AI-driven attacks are faster and more adaptive, so core controls across networks, endpoints, email, SASE, and cloud must be strengthened to keep pace with the proliferation of AI-powered threats. Second, organizations must enable secure […]

The post Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World appeared first on Check Point Blog.

As Valentine’s Day 2026 approaches, people are turning to online shopping, digital dating, and last‑minute gift ideas. Unfortunately, cyber criminals are doing the same. Check Point researchers have identified a sharp rise in Valentine‑themed phishing websites, fraudulent stores, and fake dating platforms designed to steal personal data and payment information. A Seasonal Spike in Valentine-Themed Domains From March to December 2025, new Valentine-related domains averaged 474 per month. But in January 2026, registrations jumped to 696 — a 44% increase. In just the first five days of February, researchers detected 152 additional domains, a further 36% rise in daily average […]

The post Love Is in the Air — and So Are Scammers: Valentine’s Day 2026 Threats to Watch For appeared first on Check Point Blog.

Introduction: Security Testing Must Evolve with Attacks As cyber threats rise, web applications, GenAI workloads, and APIs have become prime targets. WAFs remain a critical first line of defense, but as attackers move beyond basic OWASP Top 10 techniques, WAF testing must evolve. Modern attacks increasingly rely on evasion methods, payload padding, and zero-day techniques designed to bypass signature-based WAFs. The WAF Comparison Project 2026 presents the results of our third annual, real-world evaluation of WAF efficacy (see the last year result here), using over 1 million legitimate requests and 74,000 malicious payloads to assess 14 leading WAF vendors, including […]

The post WAF Security Test Results 2026: Why Prevention-First Matters More Than Ever appeared first on Check Point Blog.

Global Attack Volumes Climb Worldwide In January 2026, the global volume of cyber attacks continued its steady escalation. Organizations worldwide experienced an average of 2,090 cyber‑attacks per organization per week, marking a 3% increase from December and a 17% rise compared to January 2025. This growth reflects a landscape increasingly shaped by the expansion of ransomware activity and mounting data‑exposure risks driven by widespread GenAI adoption. Check Point Research data shows that January’s upward trajectory underscores a persistent and evolving cyber threat environment — one defined by fast‑moving ransomware operations and intensifying GenAI‑related risks. Critical Sectors Face Intensified Pressure The […]

The post Global Cyber Attacks Rise in January 2026 Amid Increasing Ransomware Activity and Expanding GenAI Risks appeared first on Check Point Blog.

Generative AI is transforming cyber defense. Technical expertise remains critical, but AI-driven threats demand more than individual skill – they require the collective intelligence of the organization’s SOC. To understand how businesses are adapting, Infinity Global Services analyzed training consumption trends from 2023 to 2025. The findings reveal a decisive shift from individual courses to team-based subscriptions, signaling a new approach to workforce development in the age of AI. The Data: A Shift in Mindset Infinity Global Services’ training data shows a clear change in procurement strategies. Individual course purchases have declined by 33%, while team-based subscription models have surged, […]

The post From Solo to Squad: The Evolution of Cyber Security Training in the AI Era appeared first on Check Point Blog.

Overview This report documents a large-scale phishing campaign in which attackers abused legitimate software-as-a-service (SaaS) platforms to deliver phone-based scam lures that appeared authentic and trustworthy. Rather than spoofing domains or compromising services, the attackers deliberately misused native platform functionality to generate and distribute emails that closely resembled routine service notifications, inheriting the trust, reputation, and authentication posture of well-known SaaS providers. The campaign generated approximately 133,260 phishing emails, impacting 20,049 organizations. It is part of a broader and rapidly escalating trend in which attackers weaponize trusted brands and native cloud workflows to maximize delivery, credibility, and reach. Observed brands […]

The post SaaS Abuse at Scale: Phone-Based Scam Campaign Leveraging Trusted Platforms appeared first on Check Point Blog.

Executive Summary Check Point Research uncovered highly targeted cyber espionage campaigns aimed at government and law enforcement agencies across the ASEAN region throughout 2025. The activity is attributed to Amaranth-Dragon, a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem. The group weaponized newly disclosed vulnerabilities within days, including a critical WinRAR flaw, and paired them with lures tied to real-world political and security events. These operations demonstrate state-level discipline and precision, using country-restricted infrastructure, trusted cloud services, and stealthy tooling to quietly collect intelligence. A New Cyber Espionage Campaign Unfolds in Southeast Asia […]

The post Amaranth-Dragon: Targeted Cyber Espionage Campaigns Across Southeast Asia appeared first on Check Point Blog.

Check Point® Software Technologies today announced the 2025 Check Point Software Technologies EMEA Partner Award Winners, recognizing outstanding partners across the region who continue to deliver AI‑powered, prevention‑first cyber security outcomes for customers. The winners were honoured during the Check Point Software Technologies EMEA Sales Kickoff event in Vienna, attended by more than 1,000 employees and partners. As the cyber threat landscape across Europe, the Middle East, and Africa continues to accelerate in sophistication — driven by AI‑enhanced attacks, hybrid‑cloud complexity, and increasing regulatory pressure — these top‑performing partners delivered exceptional value, helping organizations strengthen resilience through AI‑powered, prevention‑first security. […]

The post Celebrating the 2025 Check Point Software EMEA Partner Award Winners — Recognizing Excellence Across the Region appeared first on Check Point Blog.

The financial sector experienced an unprecedented rise in cyber incidents in 2025, with attacks more than doubling from 864 in 2024 to 1,858 in 2025. This acceleration reflects a dramatic shift in threat actor behavior, ranging from ideologically-motivated disruptions to commercialized cyber crime as a service. Below is a concise snapshot of the three dominant trends before we unpack them in detail. Quick Overview of Key Trends DDoS attacks surged 105%, driven by coordinated hacktivist campaigns targeting high visibility financial platforms and services. Data breaches & leaks jumped 73%, exposing persistent weaknesses in cloud security, identity governance, and third party […]

The post The Three Most Disruptive Cyber Trends Impacting the Financial Industry Today appeared first on Check Point Blog.

At Check Point, our partners are more than collaborators. They are the driving force behind our customers’ success, our innovation, and our ability to stay ahead of today’s rapidly evolving cyber threat landscape. This year, we are thrilled to recognize an extraordinary group of partners who demonstrated exceptional performance, growth, technical excellence, and commitment to helping organizations stay secure. These awards celebrate not just results, but leadership, trust, and the relentless pursuit of excellence. We are proud to announce the 2025 Americas Partner Award winners: Partner of the Year: World Wide Technology Latin America Partner of the Year: NTSec Group […]

The post Celebrating Check Point’s 2025 Americas Partner Award Winners appeared first on Check Point Blog.

Security programs are being asked to defend increasingly complex environments against cyber attacks that are faster, more automated, and harder to isolate. The past year of attacks reveals a measurable shift in how adversaries operate, coordinate, and scale across enterprise environments.  The Cyber Security Report 2026 is based on direct analysis of global attack activity spanning AI driven attacks, ransomware operations, hybrid environments, and multi channel social engineering. It documents how these techniques are being executed in practice, at scale, across industries and regions. The data points to a clear pattern. Attacks have moved beyond isolated methods, deliberately combining AI, identity abuse, ransomware, edge […]

The post The Trends Defining Cyber Security in 2026: Cyber Security Report 2026 appeared first on Check Point Blog.

The cyber security industry faces a critical challenge: a growing skills gap that leaves organizations exposed to increasingly sophisticated threats. Businesses need qualified professionals who can secure systems and respond effectively, but finding and training those experts remains a global concern. To address this challenge, Infinity Global Services, which delivers practical learning designed to build real-world cyber security expertise, has partnered with CompTIA, a global leader in IT and cyber security education. This collaboration combines Infinity Global Services’ hands-on training approach with CompTIA’s globally recognized certifications, creating a powerful pathway for professionals to advance their careers and organizations to build […]

The post Closing the Cyber Security Skills Gap: Check Point Partners with CompTIA appeared first on Check Point Blog.

Cyber security is often framed as a problem for enterprises, governments, and seasoned professionals. But by the time organizations begin searching for talent, the damage has often already been done. Threat actors don’t wait for workforce pipelines to catch up and our approach to cyber security education shouldn’t either. Today’s digital threats target schools, hospitals, municipalities, and small businesses just as aggressively as large enterprises. Ransomware attacks shut down classrooms. Phishing campaigns exploit young users as easily as experienced employees. Yet cyber security education is still treated as a late-stage specialization, introduced only when individuals enter the workforce or pursue […]

The post Building Cyber Readiness Early: Why Youth Education Is a Security Necessity appeared first on Check Point Blog.

Check Point Research is tracking an active phishing campaign involving KONNI, a North Korea-affiliated threat actor active since at least 2014. Historically, KONNI focused on South Korean diplomatic, academic, and government-linked targets, using geopolitical themes as phishing lures. This latest activity marks a clear shift. In the current campaign, KONNI targets software developers and engineering teams, particularly those involved in blockchain and cryptocurrency projects. The lures are designed to resemble legitimate project documentation, indicating an effort to compromise individuals with access to valuable technical infrastructure rather than traditional political targets. The campaign stands out for two reasons: its expanded geographic […]

The post AI-Powered North Korean Konni Malware Targets Developers appeared first on Check Point Blog.

Overview This report describes a phishing campaign in which attackers abuse Microsoft Teams functionality to distribute phishing content that appears to originate from legitimate Microsoft services. The attack leverages guest invitations and phishing-themed team names to impersonate billing and subscription notifications, encouraging victims to contact a fraudulent support phone number. Campaign scale Total phishing messages: 12,866 Daily average: 990 Affected customers: 6,135 Method of attack The attacker begins by creating a new team in Microsoft Teams and assigning it a malicious, finance-themed name designed to resemble an urgent billing or subscription notice. An example of the naming pattern observed includes […]

The post Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users appeared first on Check Point Blog.