The rise of GenAI has pushed social engineering and phishing to new levels. What once required manual effort can now be generated in seconds, resulting in hyper-personalized messages, cloned executive voices, and even realistic video impersonations. Deepfake incidents have already moved from online curiosity to real business risk, driving financial loss and operational disruption in organizations worldwide.  On everyday collaboration platforms, verifying identity has become increasingly difficult. Real-time face and voice cloning remove many traditional warning signs, making scams harder to spot than ever. As the threat landscape shifts, organizations need modern defenses and smarter awareness programs designed for the realities of the AI era.  Check Point Services has recently expanded its training portfolio to help […]

The post Augmented Phishing: Social Engineering in the Age of AI appeared first on Check Point Blog.

Global Attack Volumes Remain Elevated Worldwide  In February 2026, global cyber attack activity remained near record levels, confirming that elevated attack volumes are becoming the new normal for organizations worldwide. The average number of weekly cyber attacks per organization reached 2,086, representing a 9.6% increase year over year, while remaining essentially flat month over month (-0.2% compared to January 2026). This stabilization at a high baseline reflects a sustained pressure environment rather than a short‑term surge. Despite a slowdown in ransomware activity compared to the same period last year, overall attack volumes continue to rise, driven by automation, expanding digital footprints, and persistent exposure risks linked to enterprise GenAI usage. Check Point Research data shows that February’s […]

The post Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline appeared first on Check Point Blog.

Key Findings Since the recent escalation in the Middle East, Check Point Research has observed increased activity by Chinese-nexus APT actors in the region, particularly targeting Qatar The Chinese-nexus threat actor Camaro Dragon attempted to deploy a variant of PlugX malware against Qatari targets within one day of the launch of Operation Epic Fury and the onset of the escalation in the Middle East The attackers leveraged the ongoing war in the Middle East to make their lures more credible and engaging, demonstrating the ability to rapidly adapt to major developments and breaking news The use of payloads such as […]

The post China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions appeared first on Check Point Blog.

Fragmented products and solutions sprawled across multiple environments create significant visibility gaps, which attackers look for to exploit. To close these gaps, Check Point Services has now introduced CPR Act, an expert‑led unit that covers the entire security lifecycle with continuous intelligence, coordinated action, and clear outcomes. This unified approach eliminates blind spots and ensures that every phase of security feeds into the next, creating a connected and predictable defense.  This elite team of experts brings top researchers, analysts, and responders together to provide organizations with a clear, research‑based insight to act decisively. It operates through four foundational pillars:  Intelligence: […]

The post Introducing CPR Act: A Unified Approach for a Full‑Lifecycle Security appeared first on Check Point Blog.

Recognizing Excellence, Innovation, and Impact Across the Region  Check Point Software Technologies recognized the top partners across the Asia Pacific region, during the Check Point Software Technologies Sales Kickoff APAC event in Bangkok, Thailand, attended by almost 1,000 employees and partners. These awards are handed out to outstanding partners across Asia Pacific who have delivered exceptional customer outcomes, driven sustained growth, and advanced prevention first, AI powered cyber security across the region.   As cyber threats across Asia Pacific continue to intensify in both scale and sophistication — fuelled by AI-driven attacks, expanding hybrid and cloud ecosystems, and growing regulatory and operational complexity across the varied APAC countries, especially around AI, our top-performing partners play a critical role in helping organizations strengthen […]

The post Powering Cyber Resilience Across APAC: Celebrating Check Point’s APAC FY25 Partner Award Winners appeared first on Check Point Blog.

Your whitelist is not a wall. For nation-state attackers, it’s a map, showing exactly who to compromise to get to your assets. $1,788,000,000 STOLEN FROM INSTITUTIONS WITH WHITELISTS, MULTISIGS, AND HARDWARE WALLETS IN PLACE TL;DR When you hold significant assets on a public blockchain, nation-state groups will target you – not if, but when Your whitelist tells attackers exactly which vendors and counterparties to compromise to reach your funds Bybit ($1.5B), WazirX ($235M), and Radiant ($53M) all had whitelists. All were drained through whitelisted entities The correct assumption: every whitelisted address is potentially compromised. Trust must be verified in real […]

The post The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path appeared first on Check Point Blog.

Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia, with additional victims identified in Europe The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns aimed at government entities It maintains long-term persistence by hijacking legitimate Windows services, thus allowing malware processes to blend into normal system activity A custom backdoor, GearDoor, enables covert command-and-control communications via Google Drive, blending malicious traffic with normal cloud usage The campaign remains relevant as attackers continue to abuse trusted enterprise services and legitimate system components to evade detection Based […]

The post Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe appeared first on Check Point Blog.

The CVSS Blind Spot For years, CVSS scores have been the default metric for vulnerability severity. But severity does not equal risk. A CVSS 9.8 vulnerability that is never exploited is less dangerous than a CVSS 6.5 actively used in ransomware campaigns. Yet many organizations still chase the highest scores first, wasting time and leaving real threats exposed. KEV lists help, but they are reactive and often lag behind active exploitation. Attackers move faster than static scoring systems. If your prioritization strategy starts and ends with CVSS, you are playing catch-up. If vulnerability management feels overwhelming, the numbers explain why. […]

The post How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization appeared first on Check Point Blog.

With the current Iran crisis at its peak, cyber activity is a relevant part of the threat picture alongside kinetic and political pressure. Iran’s ecosystem includes multiple clusters aligned with state entities, the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), as well as deniable operators and “hacktivist” groups. This ecosystem supports a broad set of objectives: espionage to gain intelligence and footholds; disruption and destructive activity, including DDoS attacks, pseudo-ransomware, and data wipers to impose costs; and information operations that pair destructive activity or data leaks with coordinated online amplification. This activity is expected to intensify and broaden across the Middle East, the United States, and […]

The post What Defenders Need to Know about Iran’s Cyber Capabilities appeared first on Check Point Blog.

A Practical Q&A Guide for Leaders Navigating NIST, Zero Trust, and AI Governance  Q1. Why does national cyber security feel more urgent than ever?  Answer:  Cyber security is no longer something that happens quietly in server rooms or security operations centers. It now affects fuel availability, hospital operations, elections, financial markets, and public trust.  What has changed is not just the volume of cyber attacks, but their intent. Adversaries are no longer satisfied with stealing data. They are embedding themselves into systems, waiting patiently, and positioning for disruption at moments of national stress. Cloud platforms, AI systems, and operational technology have dramatically expanded the attack […]

The post National Cyber Resilience in the AI Era appeared first on Check Point Blog.

The problem isn’t that we lack threat intelligence. It’s that we lack the right kind of intelligence, intelligence that connects what’s happening inside your environment with what attackers are planning outside it. That’s why two types of threat intelligence matter: internal and external. Alone, each tells part of the story. Together, they create clarity. Why Threat Intelligence Alone Falls Short Most organizations subscribe to multiple threat feeds. They pour in from every direction, generic, fragmented, and often delayed. Instead of clarifying risk, they confuse it. “Organizations still make critical decisions based on incomplete or underrefined threat data.” — Gartner, The […]

The post Two Types of Threat Intelligence That Make Security Work appeared first on Check Point Blog.

In today’s multi-cloud world, businesses deploy workloads across dozens of public and private clouds, each with their own network topology, security controls, and operational quirks. Over time this flexibility comes at a cost of increasing complexity and risk. How can budget minded IT team sanely enforce complex security policies, prevent AI-powered cyber breaches by foreign entities, and maintain geographical compliance across such a diverse environment?  They can do so with a partner that leads with an open garden, agnostic approach. Check Point cloud firewalls, called CloudGuard Network Security, provide integrations across 22 leading public and private cloud vendors from AWS, […]

The post Check Point Named Leader in GigaOm Radar for Cloud Network Security For 3 Years in a Row – Protects 22 Cloud Vendors appeared first on Check Point Blog.

Check Point Research identified a potential future attack technique in which AI assistants with web-browsing capabilities could be abused as covert command-and-control (C2) channels. As AI services become widely adopted and implicitly trusted, their network traffic increasingly blends into normal enterprise activity, expanding the attack surface. AI-enabled C2 could allow attacker communications to evade traditional detection by hiding inside legitimate-looking AI interactions. The same building blocks point toward a broader shift to AI-driven malware, where AI systems influence targeting, prioritization, and operational decisions rather than serving only as development tools. Check Point Research has identified a potential new abuse pattern: […]

The post Using AI for Covert Command-and-Control Channels appeared first on Check Point Blog.

For years, ransomware shaped how UK organizations thought about cyber risk. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16% of all recorded attacks across the region. But volume alone doesn’t explain what changed. The real shift was intent. Attackers didn’t just increase activity; they changed tactics. Disruption overtook monetization. Organizations that spent years preparing for one dominant threat model found themselves exposed to another. A Threat Model That No Longer Fits Reality In 2024, ransomware dominated the UK cyber risk conversation. In 2025, it was no longer the primary attack […]

The post The UK’s Cyber Threat Has Changed. Most Organizations Haven’t. appeared first on Check Point Blog.

As malware evades detection by hiding inside password-protect zip files, new Threat Emulation capabilities enable inspecting and blocking malicious ZIP files without requiring their password. As cyber defenses evolve, so do attacker tactics. One of the most persistent evasion techniques in the wild involves embedding malware inside password-protected ZIP files, making it difficult for traditional security tools to inspect their content. The Challenge: Breaking the Password Delivery Chain Attackers have adapted. Their new strategy? Splitting the delivery path: The malicious ZIP file is sent via email. The password arrives through an out-of-band channel, often SMS or messaging apps. This multi-channel […]

The post Unzipping the Threat: How to Block Malware Hidden in Password-Protected ZIP Files appeared first on Check Point Blog.

AI is moving faster than most security teams can keep up with. As AI reshapes how work gets done, and how attacks are carried out, Check Point believes organizations need to rewire security for the AI era: not by adding more tools, but by rethinking how security is designed and operated when both attackers and defenders use AI. First, security leaders must revalidate their security foundations. AI-driven attacks are faster and more adaptive, so core controls across networks, endpoints, email, SASE, and cloud must be strengthened to keep pace with the proliferation of AI-powered threats. Second, organizations must enable secure […]

The post Securing Your AI Transformation: How Check Point Is Helping Security Teams Keep Control in an AI-First World appeared first on Check Point Blog.

As Valentine’s Day 2026 approaches, people are turning to online shopping, digital dating, and last‑minute gift ideas. Unfortunately, cyber criminals are doing the same. Check Point researchers have identified a sharp rise in Valentine‑themed phishing websites, fraudulent stores, and fake dating platforms designed to steal personal data and payment information. A Seasonal Spike in Valentine-Themed Domains From March to December 2025, new Valentine-related domains averaged 474 per month. But in January 2026, registrations jumped to 696 — a 44% increase. In just the first five days of February, researchers detected 152 additional domains, a further 36% rise in daily average […]

The post Love Is in the Air — and So Are Scammers: Valentine’s Day 2026 Threats to Watch For appeared first on Check Point Blog.

Introduction: Security Testing Must Evolve with Attacks As cyber threats rise, web applications, GenAI workloads, and APIs have become prime targets. WAFs remain a critical first line of defense, but as attackers move beyond basic OWASP Top 10 techniques, WAF testing must evolve. Modern attacks increasingly rely on evasion methods, payload padding, and zero-day techniques designed to bypass signature-based WAFs. The WAF Comparison Project 2026 presents the results of our third annual, real-world evaluation of WAF efficacy (see the last year result here), using over 1 million legitimate requests and 74,000 malicious payloads to assess 14 leading WAF vendors, including […]

The post WAF Security Test Results 2026: Why Prevention-First Matters More Than Ever appeared first on Check Point Blog.

Global Attack Volumes Climb Worldwide In January 2026, the global volume of cyber attacks continued its steady escalation. Organizations worldwide experienced an average of 2,090 cyber‑attacks per organization per week, marking a 3% increase from December and a 17% rise compared to January 2025. This growth reflects a landscape increasingly shaped by the expansion of ransomware activity and mounting data‑exposure risks driven by widespread GenAI adoption. Check Point Research data shows that January’s upward trajectory underscores a persistent and evolving cyber threat environment — one defined by fast‑moving ransomware operations and intensifying GenAI‑related risks. Critical Sectors Face Intensified Pressure The […]

The post Global Cyber Attacks Rise in January 2026 Amid Increasing Ransomware Activity and Expanding GenAI Risks appeared first on Check Point Blog.

Generative AI is transforming cyber defense. Technical expertise remains critical, but AI-driven threats demand more than individual skill – they require the collective intelligence of the organization’s SOC. To understand how businesses are adapting, Infinity Global Services analyzed training consumption trends from 2023 to 2025. The findings reveal a decisive shift from individual courses to team-based subscriptions, signaling a new approach to workforce development in the age of AI. The Data: A Shift in Mindset Infinity Global Services’ training data shows a clear change in procurement strategies. Individual course purchases have declined by 33%, while team-based subscription models have surged, […]

The post From Solo to Squad: The Evolution of Cyber Security Training in the AI Era appeared first on Check Point Blog.