Check Point Research

Key Points Introduction Following our VIEW8 publication, an open source tool for analysis of Compiled JavaScript files (JSC), we are continuously tracking the usage of such files by threat actors. Among the threats we identified, a significant campaign caught our attention, which we call JSCEAL. The campaign, which impersonates common crypto trading apps, has been active since […]

The post Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 28th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Energy Department, including its National Nuclear Security Administration (NNSA), was reportedly breached as part of a Microsoft SharePoint vulnerability exploit. The breach was linked to a broader espionage campaign, that […]

The post 28th July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 21st July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Luxury retailer Louis Vuitton has suffered a cyber-attack that resulted in the exfiltration of certain personal data of customers from the UK, South Korea, Turkey, Italy, and Sweden after unauthorized access to […]

The post 21st July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 14th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES McDonald’s has suffered a data breach that resulted in the exposure of chat transcripts, session tokens, and personal data from more than 64 million job applications submitted through its AI powered McHire […]

The post 14th July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 6th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Criminal Court (ICC) disclosed a sophisticated cyber‐security incident in late June 2025, its second such event in recent years. The intrusion, which occurred in June 2025, was promptly detected and […]

The post 7th July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grocery giant Ahold Delhaize has disclosed a data breach that resulted in the theft of personal, financial, employment, and health information belonging to over 2.2 million individuals from its American business systems. […]

The post 30th June – Threat Intelligence Report appeared first on Check Point Research.

Key findings Introduction For the last few years, Check Point Research has been monitoring the activity of the Iranian APT group, Educated Manticore. This group aligns with activity tracked by the wider security community as APT42, Charming Kitten, or Mint Sandstorm, and is believed to operate on behalf of the Islamic Revolutionary Guard Corps’ Intelligence […]

The post Iranian Educated Manticore Targets Leading Tech Academics appeared first on Check Point Research.

In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism — an attempted prompt injection (”Ignore all previous instructions…”) aimed to manipulate AI models processing the sample. The sample gives the impression of an isolated component or an experimental proof-of-concept, and we can only speculate […]

The post In the Wild: Malware Prototype with Embedded Prompt Injection appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Scania, a Swedish manufacturer of heavy trucks and engines, has suffered a data breach that resulted in the theft of insurance claim documents from its Financial Services systems via compromised credentials of […]

The post 23rd June – Threat Intelligence Report appeared first on Check Point Research.

Research by: Jaromír Hořejší (@JaromirHorejsi), Antonis Terefos (@Tera0017) Key Points Introduction Minecraft is a popular video game with a massive global player base, with over 200 million monthly active players. The game has also sold over 300 million copies, making it one of the best-selling video games ever. Minecraft supports mods (user-created modifications), which enrich the […]

The post Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES One of South Korea’s largest ticketing platforms Yes24 has been a victim of a ransomware attack that resulted in a four-day service outage, disrupting online bookings for concerts, e-book access, and community […]

The post 16th June – Threat Intelligence Report appeared first on Check Point Research.

Key Takeaways Introduction Discord is a heavily used, widely trusted platform favored by gamers, communities, businesses and others who need to connect securely and quickly. But what if your trusted platform unknowingly becomes a trap? Check Point Research uncovered a flaw in Discord’s invitation system which allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting […]

The post From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery appeared first on Check Point Research.

Notorious APT group, Stealth Falcon, attacks high-profile targets in the Middle East with a .url file that uses a LOLBin (Living off the Land Binary) to execute malware from an actor-controlled WebDAV server with a technique we named Remote Path Interception by Search Order Hijacking.

The post CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such […]

The post 9th June – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 2nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES IT management software company ConnectWise confirmed that a sophisticated nation-state cyberattack had compromised its environment, affecting a limited number of customers using its ScreenConnect remote access tool. The company launched a forensic […]

The post 2nd June – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Cellcom, a Wisconsin-based wireless provider, has been impacted by a cyberattack that resulted in widespread outages of voice and SMS services beginning on May 14, 2025. The incident disrupted communication for customers […]

The post 26th May – Threat Intelligence Report appeared first on Check Point Research.

​

The post The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 19th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Fashion giant Dior confirmed a data breach that exposed customer information from its Fashion and Accessories line. The leaked data includes names, gender, phone numbers, email addresses, postal addresses, and purchase history […]

The post 19th May – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 12th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The UK’s Legal Aid Agency has suffered a cyberattack. The agency, which operates under the Ministry of Justice to provide billions in legal aid funding, has stated that financial information relating to […]

The post 12th May – Threat Intelligence Report appeared first on Check Point Research.

Key Takeaways Introduction In recent years, cryptocurrency scams have evolved into a highly organized business model known as “Drainer-as-a-Service.” Within this model, developers create specialized set of malicious scripts, smart contracts, and infrastructure enabling other cyber criminals to efficiently steal cryptocurrency from users’ wallets. Attackers simply need to set up a phishing website and embed […]

The post Inferno Drainer Reloaded: Deep Dive into the Return of the Most Sophisticated Crypto Drainer appeared first on Check Point Research.