Check Point Research has identified a new group of Iranian hackers using a modular command and control (C2) framework called Cavern Manticore. This group shows tactical similarities to other known hacking organizations like MuddyWater and Lyceum. Their activities have primarily targeted Israeli organizations, raising concerns about the potential for increased cyberattacks in the region. The modular nature of their framework suggests that the hackers can easily adapt and evolve their tactics, making it challenging for defenders to keep up. This development underscores the ongoing cyber threats facing critical infrastructure and organizations in Israel.
Researchers at Check Point have identified a new hacking group named 'Cavern Manticore' that is specifically targeting Israeli government entities and the IT sector. This group is believed to have ties to Iran, which raises concerns about the geopolitical implications of such cyber activities. The attacks are part of a broader trend where state-sponsored groups engage in cyber espionage and disruption, particularly against nations they view as adversaries. The targeting of government and IT sectors suggests that sensitive data and infrastructure could be at risk, prompting heightened vigilance among organizations in these areas. It’s crucial for companies to increase their security measures to protect against potential breaches and data theft.
Check Point Research has reported a significant rise in the registration of Amazon-themed domains, with 6,843 new domains registered between December and May. Alarmingly, nearly 10% of these domains have been flagged as malicious or suspicious. This spike coincides with Amazon Prime Day, a time when many consumers are actively shopping online, making them prime targets for cybercriminals. The increase in malicious domains could lead to phishing attempts and scams, putting users' personal and financial information at risk. As shoppers gear up for sales events, researchers urge users to be vigilant and verify the authenticity of websites before making purchases.
Recent research from Check Point has revealed that the command-and-control server associated with the SystemBC malware has been connected to over 1,570 victims of The Gentlemen ransomware operation. SystemBC is a type of proxy malware that allows attackers to establish network tunnels for malicious activities. This discovery underscores the scale of the threat posed by this ransomware-as-a-service operation, which has been actively targeting various organizations. The findings indicate that victims may be vulnerable to further exploitation, as the botnet can facilitate additional attacks. Organizations need to be vigilant and take steps to secure their networks against such threats.
In March 2026, cybersecurity researchers from Check Point reported a significant concentration of ransomware attacks, with nearly half attributed to three specific groups. Qilin led the charge, responsible for 20% of the 672 attacks. Following them was Akira, accounting for 12%, and Dragonforce RaaS, which was linked to 8% of the incidents. This concentrated activity raises alarms for businesses and organizations, as it indicates that a small number of groups are driving a large portion of ransomware incidents. Companies need to bolster their defenses against these specific threats to protect their data and systems.
In March, three ransomware groups—Qilin, Akira, and Dragonforce—were responsible for a significant portion of cyberattacks, accounting for 40% of the 672 ransomware incidents reported, according to research from Check Point. This spike emphasizes the ongoing challenge organizations face from these malicious actors. The rise in activity from these specific gangs suggests a concentrated threat that could impact various sectors, as ransomware continues to be a lucrative avenue for cybercriminals. Companies and users need to stay vigilant and enhance their cybersecurity measures to protect against potential attacks. This situation serves as a reminder of the importance of regular system updates and employee training on recognizing phishing attempts, which are often the gateway for these types of attacks.
Researchers from Check Point have identified a vulnerability in ChatGPT that could allow a malicious user to exploit a hidden outbound channel within the platform's code execution runtime. They found that a single, specially crafted prompt could trigger this channel, potentially leading to unauthorized data leakage. This issue raises concerns for users and organizations relying on ChatGPT for various applications, as it could expose sensitive information. Following the discovery, OpenAI has patched the vulnerability to address this security flaw. Users of ChatGPT should ensure they are using the latest version to benefit from the fix and safeguard their data.
OpenAI recently addressed a security vulnerability that allowed potential data theft through a single prompt in ChatGPT. According to Check Point, the issue stemmed from a DNS loophole, which could have been exploited by malicious users. This vulnerability could have led to unauthorized access to sensitive information, raising concerns about user privacy and data security. OpenAI's prompt fix is an important step in protecting users, especially as AI tools become more integrated into daily tasks. The incident underscores the need for continuous vigilance in securing AI systems against emerging threats.
Recent data from Check Point reveals that cyber-attacks on UK firms are escalating at a rate four times faster than the global average. This surge in attacks raises significant concerns for businesses operating in the UK, as they face increased risks and potential disruptions. The findings suggest that UK companies must enhance their cybersecurity measures to protect sensitive data and maintain operational integrity. The alarming trend may also indicate a shift in the focus of cybercriminals towards UK-based targets, making it crucial for organizations to stay vigilant and informed about emerging threats. As the landscape evolves, understanding these patterns can help firms better prepare for future challenges.
In 2025, a group of hackers believed to be linked to China, known as Amaranth-Dragon, launched cyber-espionage campaigns targeting various government and law enforcement agencies in Southeast Asia. Countries affected include Thailand, Indonesia, and Singapore. This activity is associated with the APT41 ecosystem, which has a history of conducting similar operations. The implications of these attacks are significant, as they threaten national security and the integrity of sensitive governmental data. Researchers emphasize the need for enhanced cybersecurity measures among the affected nations to protect against ongoing and future threats.
Researchers at Check Point have linked an active phishing campaign to the North Korean hacking group KONNI, also known by several other names. This campaign specifically targets software developers and engineers, using deceptive emails that present fake documentation related to blockchain projects. The attackers are employing an AI-generated PowerShell backdoor to infiltrate systems. This tactic not only showcases the group's evolving methods but also raises concerns about the security of developers working in the rapidly growing blockchain sector. The implications are significant, as successful compromises could lead to data theft and further exploitation of vulnerabilities within the tech community.
A new malware framework called VoidLink has been identified as a sophisticated threat targeting Linux systems. Research from Check Point indicates that this framework was likely developed by an individual with the help of artificial intelligence. The malware has reached an impressive 88,000 lines of code, showcasing its complexity and potential for damage. The findings also reveal operational security mistakes made by the author, which provided insights into its creation. This development is concerning for Linux users and organizations, as it points to an increasingly advanced and potentially widespread malware landscape.
Check Point Research has reported a significant increase in attacks exploiting a vulnerability in HPE OneView, a management tool for Hewlett Packard Enterprise systems. The Linux-based RondoDox botnet is behind this wave of attacks, which raises concerns for organizations using HPE's software. The vulnerability allows attackers to take control of affected systems, potentially leading to data breaches or service disruptions. Companies using HPE OneView should take immediate action to secure their systems. The situation emphasizes the ongoing risk that vulnerabilities pose to enterprise environments and the need for timely patching and vigilance against emerging threats.
Check Point has discovered a large-scale scam operation that uses artificial intelligence, referred to as the 'Truman Show.' This operation appears to simulate a reality show, drawing in unsuspecting investors with promises of high returns. Victims are led to believe they are part of a legitimate investment scheme, but in reality, their money is being funneled into fraudulent accounts. The sophisticated use of AI in this scam highlights a worrying trend in cybercrime, where technology is exploited to manipulate and deceive individuals. Such scams not only cause financial loss for victims but also erode trust in legitimate investment platforms.
Researchers have discovered a phishing campaign that leverages Google Cloud Application Integration to send emails that mimic legitimate messages from Google. This scheme uses a combination of trusted cloud services, user validation checks, and brand impersonation to trick users into believing the emails are authentic. The attackers aim to capture sensitive information by exploiting the trust associated with Google’s brand. This incident raises concerns for both individuals and organizations that rely on Google services, as it highlights the vulnerabilities in cloud-based email systems. Users are advised to be cautious and verify the authenticity of emails, especially those requesting sensitive data or actions.