VulnHub

In March 2026, cybersecurity researchers from Check Point reported a significant concentration of ransomware attacks, with nearly half attributed to three specific groups. Qilin led the charge, responsible for 20% of the 672 attacks. Following them was Akira, accounting for 12%, and Dragonforce RaaS, which was linked to 8% of the incidents. This concentrated activity raises alarms for businesses and organizations, as it indicates that a small number of groups are driving a large portion of ransomware incidents. Companies need to bolster their defenses against these specific threats to protect their data and systems.

In March, three ransomware groups—Qilin, Akira, and Dragonforce—were responsible for a significant portion of cyberattacks, accounting for 40% of the 672 ransomware incidents reported, according to research from Check Point. This spike emphasizes the ongoing challenge organizations face from these malicious actors. The rise in activity from these specific gangs suggests a concentrated threat that could impact various sectors, as ransomware continues to be a lucrative avenue for cybercriminals. Companies and users need to stay vigilant and enhance their cybersecurity measures to protect against potential attacks. This situation serves as a reminder of the importance of regular system updates and employee training on recognizing phishing attempts, which are often the gateway for these types of attacks.

In 2025, a group of hackers believed to be linked to China, known as Amaranth-Dragon, launched cyber-espionage campaigns targeting various government and law enforcement agencies in Southeast Asia. Countries affected include Thailand, Indonesia, and Singapore. This activity is associated with the APT41 ecosystem, which has a history of conducting similar operations. The implications of these attacks are significant, as they threaten national security and the integrity of sensitive governmental data. Researchers emphasize the need for enhanced cybersecurity measures among the affected nations to protect against ongoing and future threats.

Researchers at Check Point have linked an active phishing campaign to the North Korean hacking group KONNI, also known by several other names. This campaign specifically targets software developers and engineers, using deceptive emails that present fake documentation related to blockchain projects. The attackers are employing an AI-generated PowerShell backdoor to infiltrate systems. This tactic not only showcases the group's evolving methods but also raises concerns about the security of developers working in the rapidly growing blockchain sector. The implications are significant, as successful compromises could lead to data theft and further exploitation of vulnerabilities within the tech community.

Check Point Research has reported a significant increase in attacks exploiting a vulnerability in HPE OneView, a management tool for Hewlett Packard Enterprise systems. The Linux-based RondoDox botnet is behind this wave of attacks, which raises concerns for organizations using HPE's software. The vulnerability allows attackers to take control of affected systems, potentially leading to data breaches or service disruptions. Companies using HPE OneView should take immediate action to secure their systems. The situation emphasizes the ongoing risk that vulnerabilities pose to enterprise environments and the need for timely patching and vigilance against emerging threats.

Check Point has discovered a large-scale scam operation that uses artificial intelligence, referred to as the 'Truman Show.' This operation appears to simulate a reality show, drawing in unsuspecting investors with promises of high returns. Victims are led to believe they are part of a legitimate investment scheme, but in reality, their money is being funneled into fraudulent accounts. The sophisticated use of AI in this scam highlights a worrying trend in cybercrime, where technology is exploited to manipulate and deceive individuals. Such scams not only cause financial loss for victims but also erode trust in legitimate investment platforms.

Researchers have discovered a phishing campaign that leverages Google Cloud Application Integration to send emails that mimic legitimate messages from Google. This scheme uses a combination of trusted cloud services, user validation checks, and brand impersonation to trick users into believing the emails are authentic. The attackers aim to capture sensitive information by exploiting the trust associated with Google’s brand. This incident raises concerns for both individuals and organizations that rely on Google services, as it highlights the vulnerabilities in cloud-based email systems. Users are advised to be cautious and verify the authenticity of emails, especially those requesting sensitive data or actions.

A recent report from Check Point Research reveals a troubling trend of cyber criminals targeting company insiders to gain unauthorized access to sensitive information. Hackers are using platforms like the darknet and Telegram to recruit employees from major organizations, including banks, telecom companies, and tech firms. They are reportedly offering payments of up to $15,000 for insider access to companies such as Apple, Coinbase, and the Federal Reserve. This practice raises significant security concerns, as it can lead to data breaches and financial losses for these organizations. Companies must be vigilant about insider threats and implement stronger security measures to protect against this growing risk.