@_CPResearch_ profile picture
Check Point Research @_CPResearch_

Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team.

Joined April 2018
  • Tweets 591
  • Following 120
  • Followers 25,101
139 Photos and videos
Lookalike Ghidra, dnSpy, and other download sites turned trusted clicks into TDS redirects. CPR found click hijacking, gated routing, and multiple malware families downstream — including an evasive, previously undocumented framework we call SessionGate. research.checkpoint.com/2026…

Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem - Check Point...

Research by: Alexey Bukhteyev Key Takeaways Introduction When we search Google for a popular piece of software, we usually click the first result, sometimes without even looking at the rest, because...

research.checkpoint.com
1
25
43
6,502
Iranian threat actor #NimbusManticore rapidly developed its tooling, introducing the AI-assisted MiniFast backdoor and new delivery methods including trojanized software and SEO-poisoned sites. Read More --> research.checkpoint.com/2026…

Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict - Check Point Research

Key Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations....

research.checkpoint.com
2
29
82
9,475
"The Gentlemen" ran a tight RaaS operation. Then they got breached. CPR analyzed the full leak: org structure, access brokers, active CVEs, victim comms, and financials. Real operators, real tradecraft, fully exposed. research.checkpoint.com/2026…

Thus Spoke…The Gentlemen - Check Point Research

Key Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground...

research.checkpoint.com
1
66
181
47,635
VECT RaaS is making headlines via partnerships with BreachForums and TeamPCP. Behind the polished image is a weak operator: the ransomware is bug-ridden, poorly built, and most encrypted files aren’t fully recoverable, even with the decryption key. research.checkpoint.com/2026…

VECT: Ransomware by design, Wiper by accident - Check Point Research

Key Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first...

research.checkpoint.com
30
96
30,579
Rare glimpse behind the 2nd most dangerous RaaS for 2026, publicly claiming 225 victims. CP<r> shares behind-the-scenes details that reveal the real number is potentially over 1,570 victims. research.checkpoint.com/2026…

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy - Check Point Research

Key Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple...

research.checkpoint.com
1
34
128
29,605
⚠️ Iranian APT conducts a wide M365 password spray campaign - focus on Israeli and UAE orgs 🌐TOR used to scan and spray, Israeli VPN infrastructure used for successful logins 🏙️ Israeli municipalities - key focus, likely for missiles BDA Read more : blog.checkpoint.com/research…

Iran‑Nexus M365 Password Spray Campaign in the Middle East

Iran‑linked actor targets Microsoft 365 tenants—mainly Israel and UAE—in password‑spraying waves; guidance to detect and mitigate.

blog.checkpoint.com
16
60
9,414
Operation TrueChaos Zero-day exploited in the wild by Chinese-nexus actor 💥 TrueConf client CVE-2026-3502 🌏 Southeast Asian government entities 🧰 Havoc C2, DLL sideloading, UAC bypass Read more : research.checkpoint.com/2026…

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets - Check Point...

Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf...

research.checkpoint.com
26
75
9,445
One malicious prompt was enough. We found a way to turn ChatGPT into a covert data exfiltration channel. No warning. No approval. research.checkpoint.com/2026…

ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime - Check Point...

Key Takeaways What Happened AI assistants now handle some of the most sensitive data people own. Users discuss symptoms and medical history. They ask questions about taxes, debts, and personal...

research.checkpoint.com
39
78
9,750
🎯Yesterday, “Handala Hack,” operated by MOIS-affiliated threat actor, expanded its disruptive operations into the US 👁️ After years of tracking its activity, we’re sharing the latest and most common TTPs of to this actor: Void Manticore Read More : research.checkpoint.com/2026…

“Handala Hack” - Unveiling Group's Modus Operandi - Check Point Research

Key Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack...

research.checkpoint.com
57
165
19,639
🦹Iranian actors are using ransomware affiliate programs, stealers, and MaaS to expand their reach and capabilities. 🔖Dive in to see how these threat actors leverage the cybercrime ecosystem to pursue strategic goals while complicating attribution: research.checkpoint.com/2026…

Iranian MOIS Actors & the Cyber Crime Connection - Check Point Research

Iran‑linked MOIS threat actors increasingly leverage cybercrime tools, malware, and ransomware ecosystems to enhance capability, obscure attribution, and advance state objectives.

research.checkpoint.com
2
37
123
20,299
🚨ALERT🚨 Gulf countries, Cyprus & Israel - A massive wave of IP camera scanning and exploitation from Iran-linked infrastructure. ✅ Patch to the latest version 🔐 Enforce strong, unique passwords and restrict external access Read More : research.checkpoint.com/2026…
2
31
78
11,263
#SilverDragon is a new threat cluster with ties to #APT41. 🎯Activity across Asia & Europe, exploiting internet-facing servers and running targeted phishing. ☁️New .NET implants alongside Cobalt Strike and abuse of cloud services for C2. Read more -> research.checkpoint.com/2026…

Silver Dragon Targets Organizations in Southeast Asia and Europe - Check Point Research

Key Findings Introduction In recent months, Check Point Research (CPR) has been tracking a sophisticated, Chinese-aligned threat group whose activity demonstrates operational correlation with...

research.checkpoint.com
53
142
15,257
📜🤫2025: The Untold Stories of Check Point Research Zero-days, wipers, election interference - much of what we uncover never makes it into public reports. From #APT36 to #MuddyWater, #COLDRIVER to #FlaxTyphoon, here's what we tracked across every region. research.checkpoint.com/2026…

2025: The Untold Stories of Check Point Research - Check Point Research

Introduction Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated...

research.checkpoint.com
18
52
8,672
AI tools are now part of the attack surface. CPR demonstrated “AI as a proxy”: Grok & Copilot can be steered to fetch attacker URLs and relay C2. Pair that with AI-driven malware, and you get prompt-powered implants that adapt at runtime. research.checkpoint.com/2026…

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks -...

Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly...

research.checkpoint.com
1
23
43
8,788
In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. research.checkpoint.com/2026…

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia - Check...

Key Points Introduction Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized...

research.checkpoint.com
1
39
123
17,750
Cyber Security Report 2026 📣 Check Point Research breaks down how 2025 reshaped the threat landscape: Multi-Channel social engineering, Geopolitical conflicts, Chinese-nexus threat actors, Ransomware, and more. Plus stats you'll want to see📊 Download: research.checkpoint.com/2026…

Cyber Security Report 2026 - Check Point Research

Check Point's flagship report delivers industry leading intelligence shaping the decisions security leaders will make in 2026

research.checkpoint.com
17
34
7,318
Load more