Check Point Research

Key findings Introduction For the last few years, Check Point Research has been monitoring the activity of the Iranian APT group, Educated Manticore. This group aligns with activity tracked by the wider security community as APT42, Charming Kitten, or Mint Sandstorm, and is believed to operate on behalf of the Islamic Revolutionary Guard Corps’ Intelligence The post Iranian Educated Manticore Targets Leading Tech Academics appeared first on Check Point Research.

In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism — an attempted prompt injection (”Ignore all previous instructions…”) aimed to manipulate AI models processing the sample. The sample gives the impression of an isolated component or an experimental proof-of-concept, and we can only speculate The post In the Wild: Malware Prototype with Embedded Prompt Injection appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Scania, a Swedish manufacturer of heavy trucks and engines, has suffered a data breach that resulted in the theft of insurance claim documents from its Financial Services systems via compromised credentials of The post 23rd June – Threat Intelligence Report appeared first on Check Point Research.

Research by: Jaromír Hořejší (@JaromirHorejsi), Antonis Terefos (@Tera0017) Key Points Introduction Minecraft is a popular video game with a massive global player base, with over 200 million monthly active players. The game has also sold over 300 million copies, making it one of the best-selling video games ever. Minecraft supports mods (user-created modifications), which enrich the The post Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES One of South Korea’s largest ticketing platforms Yes24 has been a victim of a ransomware attack that resulted in a four-day service outage, disrupting online bookings for concerts, e-book access, and community The post 16th June – Threat Intelligence Report appeared first on Check Point Research.

Key Takeaways Introduction Discord is a heavily used, widely trusted platform favored by gamers, communities, businesses and others who need to connect securely and quickly. But what if your trusted platform unknowingly becomes a trap? Check Point Research uncovered a flaw in Discord’s invitation system which allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting The post From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery appeared first on Check Point Research.

Notorious APT group, Stealth Falcon, attacks high-profile targets in the Middle East with a .url file that uses a LOLBin (Living off the Land Binary) to execute malware from an actor-controlled WebDAV server with a technique we named Remote Path Interception by Search Order Hijacking. The post CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American tax company, Optima Tax Relief, has disclosed a ransomware attack that resulted in the theft of 69GB of sensitive data, including corporate records and customer case files containing personal information such The post 9th June – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 2nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES IT management software company ConnectWise confirmed that a sophisticated nation-state cyberattack had compromised its environment, affecting a limited number of customers using its ScreenConnect remote access tool. The company launched a forensic The post 2nd June – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Cellcom, a Wisconsin-based wireless provider, has been impacted by a cyberattack that resulted in widespread outages of voice and SMS services beginning on May 14, 2025. The incident disrupted communication for customers The post 26th May – Threat Intelligence Report appeared first on Check Point Research.

​   The post The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 19th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Fashion giant Dior confirmed a data breach that exposed customer information from its Fashion and Accessories line. The leaked data includes names, gender, phone numbers, email addresses, postal addresses, and purchase history The post 19th May – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 12th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The UK’s Legal Aid Agency has suffered a cyberattack. The agency, which operates under the Ministry of Justice to provide billions in legal aid funding, has stated that financial information relating to The post 12th May – Threat Intelligence Report appeared first on Check Point Research.