Check Point Research

For the latest discoveries in cyber research for the week of 24th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The notorious “Scattered LAPSUS$ Hunters” group claimed responsibility for a supply-chain attack involving the Salesforce-integrated platform Gainsight. The group stated that data from 300 organizations was compromised, including Verizon, GitLab and Atlassian. The post 24th November – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 17th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Cl0p’s Oracle E-Business Suite (CVE-2025-61882) zero-day campaign continues to expand. There are new confirmed breaches at The Washington Post, Logitech, Allianz UK, and GlobalLogic, as well as a newly listed but unconfirmed The post 17th November – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Ransomware in Q3 2025: RaaS fragmentation increases and Lockbit is back During the third quarter of 2025, we monitored more than 85 active data leak sites (DLS) that collectively listed 1,592 new victims. Compared to the 1,607 victims reported in Q2 2025, the publication rate remained stable though it is still notably higher The post The State of Ransomware – Q3 2025 appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 10th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Congressional Budget Office (CBO) has confirmed a cyber attack that resulted in a suspected foreign threat actor breaching its network and potentially exposing sensitive communications between congressional offices and CBO The post 10th November – Threat Intelligence Report appeared first on Check Point Research.

By: Dikla Barda, Roaman Zaikin & Oded Vanunu  On November 3, 2025, Check Point Research’s blockchain monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. The attacker exploited arithmetic precision loss in pool invariant calculations to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a rounding error The post How an Attacker Drained $128M from Balancer Through Rounding Error Exploitation appeared first on Check Point Research.

By Andrey Charikov and Oded Vanunu Key Findings: Launched in March 2017, Microsoft Teams has become one of the most widely used communication and collaboration platforms in the world. As part of the Microsoft 365 family, Teams provides workplaces with chat, video conferencing, file storage, and application integration to more than 320 million monthly active The post Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed appeared first on Check Point Research.

Research by: Alexey Bukhteyev Key takeaways Introduction XLoader is a widely observed malicious loader with information-stealing capabilities. It first surfaced in 2020 as a rebrand of the FormBook code base, a well-known and capable information stealer, and has since undergone substantial hardening and feature growth. In addition to the Windows variant, its developers also marketed The post Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 3rd November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Everest ransomware group has claimed responsibility for a series of attacks impacting AT&T, Dublin Airport, and Air Arabia. The ransomware gang exfiltrated sensitive data including 576,000 AT&T applicant records, 1.5 million The post 3rd November – Threat Intelligence Report appeared first on Check Point Research.

Background Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. These are the vulnerabilities: Vulnerability disclosures such as these highlight the need for proactive measures to mitigate potential risks. The post Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 27th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Toys “R” Us Canada has suffered a data breach that resulted in stolen customer records being leaked on the dark web. The compromised data affects an undisclosed number of individuals and includes The post 27th October – Threat Intelligence Report appeared first on Check Point Research.

Research by: Antonis Terefos (@Tera0017) Key Points Introduction In recent years, threat actors have continuously adapted their tactics to discover new and effective methods for malware distribution. While email remains one of the most prominent infection vectors, its effectiveness has diminished due to widespread deployment of security solutions and increased user awareness. Consequently, attackers have sought The post Dissecting YouTube’s Malware Distribution Network appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 20th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES F5 has disclosed a cyber attack, reportedly carried out by a nation-state actor with long-term, persistent access to critical product development environments. The attacker exfiltrated files that included portions of BIG-IP source The post 20th October – Threat Intelligence Report appeared first on Check Point Research.

Summary Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. We promptly reported this issue to Microsoft and they fixed the vulnerability starting with OS Build 26100.4202 in the KB5058499 update preview released on May 28th 2025. In the following sections, we The post Denial of Fuzzing: Rust in the Windows kernel appeared first on Check Point Research.