Check Point Research

Research by: Antonis Terefos (@Tera0017) Key Points Introduction The Pure malware family is a suite of malicious tools developed and sold by the author known as PureCoder. This suite includes PureHVNC RAT (a remote administration tool and predecessor to PureRAT), PureCrypter (a malware obfuscator), PureLogs (a stealer/logger), and several other tools. The malicious software is advertised and distributed through underground forums, Telegram channels, and dedicated websites. The post Under the Pure Curtain: From RAT to Builder to Coder appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 15th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Panama’s Ministry of Economy and Finance (MEF) was hit by a ransomware attack that resulted in the theft of more than 1.5TB of data, including emails, financial documents, and budgeting details. The The post 15th September – Threat Intelligence Report appeared first on Check Point Research.

Key Points Yurei Ransomware Check Point Research discovered a new ransomware group on September 5. The group calls themselves Yurei (a sort of spirit in Japanese folklore), and initially listed one victim, a Sri Lankan food manufacturing company, on their darknet blog. These blogs are used by ransomware groups to list their victims, show proofs The post Yurei & The Ghost of Open Source Ransomware appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 8th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES A supply chain breach involving Salesloft’s Drift integration to Salesforce exposed sensitive customer data from multiple organizations, including Cloudflare, Zscaler, Palo Alto Networks, and Workiva. The attackers accessed Salesforce CRM systems via The post 8th September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data The post 1st September – Threat Intelligence Report appeared first on Check Point Research.

Highlights: Introduction While Microsoft Windows has steadily strengthened its security model—through features like Protected Processes (PP/PPL) and enhanced driver verification—threat actors have adapted by shifting their tactics to exploit lower-level weaknesses that bypass these protections without triggering defenses. Among the most effective of these techniques is the abuse of vulnerable kernel-mode drivers, particularly those capable The post Chasing the Silver Fox: Cat & Mouse in Kernel Shadows appeared first on Check Point Research.

Key findings: Introduction Check Point Research (CPR) has been closely monitoring the activity of a highly persistent and sophisticated threat actor who leverages social engineering tactics to gain the trust of targeted U.S.-based organizations. While analyzing the phishing lures used by the actors, we repeatedly noticed an intriguing pattern: in every case, it was the victim who The post ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 25th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES US pharmaceutical company Inotiv has experienced a ransomware attack that resulted in the unauthorized access and encryption of certain systems and data. The Qilin ransomware gang claimed responsibility and alleged the theft The post 25th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 18th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Canadian House of Commons has suffered a data breach. The incident resulted in unauthorized access to a database containing employees’ names, office locations, email addresses, and information on House-managed computers and The post 18th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 11th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Air France has experienced a data breach that resulted in unauthorized access to customer data through a compromised external customer service platform. The attack exposed personal information, including names, email addresses, phone The post 11th August – Threat Intelligence Report appeared first on Check Point Research.

By: Andrey Charikov, Roman Zaikin & Oded Vanunu Background Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. The post CVE-2025-54136 –  MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 4th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Russia’s largest airline Aeroflot has been attacked by pro-Ukrainian hacktivist groups, resulting in severe flight delays and major technical disruptions. The attackers claim to have exfiltrated databases containing flight history, workstation data, The post 4th August – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known The post Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations appeared first on Check Point Research.