惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
Recent Announcements
Recent Announcements
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
MongoDB | Blog
MongoDB | Blog
U
Unit 42
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
P
Privacy International News Feed
L
LINUX DO - 最新话题
博客园_首页
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
Visual Studio Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
P
Privacy & Cybersecurity Law Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
C
Cisco Blogs
博客园 - 【当耐特】
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
罗磊的独立博客
MyScale Blog
MyScale Blog
Last Week in AI
Last Week in AI
A
About on SuperTechFans
G
GRAHAM CLULEY
Y
Y Combinator Blog
Microsoft Security Blog
Microsoft Security Blog
GbyAI
GbyAI
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
D
DataBreaches.Net
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
I
InfoQ
T
The Exploit Database - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 叶小钗
Project Zero
Project Zero

Check Point Research

AI Security Report 2026 - Check Point Research 13th July – Threat Intelligence Report - Check Point Research Cavern Manticore: Exposing Iran-Linked Modular C2 Framework - Check Point Research 6th July – Threat Intelligence Report - Check Point Research Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique - Check Point Research 29th June – Threat Intelligence Report - Check Point Research 22nd June – Threat Intelligence Report - Check Point Research From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker - Check Point Research 15th June – Threat Intelligence Report - Check Point Research From SQLi to RCE – Exploiting LangGraph’s Checkpointer 8th June – Threat Intelligence Report Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 1st June – Threat Intelligence Report AI Threat Landscape Digest March-April 2026 25th May – Threat Intelligence Report Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict 18th May – Threat Intelligence Report Thus Spoke…The Gentlemen 11th May – Threat Intelligence Report The State of Ransomware – Q1 2026 VECT: Ransomware by design, Wiper by accident 27th April – Threat Intelligence Report - Check Point Research 20th April – Threat Intelligence Report - Check Point Research DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy 13th April – Threat Intelligence Report 6th April – Threat Intelligence Report Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime 30th March – Threat Intelligence Report AI Threat Landscape Digest January-February 2026 23rd March – Threat Intelligence Report 16th March – Threat Intelligence Report “Handala Hack” – Unveiling Group’s Modus Operandi Iranian MOIS Actors & the Cyber Crime Connection 9th March – Threat Intelligence Report Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East Silver Dragon Targets Organizations in Southeast Asia and Europe 2nd March – Threat Intelligence Report Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 2025: The Untold Stories of Check Point Research
4th May – Threat Intelligence Report
urias · 2026-05-04 · via Check Point Research

For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems. Threat group ShinyHunters claimed the theft of 9 million records, and Medtronic is evaluating what data was exposed.
  • Vimeo, a global video hosting platform, has confirmed a data breach stemming from a compromise at analytics vendor Anodot. Exposed data included internal operational information, video titles and metadata, and some customer email addresses, while passwords, payment data, and video content were not accessed.
  • Threat actors have abused the account creation process of the online trading platform Robinhood to launch a phishing campaign that used emails from Robinhood official mailing account. The emails contained links to phishing sites and passed security checks. Robinhood stated that no accounts or funds were compromised and has since removed the vulnerable “Device” field.
  • Trellix, a major endpoint security and XDR vendor, was hit by a source code repository breach after attackers accessed a portion of its internal code. The company engaged forensic experts and law enforcement and claims it has found no evidence of product tampering, pipeline compromise, or active exploitation so far.

AI THREATS

  • Researchers pinpointed CVE-2026-26268, a flaw in Cursor’s coding environment that enables remote code execution when its AI agent interacts with a cloned malicious repository. The attack chains Git hooks and bare repositories to run attacker scripts, risking exposure of source code, tokens, and internal tools.
  • Researchers exposed Bluekit, a phishing-as-a-service platform that bundles 40-plus templates and an AI Assistant using GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The AI-assisted toolkit centralizes domain setup, realistic login clones, anti-analysis filters, real-time session monitoring, and Telegram-based exfiltration.
  • Researchers demonstrated an AI-enabled supply chain attack in which Anthropic’s Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous crypto trading project. The hidden dependency siphoned credentials, planted persistent SSH access, and stole source code, enabling wallet takeover.

VULNERABILITIES AND PATCHES

  • Microsoft has fixed a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept showing attackers could add credentials and impersonate privileged identities.
  • cPanel has addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that is being actively exploited in the wild as a zero-day, and allows full administrative control without credentials. Patches were issued on April 28, and Shadowserver observed 44,000 internet addresses scanning or attacking decoy systems.

Check Point IPS provides protection against this threat (cPanel Authentication Bypass (CVE-2026-41940))

  • Google has released patches for a critical code execution flaw in the Gemini CLI and its GitHub Action that allowed outsiders to run commands on build servers in CI/CD pipelines. The issue automatically trusted workspace files during automated jobs, allowing malicious pull requests to trigger code execution.
  • LiteLLM proxy versions 1.81.16 to 1.83.6 are affected by CVE-2026-42208, a critical SQL injection flaw used to manage large language model API keys. Attackers can read and potentially alter the proxy database, with exploitation attempts observed about 36 hours after disclosure.

Check Point IPS provides protection against this threat (LiteLLM SQL Injection (CVE-2026-42208))

THREAT INTELLIGENCE REPORTS

  • Check Point Research has revealed that the VECT 2.0 ransomware effectively acts as a data wiper across Windows, Linux, and ESXi. A critical encryption mistake discards required decryption information for files larger than 128 KB, making recovery impossible even after payment.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat

  • Researchers analyzed a Mirai-based botnet campaign targeting Brazilian internet providers, abusing TP-Link Archer AX21 routers via CVE-2023-1389 and open DNS servers for high-volume amplification attacks. Leaked files linked control activity to infrastructure and SSH keys associated with DDoS mitigation firm Huge Networks.
  • Researchers uncovered a large-scale phishing campaign, dubbed AccountDumpling, that abuses Google AppSheet email services to hijack Facebook accounts. The operation was linked to Vietnam based attackers and is using cloned support pages, reward lures, and live 2FA collection, compromising over 30,000 users and monetizing stolen access through Telegram.
  • Researchers documented a TeamPCP supply chain campaign that compromised four SAP npm packages used in cloud development workflows. The malicious installers harvested developer and cloud credentials across GitHub, npm, and major providers, enabling propagation and downstream compromises before the packages were removed.

BLOGS AND PUBLICATIONS

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

January 22, 2020

The 2020 Cyber Security Report

  • Global Cyber Attack Reports

December 15, 2021

StealthLoader Malware Leveraging Log4Shell