惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Forbes - Security
Forbes - Security
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Jina AI
Jina AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
V
V2EX
Stack Overflow Blog
Stack Overflow Blog
Engineering at Meta
Engineering at Meta
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
WordPress大学
WordPress大学
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
P
Privacy International News Feed
IT之家
IT之家
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Check Point Blog
美团技术团队
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
MyScale Blog
MyScale Blog
H
Help Net Security
宝玉的分享
宝玉的分享
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
The Cloudflare Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
I
InfoQ
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog

Check Point Research

AI Security Report 2026 - Check Point Research 13th July – Threat Intelligence Report - Check Point Research Cavern Manticore: Exposing Iran-Linked Modular C2 Framework - Check Point Research 6th July – Threat Intelligence Report - Check Point Research Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique - Check Point Research 29th June – Threat Intelligence Report - Check Point Research 22nd June – Threat Intelligence Report - Check Point Research From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker - Check Point Research 15th June – Threat Intelligence Report - Check Point Research From SQLi to RCE – Exploiting LangGraph’s Checkpointer 8th June – Threat Intelligence Report Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 1st June – Threat Intelligence Report AI Threat Landscape Digest March-April 2026 25th May – Threat Intelligence Report Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict 18th May – Threat Intelligence Report Thus Spoke…The Gentlemen 11th May – Threat Intelligence Report The State of Ransomware – Q1 2026 4th May – Threat Intelligence Report VECT: Ransomware by design, Wiper by accident 27th April – Threat Intelligence Report - Check Point Research 20th April – Threat Intelligence Report - Check Point Research DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy 13th April – Threat Intelligence Report 6th April – Threat Intelligence Report Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime 30th March – Threat Intelligence Report AI Threat Landscape Digest January-February 2026 23rd March – Threat Intelligence Report 16th March – Threat Intelligence Report “Handala Hack” – Unveiling Group’s Modus Operandi Iranian MOIS Actors & the Cyber Crime Connection 9th March – Threat Intelligence Report Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East Silver Dragon Targets Organizations in Southeast Asia and Europe Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 2025: The Untold Stories of Check Point Research
2nd March – Threat Intelligence Report
2026-03-02 · via Check Point Research

March 2, 2026

For the latest discoveries in cyber research for the week of 2nd March, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate the stolen dataset includes HR-related information, including contact details and employment records for current and former staff.
  • UFP Technologies, a United States-based medical device manufacturing giant, has disclosed a cyberattack that compromised parts of its IT environment and resulted in data exfiltration. The company reported disruptions to shipping and labeling workflows. According to the company, some of its data was wiped in the attack.
  • Transport Workers Union of America Local 100, which represents New York City transit workers, was targeted by the Qilin ransomware group and listed on its leak site. According to reports, personal data of the union’s 67,000 members is now at risk of fraud and identity misuse.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Qilin.ta.* Ransomware.Wins.Qilin.)

  • European home improvement marketplace ManoMano has reported a data breach tied to a third-party customer support portal. The exposed records include customer names, email addresses, phone numbers, and support ticket details. ManoMano said passwords and payment data were not affected, and notifications are being sent to impacted users.

AI THREATS

  • Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.
  • Anthropic warns of coordinated “distillation” activity attributed to China-based AI firms, including DeepSeek, MiniMax, and Moonshot. Anthropic said fraudulent accounts generated millions of Claude exchanges aimed at extracting reasoning, coding, and agent workflows. The activity was described as an effort to train competing models.
  • OpenAI has released a report listing malicious attempts to misuse its models. Among the threats listed in the report is an influence operation attempt linked to Chinese law enforcement, which targeted Japan’s prime minister.

VULNERABILITIES AND PATCHES

  • Two Roundcube Webmail flaws have been listed as exploited in the wild, including CVE-2025-49113, a high-severity post-auth remote code execution bug. The second issue, CVE-2025-68461, is an unauthenticated cross-site scripting flaw. The bugs affect widely used Roundcube deployments, including cPanel environments globally.

Check Point IPS provides protection against this threat (Roundcube Webmail Remote Code Execution (CVE-2025-49113))

  • Researchers have unveiled a pre-auth remote code execution chain in SolarWinds Web Help Desk. The chain combines authentication bypass flaws CVE-2025-40552 and CVE-2025-40554 with deserialization RCE CVE-2025-40553. A successful attack can allow takeover of exposed help desk servers without credentials. The flaws affect widely deployed on-premises instances.

Check Point IPS provides protection against these threats (SolarWinds Web Help Desk Authentication Bypass (CVE-2025-40536, CVE-2025-40554, CVE-2025-40552), SolarWinds Web Help Desk Insecure Deserialization (CVE-2024-28986, CVE-2024-28988, CVE-2025-40553, CVE-2025-26399))

  • Researchers alerted organizations about CVE-2026-20127, a critical authentication bypass in Cisco Catalyst SD-WAN Controller (CVSS 10) exploited in the wild for at least three years. Attackers can log in with high privileges, add rogue peers, and downgrade controllers to exploit CVE-2022-20775 for root access. CISA issued an emergency directive mandating fast patching.

THREAT INTELLIGENCE REPORTS

  • Check Point Research summarizes five key Iranian threat actor clusters relevant to the current conflict in the Middle East. It outlines the main TTPs these groups have recently used against targets in the Middle East and the United States and shares six defensive measures IT teams should take to help prevent attacks during the ongoing conflict.
  • Check Point Research has published its Untold Stories of 2025, a compilation covering multiple notable campaigns that occurred during 2025. These include exploitation of Microsoft SharePoint (“ToolShell”), and adversary-in-the-middle phishing used to bypass MFA, as well as state-linked operations attributed to groups such as Camaro Dragon and COLDRIVER. The report also highlights evolving command-and-control techniques observed across Europe and Central Asia.
  • Lazarus-linked operators were observed using Medusa ransomware in recent intrusions, including activity against a Middle Eastern entity and attempted access at a US healthcare organization. Medusa is described as a ransomware-as-a-service operation with leak-site activity.

Check Point Harmony Endpoint and Threat Emulation provide protection against this threat.

  • Researchers have uncovered GrayCharlie activity targeting WordPress sites by injecting external JavaScript that profiles visitors and delivers malware through fake updates or ClickFix-style prompts. Reporting links infections to NetSupport tooling, followed by Stealc and SectopRAT.

BLOGS AND PUBLICATIONS

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

January 22, 2020

The 2020 Cyber Security Report

  • Global Cyber Attack Reports

December 15, 2021

StealthLoader Malware Leveraging Log4Shell