惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Check Point Research

AI Security Report 2026 - Check Point Research 13th July – Threat Intelligence Report - Check Point Research Cavern Manticore: Exposing Iran-Linked Modular C2 Framework - Check Point Research 6th July – Threat Intelligence Report - Check Point Research Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique - Check Point Research 22nd June – Threat Intelligence Report - Check Point Research From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker - Check Point Research 15th June – Threat Intelligence Report - Check Point Research From SQLi to RCE – Exploiting LangGraph’s Checkpointer 8th June – Threat Intelligence Report Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 1st June – Threat Intelligence Report AI Threat Landscape Digest March-April 2026 25th May – Threat Intelligence Report Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict 18th May – Threat Intelligence Report Thus Spoke…The Gentlemen 11th May – Threat Intelligence Report The State of Ransomware – Q1 2026 4th May – Threat Intelligence Report VECT: Ransomware by design, Wiper by accident 27th April – Threat Intelligence Report - Check Point Research 20th April – Threat Intelligence Report - Check Point Research DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy 13th April – Threat Intelligence Report 6th April – Threat Intelligence Report Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime 30th March – Threat Intelligence Report AI Threat Landscape Digest January-February 2026 23rd March – Threat Intelligence Report 16th March – Threat Intelligence Report “Handala Hack” – Unveiling Group’s Modus Operandi Iranian MOIS Actors & the Cyber Crime Connection 9th March – Threat Intelligence Report Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East Silver Dragon Targets Organizations in Southeast Asia and Europe 2nd March – Threat Intelligence Report Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 2025: The Untold Stories of Check Point Research
29th June – Threat Intelligence Report - Check Point Research
urias · 2026-06-29 · via Check Point Research

For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, stealing about $3 million from fewer than 15 accounts, while the backend remained unaffected.
  • KDDI, a Japanese telecom operator, has reported a breach of its ISP email platform after detecting an intrusion on June 17. Up to 14.22 million email addresses and passwords may have been compromised across services from six ISPs, including J:COM and Biglobe.
  • Indian electronics and semiconductor manufacturer Tata Electronics, a supplier to Apple and Tesla, has suffered a cyberattack and data breach. The company said IT systems were affected, while the World Leaks group claimed 630GB of data, including alleged supplier and customer documents.
  • Brazil’s National Civil Defense warning platform, managed by telecom regulator Anatel, has faced a cyberattack that sent a fake “Extreme Alert” to phones across several regions. Officials took the system offline after the message reached users in Paraná, São Paulo, and Rio de Janeiro.
  • The National Association of Insurance Commissioners, a US insurance regulatory standards body, has confirmed a cyberattack after ShinyHunters claimed theft of 3.1TB of data through an Oracle PeopleSoft zero-day. The group claimed access to regulatory filings, production logs, cloud configuration files, and other internal records.

AI THREATS

  • Researchers have detailed EvilTokens, an AI-powered phishing-as-a-service operation abusing device-code authentication to steal Microsoft 365 tokens. Huntress observed a 1,380% surge in device-code phishing in early 2026, with AI-generated lures and automated workflows lowering attacker effort.
  • Researchers have crafted a fake AI skill that hijacked more than 26,000 AI agents by abusing trusted marketplaces and Instagram ads in a supply chain attack. The package initially appeared clean, then used attacker-controlled external instructions after approval to trigger data exfiltration across agent platforms.
  • LayerX researchers have demonstrated BioShocking AI, a technique that tricks agentic browsers into bypassing their guardrails. Test cases against ChatGPT Atlas, Perplexity Comet, Claude in Chrome, and other AI browsers showed how game-like prompts could expose credentials and user data.

VULNERABILITIES AND PATCHES

  • Cisco has addressed CVE-2026-20245, a high-severity command injection flaw in Catalyst SD-WAN Manager that attackers exploited as a zero-day for months. The flaw allows an administrator to run root commands through a crafted file, affecting on-premises and Cisco-managed cloud deployments.
  • Dify has released version 1.14.2 to fix four vulnerabilities in its open-source AI platform, including critical CVE-2026-41947 and CVE-2026-41948. The flaws could allow unauthenticated access and cross-tenant data exposure, including chat content and uploaded files.
  • Ubiquiti UniFi OS is affected by three flaws, CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, which are reportedly being exploited against network appliances. The vulnerabilities allow unauthorized changes, file access, and command execution, with exploitation observed in Mirai botnet activity.

Check Point IPS provides protection against these threats (Ubiquiti UniFi OS Privilege Escalation (CVE-2026-34908), Ubiquiti UniFi OS Directory Traversal (CVE-2026-34909), Ubiquiti UniFi OS Command Injection (CVE-2026-34910))

  • Langflow, an open-source AI workflow tool, is reportedly being targeted through exploitation of CVE-2026-55255, alongside ongoing mass exploitation of CVE-2026-33017. Attackers enumerated flow IDs to run victim pipelines and extract embedded API keys, while remote code execution enabled malware deployment and cloud credential theft.

Check Point IPS provides protection against this threat (Langflow Remote Code Execution (CVE-2026-33017))

THREAT INTELLIGENCE REPORTS

  • Researchers have uncovered the FortiBleed campaign, which converts compromised FortiGate firewalls into passive credential stealers across 24 protocols. The operation targeted more than 430,000 devices worldwide and siphoned more than 110 million credentials.
  • Researchers have attributed the StockStay espionage malware to Russia-linked Turla and described targeting of Ukrainian government and defense organizations. The malware evolved from a fake stock app to PDF reader and calculator lookalikes, delivered through phishing with malicious remote desktop configuration files.
  • Researchers have revealed that the Chinese DCloud Uni-App framework powers at least 236,493 scam domains since 2022, including fake crypto exchanges, wallet drainers, WhatsApp phishing, and gambling schemes. Technical fingerprints suggest centralized operators, likely China-based, supporting a broad fraud ecosystem.
  • Researchers have analyzed the FulcrumSec cloud extortion group targeting cloud-native organizations. The group exploits exposed credentials, unpatched applications, and misconfigured storage, then uses broad permissions to move across environments, collect data for months, and exfiltrate it using legitimate tools.

BLOGS AND PUBLICATIONS

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

January 22, 2020

The 2020 Cyber Security Report

  • Global Cyber Attack Reports

December 15, 2021

StealthLoader Malware Leveraging Log4Shell