惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
博客园 - 三生石上(FineUI控件)
S
Securelist
U
Unit 42
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Simon Willison's Weblog
Simon Willison's Weblog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
T
Tenable Blog
The Hacker News
The Hacker News
The Register - Security
The Register - Security
IT之家
IT之家
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
博客园_首页
T
Tailwind CSS Blog
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
Stack Overflow Blog
Stack Overflow Blog
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
A
Arctic Wolf
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
V
Visual Studio Blog
月光博客
月光博客
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Check Point Blog

AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation
lizwu@checkpoint.com · 2026-05-12 · via Check Point Blog
Every Region Recorded Higher Attack Volumes in April

In April 2026, global cyber-attack activity rebounded sharply following the brief moderation observed in March. Organizations experienced an average of 2,201 weekly cyber-attacks, representing a 10% increase month over month and an 8% increase year over year. This reversal underscores the volatility of today’s threat landscape. After three consecutive months of gradual decline, April’s data confirms that the earlier easing was temporary rather than structural. Attackers continue to leverage automation, expanded digital footprints, and exposed cloud and GenAI environments to sustain elevated pressure across industries and regions.

Check Point Research data shows that cyber threats have not stabilized at lower baselines. Instead, adversaries are rapidly adjusting timing and targeting strategies, reinforcing that short-term fluctuations do not equate to reduced operational risk.

Critical Sectors Face Renewed and Intensifying Pressure

The Education sector remained the most targeted industry in April, with organizations facing an average of 4,946 weekly attacks, marking an 8% year-over-year increase. Large user populations, highly distributed access environments, and constrained security resources continue to make educational institutions prime targets.  The Government sector ranked second, averaging 2,797 weekly attacks, reflecting a marginal 1% decrease year over year. While volumes stabilized slightly, government organizations remain high-value targets due to critical public services and sensitive data exposure.

Telecommunications followed closely with 2,728 weekly attacks, recording a 3% year-over-year increase, as threat actors continue seeking scalable disruption and downstream access through service providers. Notably, Hospitality, Travel & Recreation continued their upward trajectory, aligning with seasonal demand growth. As transaction volumes rise ahead of peak travel periods, attackers appear to be accelerating activity to exploit increased customer data exposure and operational dependencies.

Figure 1: Global average cyber-attacks per industry. April 2026 vs April 2025

Regional Threat Imbalances Widen as All Regions See Growth

April’s regional data reveals a broad-based resurgence in cyber activity, with every region experiencing month-over-month increases.

Latin America remained the most targeted region globally, averaging 3,364 weekly attacks per organization, alongside a 20% year-over-year increase. Rapid digital expansion and uneven security continue to fuel its attractiveness to threat actors.

APAC followed with 3,213 weekly attacks, reflecting a 4% year-over-year increase, while Africa recorded 2,940 weekly attacks, despite a -9% year-over-year decline, remaining among the most targeted regions worldwide.

Figure 2: YoY change in weekly cyber-attacks per region

Europe and North America both saw renewed growth compared to March, reinforcing that even mature markets continue to face persistent baseline pressure rather than meaningful relief.

GenAI Adoption Continues to Elevate Data Exposure Risk

Enterprise GenAI usage remained widespread throughout April 2026, sustaining high levels of data leakage risk despite broader threat volatility. Key GenAI exposure indicators include:

  • 1 in every 28 GenAI prompts posed a high risk of sensitive data leakage
  • 90% of organizations using GenAI tools regularly were impacted by this risk
  • An additional 19% of prompts contained potentially sensitive information
  • Organizations used an average of 10 different GenAI tools, highlighting fragmented adoption
  • The average enterprise user generated 77 GenAI prompts per month

While overall interaction volumes remained stable compared to March, exposure risk persists due to limited visibility, decentralized usage, and insufficient governance. Without centralized controls, organizations remain vulnerable to credential leakage, intellectual property exposure, and unintended third‑party risk propagation.

Ransomware Activity Expands Month Over Month

In April 2026, 707 ransomware attacks were reported globally, reflecting a 5% increase month over month and a 12% increase year over year. This continued growth confirms that ransomware remains a core monetization vector despite broader tactical shifts.

North America was the most affected region, accounting for 46% of reported incidents, followed by Europe (27%) and APAC (17%), indicating sustained focus on high-revenue and highly regulated markets.

Figure 3: Ranswomare attacks per region

Ransomware Targeting Remains Concentrated in High-Impact Industries

Business Services continued to dominate ransomware targeting, accounting for 33.8% of victims, followed by Consumer Goods & Services (14.4%) and Industrial Manufacturing (9.9%).

Together, these sectors represent environments where downtime, operational disruption, and data exposure translate directly into financial leverage, making them consistently attractive to ransomware operators. Healthcare, Financial Services, and Government each increased their relative share compared to earlier months, reinforcing the gradual expansion of ransomware targeting beyond traditional strongholds.

Figure 4: Ransomware by industry

Ransomware Remains Globally Distributed Despite Regional Concentration

At the country level, the United States remained the most impacted nation, accounting for 41.6% of reported ransomware attacks, followed by Germany (5.0%), Canada (4.8%), Italy (4.0%), and the United Kingdom (3.8%).

The breadth of affected countries across North America, Europe, Asia, and Latin America highlights ransomware’s continued global reach, even as activity remains concentrated in a limited number of high-value markets.

Figure 5: Ransomware victims by country

Leading Ransomware Groups Maintain Fragmented Dominance

Ransomware activity in April remained fragmented, though dominated by a small group of high-output operators. Qilin led activity, responsible for 15% of published attacks, followed by The Gentlemen (10%) and DragonForce (9%).  While the top three groups accounted for 34% of reported incidents, a total of 56 different ransomware groups publicly impacted organizations worldwide last month—underscoring the breadth and resilience of the ransomware ecosystem.

  • Qilin: Qilin is one of the most established RaaS groups, with a consistent track record of victim disclosures dating back to 2022. Originally operating under the name “Agenda”, the group rebranded as “Qilin” by September 2022, introducing a Rust-based encryptor and expanding its RaaS infrastructure. It provides affiliates with a full-featured toolkit via a dedicated administrative panel, including an encryptor, negotiation infrastructure, and support services. Following RansomHub’s retirement, Qilin intensified its affiliate recruitment efforts and, since March 2025, has significantly increased the volume of victim listings on its data leak site (DLS).
  • The Gentlemen: It is a fast-growing Ransomware-as-a-Service operation founded in mid-2025 by a Russian-speaking operator (Hastalamuerte) who previously worked as an affiliate across Qilin, Embargo, LockBit, Medusa, and BlackLock before launching his own platform after a dispute with Qilin. The group openly recruits affiliates in various forums and uniquely functions as both a RaaS provider and an Initial Access Broker, offering affiliates self-service access to approximately 14,000 pre-exploited FortiGate devices (CVE-2024-55591). With over 320 DLS-claimed victims and an estimated 1,570+ actual compromises revealed through Check Point Research’s analysis, The Gentlemen shas established itself as a top-7 global ransomware threat in under a year. The group’s cross-platform lockers target Windows, Linux, and ESXi (C-based), and their latest May 2026 operator communication announces a shift from blunt-force BYOVD-based EDR killing to surgical userland evasion techniques. The group’s geographic targeting is notably atypical, with the US representing only 12% of victims (vs 50% ecosystem average), reflecting a device-driven victim selection model shaped by the FortiGate stockpile rather than deliberate geographic preference.
  • DragonForce: It is a ransomware RaaS, self-proclaimed as “cartel” that pioneered a white-label infrastructure model, enabling affiliates to operate independent brands using DragonForce’s encryption, negotiation portals, and data leak sites. Ranked sixth by victim volume with 426 DLS postings and accelerating activity (56 victims in March 2026 alone), the group operates two distinct encryption variants – a Conti V3 fork using ChaCha8 and a LockBit 3.0 derivative using RSA-1024 and Salsa20. DragonForce absorbed displaced RansomHub affiliates in April 2025 and partnered with Scattered Spider for social engineering campaigns that struck major United Kingdom retailers including Marks & Spencer and Co-op. While the group announced a strategic alliance with LockBit and Qilin in September 2025, no joint operations have been observed, suggesting this is primarily a positioning move.
What April’s Trends Reveal About the Threat Landscape

April 2026 confirms that cyber threats are not stabilizing, they are oscillating with increasing intensity. The rebound in global attack volumes, continued expansion of ransomware activity, and persistent GenAI-driven exposure risks illustrate a threat environment defined by adaptability rather than predictability.

At Check Point Research, our research shows that temporary declines should not be mistaken for reduced risk. Attackers continue refining precision, timing, and targeting, exploiting seasonal demand cycles, emerging technologies, and governance gaps.

In this environment, reactive security models remain insufficient. A prevention-first, AI-driven, multi-layered security strategy — spanning cloud, network, endpoint, and user environments — is essential to reducing exposure and sustaining cyber resilience. Staying ahead now requires anticipating attacker behavior, not merely responding after impact.