惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Palo Alto Networks Blog
Martin Fowler
Martin Fowler
T
Threatpost
D
Docker
S
Schneier on Security
M
MIT News - Artificial intelligence
G
Google Developers Blog
L
LINUX DO - 热门话题
J
Java Code Geeks
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
IT之家
IT之家
博客园 - Franky
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
V
Vulnerabilities – Threatpost
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
人人都是产品经理
人人都是产品经理
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
爱范儿
爱范儿
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
C
CERT Recently Published Vulnerability Notes
The GitHub Blog
The GitHub Blog
Simon Willison's Weblog
Simon Willison's Weblog
NISL@THU
NISL@THU
MongoDB | Blog
MongoDB | Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Heimdal Security Blog
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
P
Privacy International News Feed
P
Proofpoint News Feed
O
OpenAI News
B
Blog
腾讯CDC
F
Full Disclosure
Apple Machine Learning Research
Apple Machine Learning Research
T
Tor Project blog
H
Hacker News: Front Page
Project Zero
Project Zero
Hugging Face - Blog
Hugging Face - Blog
C
Cisco Blogs
S
Security Affairs

Check Point Research

AI Security Report 2026 - Check Point Research 13th July – Threat Intelligence Report - Check Point Research Cavern Manticore: Exposing Iran-Linked Modular C2 Framework - Check Point Research Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique - Check Point Research 29th June – Threat Intelligence Report - Check Point Research 22nd June – Threat Intelligence Report - Check Point Research From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker - Check Point Research 15th June – Threat Intelligence Report - Check Point Research From SQLi to RCE – Exploiting LangGraph’s Checkpointer 8th June – Threat Intelligence Report Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem 1st June – Threat Intelligence Report AI Threat Landscape Digest March-April 2026 25th May – Threat Intelligence Report Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict 18th May – Threat Intelligence Report Thus Spoke…The Gentlemen 11th May – Threat Intelligence Report The State of Ransomware – Q1 2026 4th May – Threat Intelligence Report VECT: Ransomware by design, Wiper by accident 27th April – Threat Intelligence Report - Check Point Research 20th April – Threat Intelligence Report - Check Point Research DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy 13th April – Threat Intelligence Report 6th April – Threat Intelligence Report Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime 30th March – Threat Intelligence Report AI Threat Landscape Digest January-February 2026 23rd March – Threat Intelligence Report 16th March – Threat Intelligence Report “Handala Hack” – Unveiling Group’s Modus Operandi Iranian MOIS Actors & the Cyber Crime Connection 9th March – Threat Intelligence Report Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East Silver Dragon Targets Organizations in Southeast Asia and Europe 2nd March – Threat Intelligence Report Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 2025: The Untold Stories of Check Point Research
6th July – Threat Intelligence Report - Check Point Research
urias · 2026-07-06 · via Check Point Research

For the latest discoveries in cyber research for the week of 6th July, please download our Threat Intelligence Bulletin.

TOP ATTACKS AND BREACHES

  • River Bank & Trust, a US financial institution, has experienced a ransomware incident after an unauthorized actor accessed the network of parent company River Financial Corporation on June 16. The bank found ransomware on portions of its server environment and is assessing whether personal data was accessed or exfiltrated.
  • Indra Group, a Spanish defense, aerospace, and technology contractor and NATO cyber coalition member, has confirmed a ransomware attack affecting one subsidiary. The Gentlemen ransomware gang threatened to leak allegedly stolen data, while Indra said the incident was contained and that service continuity was maintained.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat

  • Nidec, a Japanese electric motor and industrial manufacturer, has disclosed a ransomware attack affecting the network of its Taiwanese subsidiary, Nidec Chaun Choung Technology. BlackField group claimed responsibility and alleged theft of more than two terabytes of corporate data, including employee, financial, procurement, manufacturing, legal, and IT records.
  • US insurance firm Aflac has disclosed a data breach affecting its Japan operations after attackers accessed its policyholder portal between June 15 and June 25. Personal and financial data of nearly 4.4 million customers was exposed, including policyholder information and premium payment account details.

AI THREATS

  • Check Point Research has demonstrated a browser-native ransomware technique generated by a large language model that abuses Chrome’s File System Access API. A fake image-enhancement page convinces users to grant folder access, then reads, exfiltrates, and encrypts photos inside the browser on Android and Windows.
  • Researchers examined shell command injection weaknesses in open-source AI coding agents, finding that 10 out of 11 popular tools failed to block obfuscated destructive commands. Simple rewrites bypassed filters and enabled destructive actions, including file deletion, while only the Continue agent properly parsed commands.
  • Researchers warned that attackers are exploiting LLM phantom squatting by registering AI-generated domains to hijack traffic and deliver phishing. They recorded 250,000 hallucinated domains and subsequent registrations, including an AI-built phishing kit, Montana Empire, using a postal-service domain for credential theft.

VULNERABILITIES AND PATCHES

  • Oracle E-Business Suite is affected by CVE-2026-46817, a critical remote code execution flaw reportedly exploited against about 950 internet-exposed instances worldwide. Successful exploitation can give attackers control over ERP systems.

Check Point IPS provides protection against this threat (Oracle E-Business Suite Authentication Bypass (CVE-2026-46817))

  • Linux kernel maintainers patched CVE-2026-46242, a Bad Epoll privilege escalation flaw affecting Linux servers, desktops, and Android devices. The race-condition use-after-free vulnerability allows an unprivileged local user to gain root access, and a public exploit demonstrated reliable exploitation against vulnerable systems.
  • Citrix has addressed CVE-2026-8451, a NetScaler ADC and NetScaler Gateway memory disclosure flaw affecting SAML Identity Provider configurations. Active exploitation was observed less than 24 hours after disclosure, with attacks able to leak session tokens from vulnerable appliances.

Check Point IPS provides protection against this threat (Citrix NetScaler Out Of Bounds Read (CVE-2026-8451))

  • Progress has addressed CVE-2026-8037, a critical OS command injection flaw in Kemp LoadMaster load balancers with a CVSS score of 9.6. Exploitation attempts began on June 29 and could allow unauthenticated remote code execution against vulnerable systems.

Check Point IPS provides protection against this threat (Progress Kemp LoadMaster Commad Injection (CVE-2024-1212, CVE-2026-8037))

THREAT INTELLIGENCE REPORTS

  • Researchers elaborated on a North Korea-aligned supply-chain campaign dubbed PolinRider, which published 108 malicious packages and a Chrome extension across open-source registries. The attackers abused VS Code auto-run tasks and hidden JavaScript loaders to fetch second-stage malware and deploy DEV#POPPER and OmniStealer.
  • Researchers observed a partnership between the Vect ransomware group and TeamPCP, a supply chain credential-theft gang, that industrializes ransomware delivery. At least one Vect attack using TeamPCP-sourced credentials was confirmed.
  • Researchers detected the ChocoPoC campaign, which weaponizes fake proof-of-concept exploits on GitHub and PyPI to infect vulnerability researchers with a Python RAT. The malware hides commands on Mapbox datasets and steals files and browser data while executing attacker commands.
  • Researchers analyzed 3,000 live ClickFix payloads and found rotating wrappers, custom command generation, and a Downloads-folder technique designed to bypass AMSI protections. The research shows how ClickFix has evolved from simple social engineering into an API-driven malware delivery ecosystem.

BLOGS AND PUBLICATIONS

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research

January 22, 2020

The 2020 Cyber Security Report

  • Global Cyber Attack Reports

December 15, 2021

StealthLoader Malware Leveraging Log4Shell