#CheckPoint Research has discovered critical #vulnerabilities in #Anthropic’s #Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. Stolen keys can provide access to shared Workspaces for file access and tampering. Anthropic patched the issues, including CVE-2025-59536.

https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/

#CheckPoint Research has published its Untold Stories of 2025, a compilation covering multiple notable campaigns that occurred during 2025. These include exploitation of #Microsoft #SharePoint (“ToolShell”), and adversary-in-the-middle #phishing used to bypass MFA, as well as state-linked operations attributed to groups such as Camaro Dragon and COLDRIVER. The report also highlights evolving command-and-control techniques observed across Europe and Central Asia.

https://research.checkpoint.com/2026/2025-the-untold-stories-of-check-point-research/

Silver Dragon Targets Organizations in Southeast Asia and Europe

Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group's sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor.

Pulse ID: 69a73e8545dc6a32312482a1
Pulse Link: https://otx.alienvault.com/pulse/69a73e8545dc6a32312482a1
Pulse Author: AlienVault
Created: 2026-03-03 20:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CheckPoint #Chinese #CobaltStrike #CyberSecurity #DNS #Email #Europe #Google #Government #ICS #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #RCE #SSH #bot #AlienVault

Silver Dragon Campaign Against Government and Critical Sectors

Researchers at Check Point Research have tracked Silver Dragon a China
aligned APT targeting government and organizational entities in Southeast
Asia and Europe.

Pulse ID: 69a772d9345d4469006f19aa
Pulse Link: https://otx.alienvault.com/pulse/69a772d9345d4469006f19aa
Pulse Author: cryptocti
Created: 2026-03-03 23:46:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #CheckPoint #China #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

#CheckPoint Research summarizes five key Iranian threat actor clusters relevant to the current conflict in the Middle East. It outlines the main TTPs these groups have recently used against targets in the Middle East and the United States and shares six defensive measures IT teams should take to help prevent attacks during the ongoing conflict.

https://blog.checkpoint.com/research/what-defenders-need-to-know-about-irans-cyber-capabilities/

A comprehensive article from #CheckPoint Research

"Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering"

https://research.checkpoint.com/2025/generative-ai-for-reverse-engineering/

From the article:
"The use of AI doesn’t eliminate the need for human expertise. XLoader’s most sophisticated protections, such as scattered key derivation logic and multi-layer function encryption, still require manual analysis and targeted adjustments. But the heavy lifting of triage, #deobfuscation, and scripting can now be accelerated dramatically. What once took days can now be compressed into hours."

#ai #aislop #hype #reverse #reverseengineering #reversing #malware #malwareanalysis #mcp

#CheckPoint Research unveiled a technique that repurposes #AI assistants like #Grok and #Microsoft #Copilot as covert C2 proxies by abusing web-browsing URL fetch features without authentication. #Malware exfiltrates host data via query parameters and retrieves commands from AI-generated summaries through hidden WebView2, bypassing inspection of AI traffic.

https://research.checkpoint.com/2026/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks/

Back home at my desk this week after an intense week of advanced Maestro training. It was so much fun to sit in a room of skilled engineers listening to one of our Maestro experts, discussing different scenarios & deployments, and playing with the boxes in the lab.

https://www.checkpoint.com/quantum/maestro-hyperscale-network-security/

#CheckPoint #Maestro #Hyperscale #NetworkSecurity

Bindu Reddy (@bindureddy)

새 Gemini 모델 또는 체크포인트가 빠르면 내일 공개될 수 있다는 예고성 트윗입니다. Gemini 관련 업데이트(새 모델/체크포인트) 릴리스가 임박했음을 알립니다.

https://x.com/bindureddy/status/2024339412050727422

#gemini #model #checkpoint #ai

#CheckPoint researchers described a #phishing campaign that abused legitimate SaaS notifications from #Microsoft, #Zoom, #Amazon, #PayPal, #YouTube, and #Malwarebytes to drive phone-based scams. The operation sent 133,260 emails to 20,049 organizations, intensifying in recent months as attackers leveraged trusted messages to bypass link-focused defenses and steer targets to attacker-controlled phone numbers.

https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/