Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
'The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg
Stay updated on the latest Check Point trends in information security. Expert insights, updates, and analysis on Check Point cyber threats and solutions.
Search across headline titles and summaries.
Background for this topic.
Check Point delivers network security solutions such as firewalls, VPNs, endpoint protection, and cloud security management designed to enforce access controls and monitor traffic across on-premises and cloud environments. These systems help organizations detect and block unauthorized access, malware, and other cyber threats by applying centralized security policies and real-time inspection of network activity.
Security risks include vulnerabilities in Check Point software that may allow privilege escalation or remote code execution if unpatched. Misconfigurations in gateways or management consoles can expose sensitive network segments or credentials. Maintaining up-to-date patches, securely configuring management interfaces, and integrating threat intelligence feeds into Check Point platforms are critical practices to reduce attack surfaces and enhance detection of evolving threats targeting network perimeters and endpoints.
Weekly headline count for the current query.
'The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
'Full recovery is impossible for anyone, including the attacker' Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB.…
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
Attack infrastructure attributed to 'several Iran-nexus threat actors' Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers. …
Check Point observes 40K+ attack attempts in our hours, with government organizations under fire A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet.…
Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.…
Check Point helps exorcise vast 'Ghost Network' that used fake tutorials to push infostealers Google has taken down thousands of YouTube videos that were quietly spreading password-stealing malware disguised as cracked software and game cheats.…
LLMs and 0-days - what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check Point cybersecurity evangelist Amit Weigman.…
More evidence that AI expands the attack surface Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously approved Model Context Protocol (MCP) configuration, silently swapping it for a malicious command without any user prompt.…
Explanation leaves a 'lot of questions unanswered,' says infosec researcher A digital burglar is claiming to have nabbed a trove of "highly sensitive" data from Check Point - something the American-Israeli security biz claims is a huge exaggeration.…
There's only one rule – don't attack Russia, duh Check Point has spotted a fresh ransomware-as-a-service crew in town: VanHelsing, touting a cross-platform locker targeting Microsoft Windows, Linux, and VMware ESXi systems, among others. But so far, only Windows machines have fallen victim, we're told.…
Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their exposure to the 2020 SolarWinds hack.…
The government-backed crew also enjoys ransomware as a side hustle Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.…
Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities Infosec in brief Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability under active exploitation.…
Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more Cisco is fighting fires on a couple fronts this week after security incidents involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.…
With Microsoft and LinkedIn close on shipping giant's heels DHL is the most spoofed brand when it comes to phishing emails, according to Check Point.…
Because Beijing isn't above covert ops to accomplish its five-year goals Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.…
Check Point uncovers web vulnerability that could have led to cryptocurrency theft A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research.…