67 matches found
YouTube ‘Ghost Network’ Spreads Infostealer via 3,000 Fake Videos
Check Point Research exposed a sophisticated, role-based operation called the YouTube Ghost Network, distributing dangerous Lumma and Rhadamanthys Infostealer malware. Learn how cybercriminals use hijacked channels and bots to triple malicious video output and steal user credentials...
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence AI-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 CVSS score: 7.2, has been codenamed MCPoison by Check Point Research, owing ...
Microsoft Most Phished Brand in Q2 2025, Check Point Research
Microsoft was the most impersonated brand in phishing attacks during Q2 2025, accounting for 25% of all attempts, according to Check Point Research...
Patch Tuesday - June 2025
Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...
Scammers Use Fake Kling AI Ads to Spread Malware
Scammers impersonate Kling AI AI-powered video generation tool using fake ads and websites to spread malware. Check Point Research details how the attack tricks users into downloading RATs...
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 - Expect Script POC Microsoft Outlook Leak cre...
Hackers Stole $59 Million of Crypto Via Malicious Google and X Ads
By Deeba Ahmed Corrected sentence: "Anti-scam solutions provider Scam Sniffer and cybersecurity firm Check Point Research CPR have warned of increasing attacks aimed at your crypto funds through malicious ads." This is a post from HackRead.com Read the original post: Hackers Stole $59 Million of...
Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions
By Deeba Ahmed Check Point Research Reports New Million-Dollar Rug Pull Scam with a Fake Token Factory. This is a post from HackRead.com Read the original post: Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions...
BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico
By Deeba Ahmed New BBTok Banking Trojan Variant Emerges in Latin America: Check Point Research. This is a post from HackRead.com Read the original post: BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico...
Check Point Research: Microsoft the Most Phished Brand in Q2 2023
By Habiba Rashid The report highlights the fact that cybersecurity is essential for brand protection. This is a post from HackRead.com Read the original post: Check Point Research: Microsoft the Most Phished Brand in Q2 2023...
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not be...
Armenian Entities Hit by New Version of OxtaRAT Spying Tool
Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and...
ChatGPT-Written Malware
I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--some with little or no coding experience--were using it to write software and emails that could be used fo...
Malicious code in winrpcexploit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46976ed2bca7738154d7f53ebb0e98864eafcf5753fc7753b509c6ce4d9ac9b4 Security researchers at Check Point Research discovered a malicious package called WINRPCexploit. PyPI has since removed WINRPCexploit...
MAL-2022-7429 Malicious code in winrpcexploit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46976ed2bca7738154d7f53ebb0e98864eafcf5753fc7753b509c6ce4d9ac9b4 Security researchers at Check Point Research discovered a malicious package called WINRPCexploit. PyPI has since removed WINRPCexploit...
Malicious code in zlibsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...
MAL-2022-7430 Malicious code in zlibsrc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfbf8f67470456ad6b704fb2c2d47edef71ce077afe59bf1a6f79913bde2fd5d Security researchers at Check Point Research discovered a malicious package called zlibsrc impersonating the PyPI package zlib. PyPI has since removed...
Malicious code in free-net-vpn2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 918a0f985a93815d37d9480f97dd5203b78834142904ae50550bd431ca52c05b Security researchers at Check Point Research discovered a malicious package called free-net-vpn2 that targets environment variables. PyPI has since remov...
Malicious code in test-async (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...
MAL-2022-7428 Malicious code in test-async (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77032b3c9cc48f55b79507650d7c7a520543997883ee5c2cb3e655a5ee8f3304 Security researchers at Check Point Research discovered a malicious package called test-async. PyPI has since removed test-async...