A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected

A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has

Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders.

The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30) appeared first on Unit 42.

 Cyber criminals are becoming more brazen, and this month, research highlights the rise of SafePay, a relatively new but increasingly active ransomware group that has quickly established itself as a key player in the cyber crime ecosystem. Meanwhile, FakeUpdates remains a dominant force, continuing to impact global organizations at an alarming rate. The education sector remains the most targeted industry, illustrating persistent vulnerabilities across institutions. SafePay Leads the Ransomware Group Rankings SafePay, first identified in November 2024, has emerged as the most prevalent ransomware group this month. SafePay uses a double-extortion strategy: encrypting files while exfiltrating sensitive data to further […]

The post May 2025 Malware Spotlight: SafePay Surges to the Forefront of Cyber Threats appeared first on Check Point Blog.

In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content.

The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit 42.

In early 2025, Check Point Research identified a cyber attack campaign exploiting the popularity of generative AI service, Kling AI. The attack began with deceptive social media ads leading to a fake website designed to trick users into downloading malicious files. The attack used fake Facebook pages and ads to distribute a malicious file which ultimately led to the execution of a remote access Trojan (RAT), granting attackers remote control of the victim’s system and the ability to steal sensitive data. The malware deployed in this campaign featured advanced evasion techniques, including file masquerading to disguise harmful executable files as […]

The post Exploiting the AI Boom: How Threat Actors Are Targeting Trust in Generative Platforms like Kling AI appeared first on Check Point Blog.