Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders.

The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30) appeared first on Unit 42.

 Cyber criminals are becoming more brazen, and this month, research highlights the rise of SafePay, a relatively new but increasingly active ransomware group that has quickly established itself as a key player in the cyber crime ecosystem. Meanwhile, FakeUpdates remains a dominant force, continuing to impact global organizations at an alarming rate. The education sector remains the most targeted industry, illustrating persistent vulnerabilities across institutions. SafePay Leads the Ransomware Group Rankings SafePay, first identified in November 2024, has emerged as the most prevalent ransomware group this month. SafePay uses a double-extortion strategy: encrypting files while exfiltrating sensitive data to further […]

The post May 2025 Malware Spotlight: SafePay Surges to the Forefront of Cyber Threats appeared first on Check Point Blog.

In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content.

The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit 42.

In early 2025, Check Point Research identified a cyber attack campaign exploiting the popularity of generative AI service, Kling AI. The attack began with deceptive social media ads leading to a fake website designed to trick users into downloading malicious files. The attack used fake Facebook pages and ads to distribute a malicious file which ultimately led to the execution of a remote access Trojan (RAT), granting attackers remote control of the victim’s system and the ability to steal sensitive data. The malware deployed in this campaign featured advanced evasion techniques, including file masquerading to disguise harmful executable files as […]

The post Exploiting the AI Boom: How Threat Actors Are Targeting Trust in Generative Platforms like Kling AI appeared first on Check Point Blog.

Cyber criminals are raising the stakes. This month, researchers uncovered a sophisticated, multi-stage malware campaign delivering some of the most prevalent commodity malware—AgentTesla, Remcos, and XLoader—via stealthy techniques designed to evade detection. Meanwhile, FakeUpdates retains its top spot in the malware rankings, impacting 6% of organizations globally, and the education sector remains the most targeted industry. Sophisticated Attack Chain Evades Detection In April, attackers were found using phishing emails posing as order confirmations to launch a complex infection chain. These emails contain a malicious 7-Zip archive with a Jscript-encoded (.JSE) file that executes a Base64-encoded PowerShell payload. This, in turn, […]

The post April 2025 Malware Spotlight: FakeUpdates Dominates as Multi-Stage Campaigns Blend Commodity Malware with Stealth appeared first on Check Point Blog.

Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2.

The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first on Unit 42.