Intelligence Feed
Thus Spoke…The Gentlemen
Check Point Research
13 May 2026
SEV 9/10
Thus Spoke…The Gentlemen - Check Point Research CATEGORIES AI Research Android Malware Artificial Intelligence ChatGPT Check Point Research Publications Cloud Security CPRadio Crypto Data & Threat Intelligence Data Analysis Demos Global Cyber Attack Reports How To Guides Ransomware Russo-Ukrainian War Security Report Threat and data analysis Threat Research Web 3.0 Security Wipers Thus Spoke…The Gentlemen May 13, 2026 https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/ Key Points On May 4th, 2026, The Gentlemen RaaS administrator acknowledged on underground forums that an internal backend database ( Rocket ) had been leaked. This leak exposed 9 accounts , including zeta88 (aka hastalamuerte ), who runs the infrastructure, builds the locker and panel, manages payouts, and effectively acts as the administrator of the program. The internal discussions provide a rare end‑to‑end view of the operation: they detail initial access paths (Fortinet and Cisco edge appliances, NTLM relay, OWA/M365 credential logs), the division of roles, the shared toolsets, and the group’s active tracking and evaluation of modern CVEs such as CVE-2024-55591 , CVE-2025-32433 , and CVE-2025-33073 .
11th May – Threat Intelligence Report
Check Point Research
11 May 2026
SEV 9/10
11th May – Threat Intelligence Report - Check Point Research FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 11th May – Threat Intelligence Report May 11, 2026 https://research.checkpoint.com/2026/11th-may-threat-intelligence-report/ For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its cloud-hosted environment. Exposed data reportedly includes student and staff records and private messages, while ShinyHunters escalated the attack by defacing hundreds of school login portals with ransom messages.
The State of Ransomware – Q1 2026
Check Point Research
11 May 2026
SEV 7/10
The State of Ransomware - Q1 2026 - Check Point Research CATEGORIES AI Research Android Malware Artificial Intelligence ChatGPT Check Point Research Publications Cloud Security CPRadio Crypto Data & Threat Intelligence Data Analysis Demos Global Cyber Attack Reports How To Guides Ransomware Russo-Ukrainian War Security Report Threat and data analysis Threat Research Web 3.0 Security Wipers The State of Ransomware – Q1 2026 May 11, 2026 https://research.checkpoint.com/2026/the-state-of-ransomware-q1-2026/ Key Findings Consolidation after peak fragmentation: The top 10 ransomware groups accounted for 71% of all Q1 2026 victims, a sharp reversal from the fragmentation seen in Q3 2025. The ransomware ecosystem is once again consolidating around fewer, more dominant operators. Volume stabilization at historically high levels: There were 2,122 victims posted on data leak sites (DLS), making this period the second-highest Q1 on record.
4th May – Threat Intelligence Report
Check Point Research
04 May 2026
SEV 8/10
4th May – Threat Intelligence Report - Check Point Research FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 4th May – Threat Intelligence Report May 4, 2026 https://research.checkpoint.com/2026/4th-may-threat-intelligence-report/ For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems.
VECT: Ransomware by design, Wiper by accident
Check Point Research
28 Apr 2026
SEV 6/10
VECT: Ransomware by design, Wiper by accident - Check Point Research CATEGORIES AI Research Android Malware Artificial Intelligence ChatGPT Check Point Research Publications Cloud Security CPRadio Crypto Data & Threat Intelligence Data Analysis Demos Global Cyber Attack Reports How To Guides Ransomware Russo-Ukrainian War Security Report Threat and data analysis Threat Research Web 3.0 Security Wipers VECT: Ransomware by design, Wiper by accident April 28, 2026 https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/ Key Takeaways Check Point Research discovers that the VECT 2.0 ransomware permanently destroys “large files” rather than encrypting them . A critical flaw in the encryption implementation, identical across all three platform variants ( Windows , Linux , ESXi ), discards three of four decryption nonces for every file above 131,072 bytes ( 128 KB ). Full recovery is impossible for anyone , including the attacker .
27th April – Threat Intelligence Report
Check Point Research
27 Apr 2026
SEV 1/10
No content extracted.
20th April – Threat Intelligence Report
Check Point Research
20 Apr 2026
SEV 1/10
No content extracted.
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Check Point Research
20 Apr 2026
SEV 1/10
No content extracted.
13th April – Threat Intelligence Report
Check Point Research
13 Apr 2026
SEV 1/10
No content extracted.
6th April – Threat Intelligence Report
Check Point Research
06 Apr 2026
SEV 1/10
No content extracted.
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
Check Point Research
31 Mar 2026
SEV 1/10
No content extracted.
ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime
Check Point Research
30 Mar 2026
SEV 1/10
No content extracted.
30th March – Threat Intelligence Report
Check Point Research
30 Mar 2026
SEV 1/10
No content extracted.
AI Threat Landscape Digest January-February 2026
Check Point Research
29 Mar 2026
SEV 1/10
No content extracted.
23rd March – Threat Intelligence Report
Check Point Research
23 Mar 2026
SEV 1/10
No content extracted.