4th May – Threat Intelligence Report - Check Point Research FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 4th May – Threat Intelligence Report May 4, 2026 https://research.checkpoint.com/2026/4th-may-threat-intelligence-report/ For the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems.
An unauthorized party accessed data, while the company reported no impact on products, operations, or financial systems. Threat group ShinyHunters claimed the theft of 9 million records, and Medtronic is evaluating what data was exposed. Vimeo, a global video hosting platform, has confirmed a data breach stemming from a compromise at analytics vendor Anodot. Exposed data included internal operational information, video titles and metadata, and some customer email addresses, while passwords, payment data, and video content were not accessed.
Threat actors have abused the account creation process of the online trading platform Robinhood to launch a phishing campaign that used emails from Robinhood official mailing account. The emails contained links to phishing sites and passed security checks. Robinhood stated that no accounts or funds were compromised and has since removed the vulnerable “Device” field. Trellix, a major endpoint security and XDR vendor, was hit by a source code repository breach after attackers accessed a portion of its internal code.
The company engaged forensic experts and law enforcement and claims it has found no evidence of product tampering, pipeline compromise, or active exploitation so far. AI THREATS Researchers pinpointed CVE-2026-26268, a flaw in Cursor’s coding environment that enables remote code execution when its AI agent interacts with a cloned malicious repository. The attack chains Git hooks and bare repositories to run attacker scripts, risking exposure of source code, tokens, and internal tools.
Researchers exposed Bluekit, a phishing-as-a-service platform that bundles 40-plus templates and an AI Assistant using GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The AI-assisted toolkit centralizes domain setup, realistic login clones, anti-analysis filters, real-time session monitoring, and Telegram-based exfiltration. Researchers demonstrated an AI-enabled supply chain attack in which Anthropic’s Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous crypto trading project.
The hidden dependency siphoned credentials, planted persistent SSH access, and stole source code, enabling wallet takeover. VULNERABILITIES AND PATCHES Microsoft has fixed a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept showing attackers could add credentials and impersonate privileged identities. cPanel has addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that is being actively exploited in the wild as a zero-day, and allows full administrative control without credentials.
Patches were issued on April 28, and Shadowserver observed 44,000 internet addresses scanning or attacking decoy systems. Check Point IPS provides protection against this threat (cPanel Authentication Bypass (CVE-2026-41940)) Google has released patches for a critical code execution flaw in the Gemini CLI and its GitHub Action that allowed outsiders to run commands on build servers in CI/CD pipelines.
The issue automatically trusted workspace files during automated jobs, allowing malicious pull requests to trigger code execution. LiteLLM proxy versions 1.81.16 to 1.83.6 are affected by CVE-2026-42208, a critical SQL injection flaw used to manage large language model API keys. Attackers can read and potentially alter the proxy database, with exploitation attempts observed about 36 hours after disclosure. (LiteLLM SQL Injection (CVE-2026-42208)) THREAT INTELLIGENCE REPORTS Check Point Research has revealed that the VECT 2.0 ransomware effectively acts as a data wiper across Windows, Linux, and ESXi.
A critical encryption mistake discards required decryption information for files larger than 128 KB, making recovery impossible even after payment. Check Point Threat Emulation and Harmony Endpoint provide protection against this threat Researchers analyzed a Mirai-based botnet campaign targeting Brazilian internet providers, abusing TP-Link Archer AX21 routers via CVE-2023-1389 and open DNS servers for high-volume amplification attacks.
Leaked files linked control activity to infrastructure and SSH keys associated with DDoS mitigation firm Huge Networks. Researchers uncovered a large-scale phishing campaign, dubbed AccountDumpling, that abuses Google AppSheet email services to hijack Facebook accounts. The operation was linked to Vietnam based attackers and is using cloned support pages, reward lures, and live 2FA collection, compromising over 30,000 users and monetizing stolen access through Telegram.
Researchers documented a TeamPCP supply chain campaign that compromised four SAP npm packages used in cloud development workflows. The malicious installers harvested developer and cloud credentials across GitHub, npm, and major providers, enabling propagation and downstream compromises before the packages were removed. GO UP BACK TO ALL POSTS POPULAR POSTS Check Point Research Publications Global Cyber Attack Reports Threat Research “The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign Security Report 2024’s Cyber Battleground Unveiled: Escalating Ransomware Epidemic, the Evolution of Cyber Warfare Tactics and strategic use of AI in defense – Insights from Check Point’s Latest Security Report 8th May – Threat Intelligence Report BLOGS AND PUBLICATIONS February 17, 2020 January 22, 2020 The 2020 Cyber Security Report December 15, 2021 StealthLoader Malware Leveraging Log4Shell First Name Last Name Country —Please choose an option— China India United States Indonesia Brazil Pakistan Nigeria Bangladesh Russia Japan Mexico Philippines Vietnam Ethiopia Egypt Germany Iran Turkey Democratic Republic of the Congo Thailand France United Kingdom Italy Burma South Africa South Korea Colombia Spain Ukraine Tanzania Kenya Argentina Algeria Poland Sudan Uganda Canada Iraq Morocco Peru Uzbekistan Saudi Arabia Malaysia Venezuela Nepal Afghanistan Yemen North Korea Ghana Mozambique Taiwan Australia Ivory Coast Syria Madagascar Angola Cameroon Sri Lanka Romania Burkina Faso Niger Kazakhstan Netherlands Chile Malawi Ecuador Guatemala Mali Cambodia Senegal Zambia Zimbabwe Chad South Sudan Belgium Cuba Tunisia Guinea Greece Portugal Rwanda Czech Republic Somalia Haiti Benin Burundi Bolivia Hungary Sweden Belarus Dominican Republic Azerbaijan Honduras Austria United Arab Emirates Israel Switzerland Tajikistan Bulgaria Hong Kong (China) Serbia Papua New Guinea Paraguay Laos Jordan El Salvador Eritrea Libya Togo Sierra Leone Nicaragua Kyrgyzstan Denmark Finland Slovakia Singapore Turkmenistan Norway Lebanon Costa Rica Central African Republic Ireland Georgia New Zealand Republic of the Congo Palestine Liberia Croatia Oman Bosnia and Herzegovina Puerto Rico Kuwait Moldov Mauritania Panama Uruguay Armenia Lithuania Albania Mongolia Jamaica Namibia Lesotho Qatar Macedonia Slovenia Botswana Latvia Gambia Kosovo Guinea-Bissau Gabon Equatorial Guinea Trinidad and Tobago Estonia Mauritius Swaziland Bahrain Timor-Leste Djibouti Cyprus Fiji Reunion (France) Guyana Comoros Bhutan Montenegro Macau (China) Solomon Islands Western Sahara Luxembourg Suriname Cape Verde Malta Guadeloupe (France) Martinique (France) Brunei Bahamas Iceland Maldives Belize Barbados French Polynesia (France) Vanuatu New Caledonia (France) French Guiana (France) Mayotte (France) Samoa Sao Tom and Principe Saint Lucia Guam (USA) Curacao (Netherlands) Saint Vincent and the Grenadines Kiribati United States Virgin Islands (USA) Grenada Tonga Aruba (Netherlands) Federated States of Micronesia Jersey (UK) Seychelles Antigua and Barbuda Isle of Man (UK) Andorra Dominica Bermuda (UK) Guernsey (UK) Greenland (Denmark) Marshall Islands American Samoa (USA) Cayman Islands (UK) Saint Kitts and Nevis Northern Mariana Islands (USA) Faroe Islands (Denmark) Sint Maarten (Netherlands) Saint Martin (France) Liechtenstein Monaco San Marino Turks and Caicos Islands (UK) Gibraltar (UK) British Virgin Islands (UK) Aland Islands (Finland) Caribbean Netherlands (Netherlands) Palau Cook Islands (NZ) Anguilla (UK) Wallis and Futuna (France) Tuvalu Nauru Saint Barthelemy (France) Saint Pierre and Miquelon (France) Montserrat (UK) Saint Helena, Ascension and Tristan da Cunha (UK) Svalbard and Jan Mayen (Norway) Falkland Islands (UK) Norfolk Island (Australia) Christmas Island (Australia) Niue (NZ) Tokelau (NZ) Vatican City Cocos (Keeling) Islands (Australia) Pitcairn Islands (UK) We value your privacy!
BFSI uses cookies on this site. We use cookies to enable faster and easier experience for you. By continuing to visit this website you agree to our use of cookies. ACCEPT REJECT