Check Point Research Details Diverse Cyber Threats, From Data Breaches to AI Exploits
A new report from Check Point Research highlights a wide array of cyber incidents, including major data breaches, sophisticated AI-driven attacks, and newly exploited vulnerabilities.
Check Point Research's latest threat intelligence bulletin, covering the week of June 1st, reveals a broad spectrum of cyber threats impacting organizations and individuals globally. The report details significant data breaches, such as the exposure of 2.6 million accounts at DentaQuest, a U.S. dental benefits administrator owned by Sun Life, where names, emails, government IDs, and health insurance details were compromised by the ShinyHunters threat group. Additionally, password manager Dashlane disclosed an incident where attackers used brute-forced two-factor authentication codes to gain unauthorized access to less than 20 user accounts, allowing them to download encrypted password vaults.
The United Nations World Food Programme also reported unauthorized access to its Gaza self-registration application, exposing sensitive data for approximately 600,000 Palestinian households, including names, identification numbers, mobile numbers, and location data. The platform has since been suspended as the WFP investigates. In a separate development, Russia's Federal Security Service claimed that foreign intelligence agencies had compromised mobile devices belonging to senior Russian officials, allegedly deploying spyware to access communications, geolocation data, and conduct covert surveillance.
Further complicating the threat landscape, Hola, a popular Windows browser provider, confirmed a supply chain compromise that distributed an unauthorized cryptominer executable to a small percentage of its user base. The malware was installed as a Windows service and employed evasion techniques to avoid detection by Microsoft Defender. This incident underscores the persistent risks associated with software supply chains.
The report also sheds light on emerging AI-driven threats. Attackers have reportedly leveraged Meta's AI support chatbot to compromise Instagram accounts by exploiting weaknesses in account recovery processes that lacked sufficient identity verification. Researchers also demonstrated a novel prompt injection technique, dubbed Fake Context Alignment, which manipulated Google's Gemini voice assistant through incoming messages, enabling unauthorized device control and participation in video calls. Furthermore, an AI-enabled EDR evasion lab was described, where threat actors automate malware development and testing against leading security solutions like Sophos, CrowdStrike, and Microsoft Defender.
In terms of vulnerabilities, Google's June Android security patch addresses 124 flaws, including CVE-2025-48595, a high-severity Android Framework vulnerability actively exploited by local attackers to gain code execution and escalate privileges on newer Android versions. Cisco has issued patches for CVE-2026-20230, a critical flaw in its Unified Communications Manager that allows unauthenticated attackers to write files and gain root access, with a public proof-of-concept already available. SolarWinds Serv-U's CVE-2026-28318 has also been exploited in the wild, causing service disruptions through crafted HTTP POST requests, with a fix available in Serv-U 15.5.4 HF1. Microsoft Windows Netlogon is facing exploitation of CVE-2026-41089, a critical stack-based buffer overflow allowing remote code execution and SYSTEM-level control of domain controllers.
Check Point Research also detailed a large-scale impersonation and click-hijacking scheme that rerouted downloads from fake open-source sites, leading to infections by malware like RemusStealer and SessionGate. The investigation into Iranian cyber espionage operations linked a Dutch seizure of approximately 800 servers at WorkTitans B.V. to infrastructure used by threat groups MuddyWater, Agrius, and Nimbus Manticore. The report also analyzed the U.S. midterm threat landscape, noting a focus on phishing and brand impersonation rather than election interference, and uncovered a months-long espionage campaign targeting a senior executive at a global stock exchange.
These findings collectively paint a picture of a dynamic and evolving threat landscape, where traditional cybercrime tactics are being augmented by sophisticated AI capabilities and persistent exploitation of software vulnerabilities across various platforms and vendors.