Check Point Research Details Wide-Ranging Cyber Threats: From Crypto Heists to AI-Powered Attacks
Check Point Research's latest threat intelligence report highlights a diverse array of cyber incidents, including a supply chain attack on Polymarket, a massive data breach at Japanese telecom KDDI, and emerging AI-driven threats.
Check Point Research has released its latest threat intelligence bulletin, detailing a broad spectrum of cyber incidents and emerging threats observed in the week of June 29th. The report underscores the evolving threat landscape, encompassing significant financial theft, large-scale data breaches, and the increasing sophistication of AI-powered attacks.
A notable incident involves Polymarket, a prominent cryptocurrency prediction market, which fell victim to a supply chain attack. Malicious JavaScript was injected into the platform's website via a compromised third-party frontend vendor. This allowed attackers to trick users into approving fraudulent transactions, resulting in the theft of approximately $3 million from fewer than 15 accounts. The attack specifically targeted the frontend, leaving the backend systems unaffected.
In the telecommunications sector, Japanese operator KDDI reported a breach affecting its ISP email platform. An intrusion detected on June 17th potentially exposed the email addresses and passwords of up to 14.22 million users across services from six different ISPs, including well-known providers like J:COM and Biglobe. This incident highlights the ongoing risks associated with large-scale customer data management.
Further impacting critical infrastructure and manufacturing, Indian electronics firm Tata Electronics, a key supplier to major tech companies like Apple and Tesla, confirmed a cyberattack and data breach. While the company stated its IT systems were impacted, the World Leaks group claimed to have exfiltrated 630GB of sensitive data, including alleged supplier and customer documents. Separately, Brazil's National Civil Defense warning platform, managed by telecom regulator Anatel, was targeted by a cyberattack that broadcasted a false "Extreme Alert" to mobile devices across several regions, prompting officials to take the system offline.
The report also delves into the growing threat of AI-driven attacks. Researchers detailed "EvilTokens," an AI-powered phishing-as-a-service operation that leverages device-code authentication to steal Microsoft 365 tokens. This campaign has seen a dramatic surge in device-code phishing, with AI-generated lures and automated workflows significantly lowering the barrier to entry for attackers.
Additionally, the report highlights vulnerabilities in several platforms. Cisco has addressed CVE-2026-20245, a critical command injection flaw in Catalyst SD-WAN Manager that had been exploited as a zero-day for months. Dify, an open-source AI platform, released version 1.14.2 to fix four vulnerabilities, including critical flaws (CVE-2026-41947, CVE-2026-41948) that could lead to unauthenticated access and cross-tenant data exposure. Ubiquiti UniFi OS is also affected by three vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) reportedly being exploited in the wild, including by the Mirai botnet.
Other significant findings include the "FortiBleed" campaign, which weaponizes compromised FortiGate firewalls to steal credentials across numerous protocols, impacting over 430,000 devices globally. Researchers also attributed the "StockStay" espionage malware to Russia-linked Turla, targeting Ukrainian government entities, and revealed that the Chinese DCloud Uni-App framework powers a vast ecosystem of scam domains. The "FulcrumSec" cloud extortion group's tactics, which involve exploiting cloud misconfigurations and exposed credentials, were also analyzed.
These diverse incidents underscore the multifaceted nature of modern cyber threats, ranging from traditional financial fraud and data theft to the exploitation of emerging technologies like AI and the persistent targeting of critical infrastructure and supply chains.