Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Quasar, crafted in the C# programming language, is a publicly accessible and open-source Remote Access Trojan (RAT) designed for Microsoft Windows operating systems (OSs). This creation comes courtesy of the GitHub user MaxXor and resides as a publicly hosted repository on GitHub. While its utility extends to legitimate applications like enabling remote assistance from an organization’s helpdesk technician, Quasar is being exploited by APT actors for cybercrime and cyber espionage endeavors.

Following Cyberint’s acquisition by Check Point at the end of 2024, we’ve only accelerated across our platform and services. This year-in-review highlights the biggest achievements of 2025, spanning AI innovation, huge advancements in threat intelligence, brand protection, and attack surface management, global coverage and most importantly customer impact.

Zestix is identified as a criminal threat actor primarily motivated by personal gain. The actor first emerged in September 2025 and operates at an intermediate resource level, functioning as an individual. Zestix has been involved in significant data breaches, notably targeting organizations in the transportation and government sectors.

CopilotLeaks is a criminal threat actor group known for its data breaches and leaks targeting various sectors in Bolivia and Paraguay. The group operates under multiple aliases, including Megumi, vulnerandolo, and Johan_Liebheart. Their primary motivation is personal gain, and they are characterized as having an intermediate level of sophistication.

LinkedIn was never designed to be hostile. That’s precisely why it’s become attractive to attackers.

Since at least May 2023, a financially motivated cyber-crime network has been operating a phishing campaign primarily abusing Google Ads, and occasionally Microsoft Ads to drive traffic to credential-harvesting websites. This campaign – part of which was named “Payroll Pirates” by SilentPush – has remained active, with periodic updates to tactics and target rotations.

Originally published: April 2023 Updated: September 2025 Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

First published May 8th 2025 Updated Sept 16th 2025 Editor’s Note: This blog builds on our recent analysis of the DragonForce ransomware cartel, which claimed responsibility for a wave of UK retail attacks in April–May 2025. While DragonForce took credit for the extortion and data leak phase, growing evidence suggests that another group—Scattered Spider—may have played a foundational role in enabling those attacks.

How Cyberint, now a Check Point Company, supports organisations working towards cyber resilience.

On September 8, 2025, the JavaScript ecosystem experienced what is now considered the largest supply chain attack in npm history. A sophisticated phishing campaign led to the compromise of a trusted maintainer’s account, resulting in the injection of cryptocurrency-stealing malware into 18+ foundational npm packages. These packages collectively accounted for over 2 billion weekly downloads, affecting millions of applications globally—from personal projects to enterprise-grade systems.