Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What Is BlackSuit Ransomware & How Could It Impact Your Organization?

The BlackSuit ransomware operation surfaced in early April/May 2023. This group engages in multi-faceted extortion, encrypting and exfiltrating data from victims while hosting public data leak sites for those who do not comply with their demands. BlackSuit has notably targeted entities in the healthcare and education sectors, as well as other critical industries. It operates privately, with no public affiliates.

The Growing Threat of ShadowPad Malware and Its Business Impact

ShadowPad, a sophisticated modular malware, has emerged as a significant cybersecurity threat. Attributed initially to Chinese state-sponsored threat actors (APT41), this malware has evolved into a shared tool among various APTs. Its highly customizable nature allows attackers to adapt ShadowPad to specific targets, making it a versatile and persistent threat.

The Rise of Pony Malware and What it Means for Organizations

Pony, also recognized as Fareit or Siplog, operates as an information stealer and loader, serving as malware designed to gather data from compromised systems and facilitate the installation of other malicious programs. This particular virus made its initial appearance in the wild in 2011, primarily targeting users in Europe and North America.

Introducing Agentic Exposure Validation

Check Point Agentic Exposure Validation (AEV) uses AI agents to reason like an attacker across your external footprint. It correlates your assets with live threat intelligence, exploit research, and attacker behavior, and tells you, in minutes, what's actually exploitable and what isn't. No assumptions. No noise. Evidence-backed findings your team can act on immediately.

Diving Into Quasar RAT: TTPs, IoCs and more

Quasar, crafted in the C# programming language, is a publicly accessible and open-source Remote Access Trojan (RAT) designed for Microsoft Windows operating systems (OSs). This creation comes courtesy of the GitHub user MaxXor and resides as a publicly hosted repository on GitHub. While its utility extends to legitimate applications like enabling remote assistance from an organization’s helpdesk technician, Quasar is being exploited by APT actors for cybercrime and cyber espionage endeavors.

Our 2025 - Innovation, Intelligence, and Impact

Following Cyberint’s acquisition by Check Point at the end of 2024, we’ve only accelerated across our platform and services. This year-in-review highlights the biggest achievements of 2025, spanning AI innovation, huge advancements in threat intelligence, brand protection, and attack surface management, global coverage and most importantly customer impact.

What is Safe Remediation in Check Point Exposure Management's Offering?

Safe Remediation is the process of turning validated exposure insights into coordinated, non-disruptive fixes across security controls ensuring teams can reduce risk quickly without breaking production. More specifically, Safe Remediation includes: Validation before enforcement Remediation without downtime Automated, coordinated action across controls Preemptive blocking of attacker infrastructure Safe-by-design automation Safe Remediation ensures that exposures are fixed quickly, automatically, and without operational risk – turning detection into trusted, validated action.

Zestix Threat Actor Profile | TTPs, Victims, and Breach Activity

Zestix is identified as a criminal threat actor primarily motivated by personal gain. The actor first emerged in September 2025 and operates at an intermediate resource level, functioning as an individual. Zestix has been involved in significant data breaches, notably targeting organizations in the transportation and government sectors.