Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe

Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia, with additional victims identified in Europe The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns aimed at government entities It maintains long-term persistence by hijacking legitimate Windows services, thus allowing malware processes to blend into normal system activity A custom backdoor, GearDoor, enables covert command-and-control communications via Google Drive, blending malicious traffic with normal cloud usage The campaign remains relevant as attackers continue to abuse trusted enterprise services and legitimate system components to evade detection Based […]

The post Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/PyaC2Ug
via
- No comments:
Labels:

How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization

The CVSS Blind Spot For years, CVSS scores have been the default metric for vulnerability severity. But severity does not equal risk. A CVSS 9.8 vulnerability that is never exploited is less dangerous than a CVSS 6.5 actively used in ransomware campaigns. Yet many organizations still chase the highest scores first, wasting time and leaving real threats exposed. KEV lists help, but they are reactive and often lag behind active exploitation. Attackers move faster than static scoring systems. If your prioritization strategy starts and ends with CVSS, you are playing catch-up. If vulnerability management feels overwhelming, the numbers explain why. […]

The post How Threat Intelligence and Multi-Source Data Drive Smarter Vulnerability Prioritization appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/NKSVHAe
via
- No comments:
Labels:

What Defenders Need to Know about Iran’s Cyber Capabilities

With the current Iran crisis at its peak, cyber activity is a relevant part of the threat picture alongside kinetic and political pressure. Iran’s ecosystem includes multiple clusters aligned with state entities, the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), as well as deniable operators and “hacktivist” groups. This ecosystem supports a broad set of objectives: espionage to gain intelligence and footholds; disruption and destructive activity, including DDoS attacks, pseudo-ransomware, and data wipers to impose costs; and information operations that pair destructive activity or data leaks with coordinated online amplification. This activity is expected to intensify and broaden across the Middle East, the United States, and […]

The post What Defenders Need to Know about Iran’s Cyber Capabilities appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/dBXzojE
via
- No comments:
Labels:

National Cyber Resilience in the AI Era

A Practical Q&A Guide for Leaders Navigating NIST, Zero Trust, and AI Governance  Q1. Why does national cyber security feel more urgent than ever?  Answer:  Cyber security is no longer something that happens quietly in server rooms or security operations centers. It now affects fuel availability, hospital operations, elections, financial markets, and public trust.  What has changed is not just the volume of cyber attacks, but their intent. Adversaries are no longer satisfied with stealing data. They are embedding themselves into systems, waiting patiently, and positioning for disruption at moments of national stress. Cloud platforms, AI systems, and operational technology have dramatically expanded the attack […]

The post National Cyber Resilience in the AI Era appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/p1ZtDMz
via
- No comments:
Labels:

Check Point Researchers Expose Critical Claude Code Flaws

Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project Built-in mechanisms—including Hooks, MCP integrations, and environment variables—could be abused to bypass trust controls, execute hidden shell commands, and redirect authenticated API traffic before user consent Stolen Anthropic API keys posed enterprise-wide risk, particularly in shared workspaces where a single compromised key could expose, modify, or delete shared files and resources and generate unauthorized costs The findings highlight a broader shift in the AI supply chain threat model: repository […]

The post Check Point Researchers Expose Critical Claude Code Flaws appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/h4dwpLV
via
- No comments:
Labels:

Two Types of Threat Intelligence That Make Security Work

The problem isn’t that we lack threat intelligence. It’s that we lack the right kind of intelligence, intelligence that connects what’s happening inside your environment with what attackers are planning outside it. That’s why two types of threat intelligence matter: internal and external. Alone, each tells part of the story. Together, they create clarity. Why Threat Intelligence Alone Falls Short Most organizations subscribe to multiple threat feeds. They pour in from every direction, generic, fragmented, and often delayed. Instead of clarifying risk, they confuse it. “Organizations still make critical decisions based on incomplete or underrefined threat data.” — Gartner, The […]

The post Two Types of Threat Intelligence That Make Security Work appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/qIrEU1b
via
- No comments:
Labels:

The UK’s Cyber Threat Has Changed. Most Organizations Haven’t.

For years, ransomware shaped how UK organizations thought about cyber risk. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16% of all recorded attacks across the region. But volume alone doesn’t explain what changed. The real shift was intent. Attackers didn’t just increase activity; they changed tactics. Disruption overtook monetization. Organizations that spent years preparing for one dominant threat model found themselves exposed to another. A Threat Model That No Longer Fits Reality In 2024, ransomware dominated the UK cyber risk conversation. In 2025, it was no longer the primary attack […]

The post The UK’s Cyber Threat Has Changed. Most Organizations Haven’t. appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/cT90gzK
via
- No comments:
Labels:
Subscribe to: Comments (Atom)

Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe

Silver Dragon is a China nexus cyber espionage group targeting government ministries and public sector organizations across Southeast Asia,...