InfoSecBulletin Cybersecurity for mankind
Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems. Over the weekend, a hacker named CoreInjection claimed in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (around $430,000).
The threat actor claimed to have stolen various data from the security firm, such as project documents, credentials, network maps, architecture diagrams, source code, binaries, and employee contact information.
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
Registration open for ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’
Samsung phone is saving your passwords in plain text
Starting in mid-March, CoreInjection announced the sale of allegedly stolen data from five companies, primarily in Israel. The asking prices for the other four listings range from $30,000 to $100,000.
Check Point responded 31 March on its support portal:
“On March 30th, 2025, a BreachForum post offered to sell alleged hacked Check Point data. This relates to an old, known, and pinpointed event from several months ago, which we addressed at the time and had no security implications.
This event included 3 organizations’ tenants in a portal that does not include customers’ systems, production or security architecture. The event did not include the description detailed in the post.
The event was addressed immediately and thoroughly investigated. These organizations were updated and handled at the time, and this post is recycling this old, irrelevant information.
We are sharing here some additional context which helps scope this event:
The post relates to an event from December 2024, stems from compromised credentials of a portal account with limited access.
It was limited to a list of several account names with product names, 3 customers’ accounts with contact names, and a list of some Check Point employees’ emails. As said, this does not include customers’ systems, production, or security architecture.
The content of the post falsely implies exaggerated claims which never happened. The portal has different internal mitigations.
Our thorough investigation concluded that there is no risk to Check Point customers and there are no security implications.”
