InfoSecBulletin Cybersecurity for mankind
Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems. Over the weekend, a hacker named CoreInjection claimed in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (around $430,000).
The threat actor claimed to have stolen various data from the security firm, such as project documents, credentials, network maps, architecture diagrams, source code, binaries, and employee contact information.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Starting in mid-March, CoreInjection announced the sale of allegedly stolen data from five companies, primarily in Israel. The asking prices for the other four listings range from $30,000 to $100,000.
Check Point responded 31 March on its support portal:
“On March 30th, 2025, a BreachForum post offered to sell alleged hacked Check Point data. This relates to an old, known, and pinpointed event from several months ago, which we addressed at the time and had no security implications.
This event included 3 organizations’ tenants in a portal that does not include customers’ systems, production or security architecture. The event did not include the description detailed in the post.
The event was addressed immediately and thoroughly investigated. These organizations were updated and handled at the time, and this post is recycling this old, irrelevant information.
We are sharing here some additional context which helps scope this event:
The post relates to an event from December 2024, stems from compromised credentials of a portal account with limited access.
It was limited to a list of several account names with product names, 3 customers’ accounts with contact names, and a list of some Check Point employees’ emails. As said, this does not include customers’ systems, production, or security architecture.
The content of the post falsely implies exaggerated claims which never happened. The portal has different internal mitigations.
Our thorough investigation concluded that there is no risk to Check Point customers and there are no security implications.”
