InfoSecBulletin Cybersecurity for mankind
Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems. Over the weekend, a hacker named CoreInjection claimed in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (around $430,000).
The threat actor claimed to have stolen various data from the security firm, such as project documents, credentials, network maps, architecture diagrams, source code, binaries, and employee contact information.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Starting in mid-March, CoreInjection announced the sale of allegedly stolen data from five companies, primarily in Israel. The asking prices for the other four listings range from $30,000 to $100,000.
Check Point responded 31 March on its support portal:
“On March 30th, 2025, a BreachForum post offered to sell alleged hacked Check Point data. This relates to an old, known, and pinpointed event from several months ago, which we addressed at the time and had no security implications.
This event included 3 organizations’ tenants in a portal that does not include customers’ systems, production or security architecture. The event did not include the description detailed in the post.
The event was addressed immediately and thoroughly investigated. These organizations were updated and handled at the time, and this post is recycling this old, irrelevant information.
We are sharing here some additional context which helps scope this event:
The post relates to an event from December 2024, stems from compromised credentials of a portal account with limited access.
It was limited to a list of several account names with product names, 3 customers’ accounts with contact names, and a list of some Check Point employees’ emails. As said, this does not include customers’ systems, production, or security architecture.
The content of the post falsely implies exaggerated claims which never happened. The portal has different internal mitigations.
Our thorough investigation concluded that there is no risk to Check Point customers and there are no security implications.”
