InfoSecBulletin Cybersecurity for mankind
Israeli cybersecurity firm Check Point has responded to a hacker who claimed to have stolen valuable information from its systems. Over the weekend, a hacker named CoreInjection claimed in a BreachForums post that they were selling data allegedly stolen from Check Point for 5 Bitcoin (around $430,000).
The threat actor claimed to have stolen various data from the security firm, such as project documents, credentials, network maps, architecture diagrams, source code, binaries, and employee contact information.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Starting in mid-March, CoreInjection announced the sale of allegedly stolen data from five companies, primarily in Israel. The asking prices for the other four listings range from $30,000 to $100,000.
Check Point responded 31 March on its support portal:
“On March 30th, 2025, a BreachForum post offered to sell alleged hacked Check Point data. This relates to an old, known, and pinpointed event from several months ago, which we addressed at the time and had no security implications.
This event included 3 organizations’ tenants in a portal that does not include customers’ systems, production or security architecture. The event did not include the description detailed in the post.
The event was addressed immediately and thoroughly investigated. These organizations were updated and handled at the time, and this post is recycling this old, irrelevant information.
We are sharing here some additional context which helps scope this event:
The post relates to an event from December 2024, stems from compromised credentials of a portal account with limited access.
It was limited to a list of several account names with product names, 3 customers’ accounts with contact names, and a list of some Check Point employees’ emails. As said, this does not include customers’ systems, production, or security architecture.
The content of the post falsely implies exaggerated claims which never happened. The portal has different internal mitigations.
Our thorough investigation concluded that there is no risk to Check Point customers and there are no security implications.”
