# Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 – pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution – we sighed with relief. Clearly, the universe had decided […]

Check Point Research continuously investigates real-world attacks, vulnerabilities, attackers’ infrastructure, and emerging techniques across global networks and environments. The Cyber Security Report 2026 consolidates our research efforts throughout 2025 to deliver a clear, data-driven view of the current threat landscape and its trajectory in 2026. As Check Point’s flagship annual […]

# General Graboids: Worms and Remote Code Execution in Command & Conquer _[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead]_ This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference […]

# On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 Looking to improve your skills? Discover our **trainings** sessions! Learn more. ## Introduction At Pwn2Own Berlin 2025, we successfully exploited VMware Workstation using a single Heap-Overflow vulnerability in the PVSCSI controller implementation. While we were initially confident in the […]

Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. The group […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

# Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) Well, well, well – look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 – a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for […]

**security-research** Public # Python Wheel (Zip) Parser Differential Vulnerability v2.0 ## Package ## Affected versions ## Patched versions ## Description ### Summary It is still possible (albeit with significantly more effort) to upload a specially crafted Wheel file (i.e. zip) to PyPI that when installed with PIP (or another Python […]

# Intercepting OkHttp at Runtime With Frida – A Practical Guide 22 Jan 2026 – Posted by Szymon Drosdzol ### Introduction OkHttp is the defacto standard HTTP client library for the Android ecosystem. It is therefore crucial for a security analyst to be able to dynamically eavesdrop the traffic generated […]

When we first encountered VoidLink, we were struck by its level of maturity, high functionality, efficient architecture, and flexible, dynamic operating model. Employing technologies like eBPF and LKM rootkits and dedicated modules for cloud enumeration and post-exploitation in container environments, this unusual piece of malware seemed to be a larger […]