The Check Point Research 2nd March Threat Intelligence Report provides an extensive overview of recent cyber threats and vulnerabilities affecting multiple industries and geographies. Key incidents include a data breach at Wynn Resorts where employee HR data was accessed following extortion attempts linked to the ShinyHunters group, though operational disruption was avoided. UFP Technologies suffered a cyberattack causing data exfiltration and operational disruptions. The Transport Workers Union of America was targeted by the Qilin ransomware group, exposing personal data of 67,000 members. European marketplace ManoMano reported a breach via a third-party support portal, exposing customer contact information but not payment data. Critical vulnerabilities were discovered in AI systems, notably Anthropic’s Claude Code, allowing remote code execution and API key theft, which could enable attackers to manipulate shared workspaces and extract sensitive workflows. These vulnerabilities were patched (e.g., CVE-2025-59536). Malicious AI usage attempts, including influence operations linked to Chinese law enforcement targeting Japan’s prime minister, were also reported. Two Roundcube Webmail vulnerabilities (CVE-2025-49113 and CVE-2025-68461) enable post-auth remote code execution and unauthenticated cross-site scripting, affecting global deployments including cPanel environments. SolarWinds Web Help Desk suffers from a pre-authentication remote code execution chain (CVE-2025-40552, CVE-2025-40554, CVE-2025-40553) allowing full server takeover without credentials. A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (CVE-2026-20127, CVSS 10) has been exploited in the wild for years, enabling attackers to gain high privileges and root access, prompting CISA emergency directives. The report also outlines Iranian threat actor clusters active in the Middle East and US, Lazarus-linked ransomware campaigns using Medusa ransomware, and GrayCharlie malware targeting WordPress sites through JavaScript injection and fake updates. Check Point’s IPS and endpoint security solutions provide protection against many of these threats. The report underscores the evolving threat landscape involving ransomware, AI exploitation, and sophisticated state-linked operations.

The threats detailed in this report pose significant risks to organizations worldwide across multiple sectors including hospitality, manufacturing, transportation, e-commerce, and critical infrastructure. Data breaches at Wynn Resorts and ManoMano compromise employee and customer personal information, increasing risks of identity theft, fraud, and reputational damage. Ransomware attacks on the Transport Workers Union threaten operational continuity and expose sensitive member data, potentially disrupting essential transit services. Vulnerabilities in widely deployed software like Roundcube Webmail and SolarWinds Web Help Desk enable attackers to execute remote code and gain unauthorized access, risking full system compromise, data theft, and service outages. The critical Cisco Catalyst SD-WAN Controller flaw allows persistent, high-privilege access to network infrastructure, threatening network integrity and availability. AI platform vulnerabilities and misuse attempts raise concerns about intellectual property theft, unauthorized data access, and manipulation of AI-driven workflows, potentially impacting organizations relying on AI for critical operations. State-linked threat actor activity and ransomware campaigns increase geopolitical risk and complicate defense efforts. Collectively, these threats can lead to financial losses, operational disruptions, regulatory penalties, and erosion of stakeholder trust.

Organizations should implement a multi-layered defense strategy tailored to the specific threats identified. Immediate patching of critical vulnerabilities is essential, particularly for Cisco Catalyst SD-WAN Controllers, SolarWinds Web Help Desk, and Roundcube Webmail deployments, prioritizing those exposed to external networks. Employ network segmentation and strict access controls to limit lateral movement in case of compromise. Deploy advanced endpoint protection and intrusion prevention systems, such as Check Point Harmony Endpoint and IPS, to detect and block ransomware and remote code execution attempts. For AI platforms, enforce strict project configuration validation, rotate API credentials regularly, and monitor for anomalous usage patterns indicative of credential theft or model extraction. Conduct thorough third-party risk assessments, especially for customer support portals and outsourced services, to prevent supply chain breaches. Enhance monitoring and incident response capabilities to rapidly detect and contain breaches, including anomaly detection for unusual authentication or data exfiltration activities. Educate employees on phishing and social engineering tactics linked to ransomware and credential theft. Finally, maintain comprehensive backups with offline copies to mitigate ransomware impact and ensure business continuity.