Check Point Named Leader In Zero Trust Platforms
Check Point received the highest possible scores (5 out of 5) in four critical criteria within the current offering category: centralized management and usability, least-privileged-access enforcement, segmentation and control, and deployment. The company also received 5/5 scores in the roadmap and supporting services and offerings criteria within the strategy category, which Check Point believes reinforces its strong vision and customer-centric approach.
'This recognition by Forrester affirms, for us, Check Point's leadership in delivering consistent Zero Trust security that is comprehensive, intuitive, and built for the AI-driven, hyperconnected world,' said Nataly Kremer, Chief Product Officer at Check Point Software. 'Our AI-powered Infinity Platform is purpose-built to help organizations secure users, assets, and data — wherever they reside — through centralized management, intelligent policy enforcement, and flexible deployment across cloud, on-prem, and hybrid environments.'
Check Point's highlights from the report include: Centralized Management
Least-Privileged Access Enforcement
Segmentation and control
Deployment
Roadmap
Supporting services and offerings
Forrester also noted that organizations looking for a centralized, easy-to-manage, and holistic network security platform for local networks should include Check Point on their shortlist.
For Check Point, this position as a leader reinforces the company's commitment to a prevention-first strategy, helping enterprises proactively secure their infrastructure against modern threats while accelerating their Zero Trust adoption.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
TECHx
5 days ago
- TECHx
FileFix: A New Social Engineering Threat Emerges
Home » Top stories » FileFix: A New Social Engineering Threat Emerges Check Point Research identifies how the new social engineering technique, FileFix, is being actively tested by threat actors in the wild. Attackers have long exploited human trust as a primary attack surface, and they're doing it again with a new technique called FileFix. FileFix is a recently uncovered social engineering attack that builds on the widely abused ClickFix tactic. Unlike ClickFix, which tricks users into running malicious commands via the Windows Run dialog, FileFix takes a subtler approach: it opens a legitimate Windows File Explorer window from a webpage and silently loads a disguised PowerShell command into the user's clipboard. When the victim pastes into the Explorer address bar, the malicious command executes. This attack relies not on software vulnerabilities but on exploiting routine user actions and trust. Within just two weeks of FileFix's public disclosure, Check Point Research observed this technique being actively tested in the wild by a known threat actor. This group previously deployed ClickFix-based phishing campaigns targeting users of major cryptocurrency platforms. The FileFix tests so far use benign payloads, signaling an imminent shift to delivering real malware. During the same period, threat group KongTuke was also found using the method in a recent campaign. With FileFix now operational in real-world campaigns, defenders must prepare for the next phase: full-scale deployment of malicious payloads using this technique. The attack infrastructure is established, and it's only a matter of time before FileFix causes significant damage. 'Threat actors began using FileFix less than two weeks after it was published, showing just how quickly cyber criminals adapt. Like ClickFix, this technique doesn't rely on complex exploits, but on manipulating routine user behavior. By shifting from the Run dialog to File Explorer, attackers are now hiding in plain sight, making detection harder and the threat more dangerous,' said Eli Smadja, Group Manager, Security Research at Check Point Software Technologies. This blog will explain how the FileFix attack works, profile the threat actor testing it, and provide actionable guidance for defenders to detect, block, and prepare for this evolving threat. Background: The Rise of FakeCaptcha/FixIt/ClickFix Attacks ClickFix is a simple but highly effective social engineering trick. It convinces users to run malicious code by pretending there's a technical problem that needs fixing, like a broken CAPTCHA or browser error. Victims are typically told to copy and paste a command into the Windows Run dialog, unknowingly infecting themselves in the process. Over the past year, ClickFix attacks have surged, evolving into one of the most common initial access methods. Attackers spoof familiar services and design convincing error messages to lower users' defenses. This success paved the way for FileFix, a new variation with even subtler execution. The FileFix Technique: An Evolution of ClickFix Social Engineering Attacks Building on the widespread success of the ClickFix social engineering attack, security researcher mr.d0x introduced FileFix on June 23, 2025, a new, stealthier technique designed to trick users into executing malicious commands without raising suspicion. Unlike ClickFix, which relies on the more noticeable Windows Run dialog, FileFix shifts the attack to the familiar and trusted environment of Windows File Explorer. This technique does not exploit software vulnerabilities; instead, it leverages user trust in everyday Windows actions to execute harmful code. How FileFix works A malicious webpage can launch a Windows Explorer window on the victim's computer. Simultaneously, JavaScript running on that webpage quietly copies a disguised PowerShell command to the user's clipboard. The victim is then instructed to paste a 'file path' into the Explorer address bar. Instead of a real file path, the pasted content is a hidden PowerShell command. When the user presses Enter, Windows Explorer executes the command, which downloads and runs malware, all without displaying any obvious warning or command prompt. To victims, this process appears to be a simple task of opening a shared file or folder, making it feel routine and safe. This subtle manipulation makes FileFix a more stealthy and potentially more dangerous evolution of the ClickFix social engineering attack. The phishing site after being updated to deliver a malicious script Our Discovery: FileFix Technique Actively Tested in the Wild by Known Threat Actors Just over two weeks after the FileFix social engineering technique was publicly disclosed, in early July 2025, Check Point Research observed cyber criminals actively testing this new attack method in real-world campaigns. The threat actor, previously known for leveraging the ClickFix technique to distribute malware such as loaders, remote access Trojans (RATs), and information stealers, has begun experimenting with FileFix as part of their phishing operations. On July 6, 2025, we detected a newly registered domain hosting a phishing page closely resembling this group's earlier campaigns. Although the embedded FileFix script initially delivered only a benign payload, the activity clearly signals that threat actors are preparing to weaponize FileFix for future malware distribution and targeted attacks. Threat Actor Profile & Past Activity This threat actor has a history of targeting users of major cryptocurrency exchanges and other legitimate services. Their primary lure technique is SEO poisoning, which involves manipulating search engine results to promote malicious sites to the top. For example, a recent attack used a malicious sponsored Bing ad (malvertising) directing a victim to a fake 1Password site, where they were tricked into executing a ClickFix script that installed a NetSupport Manager remote access tool on their machine. A signature trait of this actor's phishing pages is their consistent imitation of Cloudflare CAPTCHA or security verification screens. To broaden their reach, the actor translates their lures into multiple languages including English, Korean, Slovak, and Russian, making their campaigns global and adaptable. Phishing pages in different languages Threat actors started using the new FileFix technique less than two weeks after its publication, demonstrating how quickly cyber criminals adapt to emerging trends. Techniques like ClickFix have emerged as some of the most effective initial access methods, not through technical exploits but via low-cost, high-impact manipulation of user behavior. Preparing for the Next Wave of Social Engineering Attacks: Defending Against FileFix and ClickFix The rapid rise of the ClickFix technique in 2025 highlights that social engineering remains one of the most cost-effective and enduring methods cyber criminals use to breach defenses. This approach exploits human behavior by tricking users into unknowingly executing malicious commands on their own computers. FileFix advances this tactic by concealing harmful commands behind the seemingly harmless act of opening files in Windows File Explorer. The fact that FileFix is already being tested and used in the wild mere days after its public disclosure shows how quickly attackers adopt new techniques and adapt to the evolving cyber threat landscape. Key Recommendations for Defenders and Users Be highly suspicious of any webpage or email that asks you to perform unusual manual actions, especially copying and pasting commands into system dialogs or Windows Explorer address bars. Educate users that legitimate websites and software rarely require manual execution of commands to fix issues. Monitor phishing pages that mimic popular services or security verification screens, particularly those using Cloudflare-like templates or recurring fake identifiers like Ray IDs. Implement and fine-tune endpoint detection rules to flag suspicious clipboard activity or unusual PowerShell executions triggered by user actions. Stay current with emerging social engineering trends and regularly update user training, incident response plans, and security playbooks. Foster a culture of verification where users confirm unexpected or unusual requests with IT or security teams before acting. Staying informed and vigilant is critical to preventing attackers from turning users into unwitting accomplices. Leveraging Endpoint Protection with Check Point Harmony Endpoint Tools like Check Point's Harmony Endpoint offer advanced endpoint detection and response capabilities designed to identify suspicious behaviors, such as unusual clipboard manipulation or stealthy PowerShell command executions initiated by user interactions. By combining proactive threat hunting, behavioral analytics, and real-time blocking, Harmony Endpoint empowers organizations to detect and stop evolving social engineering attacks like FileFix and ClickFix before they cause damage. In today's fast-changing threat environment, deploying intelligent endpoint protection solutions is essential to strengthening your organization's last line of defense.
Channel Post MEA
6 days ago
- Channel Post MEA
Check Point Named Leader In Zero Trust Platforms
Check Point Software Technologies has announced it has been recognized as a Leader in The Forrester Wave: Zero Trust Platforms, Q3 2025. The independent analyst report evaluated the 10 most significant Zero Trust platform providers and cited Check Point for delivering a unified, prevention-first security platform that covers network, cloud, and endpoint controls across hybrid environments. Check Point received the highest possible scores (5 out of 5) in four critical criteria within the current offering category: centralized management and usability, least-privileged-access enforcement, segmentation and control, and deployment. The company also received 5/5 scores in the roadmap and supporting services and offerings criteria within the strategy category, which Check Point believes reinforces its strong vision and customer-centric approach. 'This recognition by Forrester affirms, for us, Check Point's leadership in delivering consistent Zero Trust security that is comprehensive, intuitive, and built for the AI-driven, hyperconnected world,' said Nataly Kremer, Chief Product Officer at Check Point Software. 'Our AI-powered Infinity Platform is purpose-built to help organizations secure users, assets, and data — wherever they reside — through centralized management, intelligent policy enforcement, and flexible deployment across cloud, on-prem, and hybrid environments.' Check Point's highlights from the report include: Centralized Management Least-Privileged Access Enforcement Segmentation and control Deployment Roadmap Supporting services and offerings Forrester also noted that organizations looking for a centralized, easy-to-manage, and holistic network security platform for local networks should include Check Point on their shortlist. For Check Point, this position as a leader reinforces the company's commitment to a prevention-first strategy, helping enterprises proactively secure their infrastructure against modern threats while accelerating their Zero Trust adoption.
Zawya
6 days ago
- Zawya
Check Point Software Technologies named a leader in zero trust platforms, Q3 2025 evaluation
DUBAI, UAE – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, today announced it has been recognized as a Leader in The Forrester Wave™: Zero Trust Platforms, Q3 2025. The independent analyst report evaluated the 10 most significant Zero Trust platform providers and cited Check Point for delivering a unified, prevention-first security platform that covers network, cloud, and endpoint controls across hybrid environments. Check Point received the highest possible scores (5 out of 5) in four critical criteria within the current offering category: centralized management and usability, least-privileged-access enforcement, segmentation and control, and deployment. The company also received 5/5 scores in the roadmap and supporting services and offerings criteria within the strategy category, which Check Point believes reinforces its strong vision and customer-centric approach. 'This recognition by Forrester affirms, for us, Check Point's leadership in delivering consistent Zero Trust security that is comprehensive, intuitive, and built for the AI-driven, hyperconnected world,' said Nataly Kremer, Chief Product Officer at Check Point Software. 'Our AI-powered Infinity Platform is purpose-built to help organizations secure users, assets, and data — wherever they reside — through centralized management, intelligent policy enforcement, and flexible deployment across cloud, on-prem, and hybrid environments.' Check Point's highlights from the report include: Centralized Management Least-Privileged Access Enforcement Segmentation and control Deployment Roadmap Supporting services and offerings Forrester also noted that organizations looking for a centralized, easy-to-manage, and holistic network security platform for local networks should include Check Point on their shortlist. For Check Point, this position as a leader reinforces the company's commitment to a prevention-first strategy, helping enterprises proactively secure their infrastructure against modern threats while accelerating their Zero Trust adoption. Learn more on our blog and access a complimentary copy of The Forrester Wave™: Zero Trust Platforms, Q3 2025 here. Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester's objectivity here. Follow Check Point via: X (Formerly known as Twitter): Facebook: Blog: YouTube: LinkedIn: About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. ( is a leading protector of digital trust, utilizing AI-powered cyber security solutions to safeguard over 100,000 organizations globally. Through its Infinity Platform and an open garden ecosystem, Check Point's prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers. Legal Notice Regarding Forward-Looking Statements This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point's industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2024. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.
