// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE INT-04DTG 0600Z
ColdRecon / Competitor Intel / Check Point
Endpoint Security Vendor

Check Point

4 PUBLIC SECURITY EVENTS ON FILE · 2023-06-01 — 2025-03-31

Publicly-known security events concerning Check Point — CVEs, advisories, and incidents drawn from open-source reporting. Every item links to its original source.

Category

What Check Point sells

EDR is agent-based endpoint tooling that monitors process/file/network activity, detects malicious behavior, and enables response. It is detection-led by design: it observes and acts after code executes. Its efficacy depends on recognizing a threat, so novel/zero-day techniques are a window of exposure until detected.

SOURCE · ColdRecon Reference

Check Point competes in the endpoint-security category. ColdRecon publishes only the factual public record below — no competitive analysis or positioning.

The Public Record

Recent security events

On file: 1 incident · 2 vuln disclosures · 1 research poc.

2025-03-31
incident
Check Point Discloses Limited Data Exposure from December 2024 Portal Account CompromiseCheck Point Portal Account Compromise (Dec 2024)
Check Point confirmed a December 2024 incident where compromised credentials for a portal account led to limited data exposure. The threat actor CoreInjection later claimed to sell stolen data, but Check Point states the exposed information was limited to account names, product names, employee emails, and three customer contacts, with no access to production systems or security architecture.
2024-05-30
vuln disclosure
Check Point Quantum Security Gateway Zero-Day Path Traversal Vulnerability Exploited in the WildCVE-2024-24919
A zero-day path-traversal vulnerability in Check Point Quantum network security devices was actively exploited starting around April 30, 2024, allowing remote attackers to obtain sensitive credentials and gain network access. The flaw is described as 'extremely easy' to exploit and affects the very devices designed to protect corporate networks. Check Point has released patches and urged customers to apply them.
2023-09-13
vuln disclosure
ALPC Port Blocking Vulnerability Affects Multiple Windows EDR AgentsCVE-2023-3280
A denial-of-service vulnerability in multiple Windows EDR products allows a low-privileged user to permanently disable the agent after a reboot by preemptively registering an ALPC port name used by the EDR. The affected EDRs fail to handle the case where the port is already in use, causing user-mode components to crash or become non-functional. Kernel components remain running but lose detection/blocking capabilities in most cases.
2023-06-01
research poc
New malware tool claims to terminate multiple EDR and antivirus agentsEDR-Terminator
A video and Reddit post surfaced on May 28, 2023, showing an executable that allegedly disables tamper protection and terminates the on-premise agents of numerous endpoint security products. The tool claims to work against vendors including CrowdStrike, SentinelOne, Carbon Black, and Windows Defender. ThreatLocker notes that its application allowlisting would block such an unknown executable from running.
Every event on this page is a record in ColdRecon's canonical set, drawn from public reporting and linked to its source above. ColdRecon monitors open-source signal only; it publishes no non-public or customer information.

Check Point ships. Your prospect reads the headline. Do you?

ColdRecon turns this signal into one short daily brief, written from the seller's seat — what changed, why it matters to your deals, how to position. Request clearance and the first lands tomorrow at 0600.

Request Clearance →