Check Point Research recently released its Global Threat Intelligence insights for June 2026. Organisations worldwide faced an average of 2,270 cyberattacks per week. That is a 10 percent increase from May and a 17 percent jump from June 2025.
The attack surge did not hit one region or one industry. It spread everywhere at the same time. Attackers are casting wider nets. They are targeting more organisations across more countries.
May showed a temporary slowdown in cyber activity. That quiet period ended quickly. June reversed the trend completely.
Latin America remained the most attacked region. Organisations there recorded 3,501 weekly attacks, a 27 percent increase year on year. The Asia-Pacific region followed with 3,060 weekly attacks. Africa recorded 3,008 weekly attacks. Even Europe and North America saw increases of 22 percent and 14 percent respectively.
No region is safe. No region is being ignored. Attackers are operating everywhere.
To read the full Global Threat Intelligence report for June 2026, you can download the official Threat Intelligence Bulletin directly from Check Point Research.
The report contains deeper data on regional attack patterns, specific vulnerability exploits, and technical indicators that security teams can use to strengthen their defences. Check Point Research publishes these bulletins weekly, and the June edition includes detailed analysis of the active ransomware groups, the most exploited vulnerabilities, and the emerging AI-related threats facing organisations today.
You can access the complete report at the following link:
Download the June 2026 Threat Intelligence Bulletin
A New Ransomware Group Took the Top Spot in Just Weeks
The ransomware landscape shifted dramatically in June. A group called The Gentlemen became the most active ransomware operator, accounting for 17 percent of published attacks. They overtook Qilin, which had held the top position.
This matters because it shows how quickly new groups can become major threats. The Gentlemen did not exist at the top of the rankings a few months ago. They emerged, scaled up, and now lead the field. LockBit also increased its activity to 7 percent of attacks.
Ransomware attacks overall grew by 33 percent compared to June 2025. Business services took the biggest hit, accounting for nearly one-third of all ransomware victims. Consumer goods, industrial manufacturing, and government organisations also suffered heavily.
Schools and Hospitals Became the Easiest Targets
Education remained the most targeted sector globally for another month. Schools and universities faced an average of 4,816 weekly attacks, a 16 percent increase from last year.
Why are attackers going after schools so aggressively? The reasons are practical. Campus networks are open by design. Devices change constantly as students and staff come and go. Security budgets are often thin. These factors make educational institutions attractive and vulnerable.
Government organisations followed with 2,836 weekly attacks. Telecommunications came third with 2,835 weekly attacks. These three sectors together absorb a disproportionate share of global attack volume. The pattern has remained consistent for months.
Employees Are Accidentally Leaking Data Through AI Tools
Generative AI tools created a new risk in June. Check Point Research found that one in every 26 GenAI prompts submitted from enterprise networks carried a high risk of sensitive data leakage. This equals a global exposure rate of 3.9 percent.
The problem is widespread. Eighty-five percent of organisations that regularly use GenAI tools experienced high-risk prompt activity. Another 27 percent of prompts contained potentially sensitive information.
Healthcare organisations recorded the highest exposure rate at 5.7 percent. Telecommunications and business services followed at 5.1 percent each. Personal data appeared across 80 percent of affected organisations. Network details, legal materials, financial data, and employee records also appeared regularly.
Employees are not being careless on purpose. They are using AI tools to do their jobs faster. But they are copying sensitive information into systems that may not be secure. The tools are useful. The behaviour is risky.
Africa Remains a High-Volume Target Despite a Slight Drop
Africa recorded 3,008 weekly attacks per organisation in June. This represents a 9 percent decrease year on year. But the continent still ranks among the highest-volume regions globally.
Among the African countries included in the insights, Angola remained the most attacked with 4,890 weekly attacks. Nigeria followed with 4,361 attacks. Kenya recorded 2,646 attacks and South Africa recorded 2,065. Government, energy, and financial services were the most targeted sectors in Africa.
The numbers show that African organisations face a persistent threat. The slight year-on-year decline does not mean the risk is fading. Attackers are still active across the continent.
What This Means for Ordinary People and Organisations
These numbers are not just for security professionals. They affect everyone. When schools get attacked, student data gets exposed. When hospitals get attacked, patient care can be disrupted. When government systems get attacked, public services can stop working.
The rise of AI-related data leakage is particularly concerning for ordinary employees. Many workers now use AI tools without realising the security implications. They paste customer lists, internal documents, and financial data into public AI systems. That information can be stored, analysed, or even exposed without their knowledge.
Organisations need to take prevention seriously. The old approach of detecting attacks after they happen does not work anymore. Attackers move too fast. New ransomware groups appear too quickly. The better approach is to stop attacks before they cause damage.
The Threat Landscape Is Changing Faster Than Ever
June 2026 showed that the cyber threat environment is becoming more dynamic. New attackers emerge rapidly. Existing groups scale up their operations. Attackers spread across more regions and more industries.
The 17 percent year-on-year increase in global attacks is a clear signal. The 33 percent rise in ransomware activity is another. The widespread nature of the June surge shows that this is not a temporary spike. It is a new normal.
Organisations that treat cybersecurity as an afterthought will continue to suffer. Those that invest in prevention-first, AI-driven security will have a better chance of protecting their networks, their users, and their data. The choice is becoming clearer with each passing month.





