RSS

Attackers had month-long head start on patched Check Point VPN zero-day

sbulaev2 pts0 comments

Attackers had month-long head start on patched Check Point VPN zero-day

Jump to main content

Search

REG AD

cyber-crime

Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix

Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7

Jessica Lyons

Jessica<br>Lyons

Published<br>mon 8 Jun 2026 // 18:10 UTC

Check Point released an emergency fix on Monday for a critical authentication bypass vulnerability affecting its Remote Access VPN and Mobile Access deployments - but attackers, including ransomware criminals, got a month-long head start.<br>Attacks against the bug, tracked as CVE-2026-50751, began on May 7, according to Check Point VP of research Lotem Finkelstein, and picked up in early June. The security software vendor spotted suspicious activity and began investigating the zero-day on June 4, Finkelstein said in a Monday blog.<br>“We have observed indications that exploitation has been limited to a relatively small number of targeted organizations (several dozen globally), primarily over the past few days,” Finkelstein wrote, adding that, in at least one case, investigators observed post-compromise activity associated with a Qilin ransomware affiliate.

REG AD

MORE CONTEXT

Palo Alto VPN bug graduates from advisory to active exploitation

Asahi admits ransomware gang may have spilled almost 2M people's data

Fortinet admits FortiGate SSO bug still exploitable despite December patch

'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes

This same ransomware scum is also likely exploiting other VPN-related vulnerabilities in Palo Alto Networks, Fortinet, and F5 products, Finkelstein said.

REG AD

CVE-2026-50751 is due to a logic-flow weakness in the Remote Access and Mobile Access certificate validation process, and it allows remote attackers to bypass authentication and establish a remote access VPN connection without a user password.<br>It affects Mobile Access/SSL VPNs, Remote Access VPNs, and Spark Firewalls configured to use the deprecated IKEv1 key exchange protocol.<br>While investigating CVE-2026-50751 and affected VPN components, Check Point found another vulnerability, CVE-2026-50752, in its Security Gateways and Spark Firewall products. It’s due to a bug in the certificate validation logic of the deprecated IKEv1 key exchange method, and can lead to man-in-the-middle attacks on the VPN site-to-site configuration. Check Point says that it hasn’t received any reports of in-the-wild exploitation of CVE-2026-50752.<br>Check Point urges customers running vulnerable gateways and firewalls to apply the hotfixes, and the vendor also provided alternative mitigation options with instructions in the security advisories.<br>The software provider also published a list of indicators of compromise, including attacker IPs, and recommends customers search Check Point SmartConsole logs for possible VPN certificate authentication attempts associated with observed attacker infrastructure and certificate subject names for at least May 7 through June 5. ®

qilin ransomware<br>cyber-crime<br>check point<br>authentication bypass<br>security<br>vpn

REG AD

SPONSORED LINKS<br>Building the New Trust Architecture for AI - Watch Now

AI + ML

Uncle Sam considers buying a seat on the Titanic

L'etat, c'est AI

DEVOPS

Apple courts developers with privacy and context in AI comeback bid

Apple Intelligence stumbled through 2024 and 2025. It's starting to look respectable

ZTE Demonstrates Integrated AI, Connectivity and Digital Utility Technologies at TNB Energy Transition Conference

PARTNER CONTENT: Driving Grid Modernization and Energy Transition in Malaysia Through Advanced AI and Smart Infrastructure Solutions

Security

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

When an unsolicited job offer sounds too good to be true …

os platforms

Yes! It’s true! Windows 11 is an agentic platform

It always has been, but Microsoft didn’t realize it

Apple’s Orwellian device controls for tots also mean more work for parents

The new features ignore the argument that if parents wanted to spend more time on their kids, they wouldn't have supplied them with an iPad or iPhone in the first place.

MOST POPULAR

SECURITY

All the passwords were stored in Active Directory description fields

public sector

GOV.UK goes Dutch on payments as it dumps Stripe

AI and ML

Angry devs vow to flee GitHub Copilot as metered billing takes hold

Personal tech

California passes bill declaring death-by-algorithm to 3D-printed ghost guns

AI and ML

Netflix wiz creates app to slash AI bills, then open sources it

EVENTS

Overcoming the trade-offs in data sovereignty

What does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more.

From Prompt to Exploit: How LLMs Are Changing API Attacks

Modern applications are API-driven, interconnected, and often over-permissioned, making them an ideal...

check point ransomware access security remote

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.