RSS

Ransomware crims got month head start on Check Point VPN 0-day that now has fix

Bender1 pts0 comments

Attackers had month-long head start on patched Check Point VPN zero-day

Jump to main content

Search

REG AD

cyber-crime

Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix

Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7

Jessica Lyons

Jessica<br>Lyons

Published<br>mon 8 Jun 2026 // 18:10 UTC

Check Point released an emergency fix on Monday for a critical authentication bypass vulnerability affecting its Remote Access VPN and Mobile Access deployments - but attackers, including ransomware criminals, got a month-long head start.<br>Attacks against the bug, tracked as CVE-2026-50751, began on May 7, according to Check Point VP of research Lotem Finkelstein, and picked up in early June. The security software vendor spotted suspicious activity and began investigating the zero-day on June 4, Finkelstein said in a Monday blog.<br>“We have observed indications that exploitation has been limited to a relatively small number of targeted organizations (several dozen globally), primarily over the past few days,” Finkelstein wrote, adding that, in at least one case, investigators observed post-compromise activity associated with a Qilin ransomware affiliate.

REG AD

MORE CONTEXT

Palo Alto VPN bug graduates from advisory to active exploitation

Asahi admits ransomware gang may have spilled almost 2M people's data

Fortinet admits FortiGate SSO bug still exploitable despite December patch

'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes

This same ransomware scum is also likely exploiting other VPN-related vulnerabilities in Palo Alto Networks, Fortinet, and F5 products, Finkelstein said.

REG AD

CVE-2026-50751 is due to a logic-flow weakness in the Remote Access and Mobile Access certificate validation process, and it allows remote attackers to bypass authentication and establish a remote access VPN connection without a user password.<br>It affects Mobile Access/SSL VPNs, Remote Access VPNs, and Spark Firewalls configured to use the deprecated IKEv1 key exchange protocol.<br>While investigating CVE-2026-50751 and affected VPN components, Check Point found another vulnerability, CVE-2026-50752, in its Security Gateways and Spark Firewall products. It’s due to a bug in the certificate validation logic of the deprecated IKEv1 key exchange method, and can lead to man-in-the-middle attacks on the VPN site-to-site configuration. Check Point says that it hasn’t received any reports of in-the-wild exploitation of CVE-2026-50752.<br>Check Point urges customers running vulnerable gateways and firewalls to apply the hotfixes, and the vendor also provided alternative mitigation options with instructions in the security advisories.<br>The software provider also published a list of indicators of compromise, including attacker IPs, and recommends customers search Check Point SmartConsole logs for possible VPN certificate authentication attempts associated with observed attacker infrastructure and certificate subject names for at least May 7 through June 5. ®

qilin ransomware<br>cyber-crime<br>check point<br>authentication bypass<br>security<br>vpn

REG AD

SPONSORED LINKS<br>Building the New Trust Architecture for AI - Watch Now

Applications

LibreOffice brands Euro-Office a 'de facto ally' of Microsoft's lock-in strategy

The Document Foundation accuses newly launched Euro-Office of undermining digital sovereignty by defaulting to Microsoft's OOXML document format

DEVOPS

Devs know AI code is riddled with holes, but ship it anyway

Pressure to deploy wins out over security as four in five orgs confess to breaches from vulnerable apps

ZTE Demonstrates Integrated AI, Connectivity and Digital Utility Technologies at TNB Energy Transition Conference

PARTNER CONTENT: Driving Grid Modernization and Energy Transition in Malaysia Through Advanced AI and Smart Infrastructure Solutions

SECURITY

Signal says UK plan to scan devices for nude images 'endangers us all'

Encrypted messaging app warns device-level checks could be repurposed for censorship

os platforms

Yes! It’s true! Windows 11 is an agentic platform

It always has been, but Microsoft didn’t realize it

SECURITY

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

Google paid researcher a tidy $55K bounty for its discovery

MOST POPULAR

SECURITY

All the passwords were stored in Active Directory description fields

public sector

GOV.UK goes Dutch on payments as it dumps Stripe

security

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

AI and ML

Angry devs vow to flee GitHub Copilot as metered billing takes hold

Personal tech

California passes bill declaring death-by-algorithm to 3D-printed ghost guns

EVENTS

Overcoming the trade-offs in data sovereignty

What does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more.

Thriving Through Volatility: The Everpure Advantage in...

check point security ransomware access remote

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.