Check Point warns of zero-day flaw targeted by ransomware affiliate

Staff Editor 2026-06-09
Check Point warns of zero-day flaw targeted by ransomware affiliate

Check Point warns of zero-day flaw targeted by ransomware affiliate

https://www.cybersecuritydive.com/news/check-point-zero-day-ransomware/822372/

Publish Date: 2026-06-09 12:08:00

Source Domain: www.cybersecuritydive.com

A critical authentication bypass flaw in Check Point Remote Access VPN and Mobile Access deployments has been under exploitation for more than a month, according to a blog post published Monday by Check Point Research. 

The vulnerability, tracked as CVE-2026-50751, is related to a logic flaw in certificate validation, according to the report. If successfully exploited, the flaw allows an attacker to establish a VPN session without the need for a password. 

Discovering suspicious activity, Check Point began investigating on Thursday.  It found threat activity dating back to May 4. Researchers urge security teams to prioritize forensic log audits and configuration reviews.

The VPN vulnerability is found in deployments that are configured for the deprecated Internet Key Exchange v1 protocol. 

Forensic evidence

So far, the investigation has identified a few dozen targeted organizations across the globe. In one specific case, post-compromise activity was linked to an affiliate of Qilin ransomware. The same infrastructure has been observed targeting VPN vulnerabilities in Palo Alto Networks, F5 and Fortinet, according to researchers.

The Cybersecurity and Infrastructure Security Agency on Monday added CVE-2026-50751 to its Known Exploited Vulnerabilities catalog. 

During the investigation, Check Point found a second vulnerability, tracked as CVE-2026-50752. The flaw affects certificate validation in deprecated IKEv1 key exchange. This could enable man-in-the-middle attacks that might impact site-to-site VPN communication if certain conditions are met. Check Point has not seen any exploitation of the second vulnerability.

CheckPoint is urging upgrades to a hotfix. In addition, the company released security guidance to address the vulnerabilities, along with mitigation steps. 

Researchers from Rapid7 confirmed they have observed at least one case involving CVE-2026-50751. 

Researchers noted that of the…

Source

More Stories

When Burnout Becomes a Cybersecurity Control Failure

When Burnout Becomes a Cybersecurity Control Failure

Staff Editor 2026-06-09
Anthropic’s new model is Mythos on a leash

Anthropic’s new model is Mythos on a leash

Staff Editor 2026-06-09
Anthropic rolls out public version of Mythos without cybersecurity capability

Anthropic rolls out public version of Mythos without cybersecurity capability

Staff Editor 2026-06-09

Terms and Conditions - Privacy Policy