Check Point Warning: Actively Exploited VPN Zero-Day Linked to Qilin Ransomware
ID: 015cff49-de43-54d1-a87c-39788ede34f3
STIX ID: report--015cff49-de43-54d1-a87c-39788ede34f3
Feed Name: TechRepublic Security
A critical Check Point VPN logic flaw (CVE-2026-50751, CVSS 9.3) has been actively exploited since at least May 7, 2026, enabling unauthenticated attackers to bypass VPN password authentication; activity has been tied to an affiliate of the Qilin ransomware syndicate, prompting Check Point emergency hotfixes and CISA inclusion of the CVE in its Known Exploited Vulnerabilities catalog. The report also notes attacker patterns (geolocated VPS use, probing other VPN vendors, use of Tox and ELF payloads), mitigation options (move to IKEv2, enforce machine certificates, remove legacy client support), and an AI-assisted discovery of a secondary vulnerability (CVE-2026-50752, CVSS 7.4) that has not been observed exploited in the wild.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
