CISA Gives Feds 3 Days to Patch Check Point VPN Bug Exploited as Zero-Day

A critical zero-day in Check Point Remote Access VPN and Mobile Access is being actively exploited by Qilin ransomware affiliates, prompting CISA to issue a 3-day emergency directive for federal agencies; the vulnerability allows unauthenticated remote access and may enable broader network compromise if unpatched. The report outlines affected products, risk factors, immediate remediation and monitoring actions (patching, restricting internet access, log review, enforcing MFA), and frames this incident within a wider trend of attackers prioritizing VPN gateways.