InfoSecBulletin Cybersecurity for mankind
Check Point Research found that CVE-2026-50751, a serious flaw in Check Point Remote Access VPN and Mobile Access, is being actively used by attackers. It can let them bypass authentication (CVSS 9.3).
CVE-2026-50751 affects systems using the old IKEv1 key exchange method. A remote attacker can take advantage of a mistake in checking certificates. This lets them create a VPN session without needing a real user password, skipping all security checks.
WhatsApp to allow usernames instead of phone numbers
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem
Data breach affects 14.2 million email logins across six ISPs
Asian Two AI startups launch Mythos-like Model
Polymarket Hack Reportedly Results in $3 Million Theft
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
The flaw impacts Mobile Access / SSL VPN, Remote Access VPN, and Spark Firewall products from versions R80.20.X to R82.10. After getting in through the bypass, extra steps are needed to reach internal resources or gain higher privileges.
Check Point Research began its study on June 4, 2026, after signs of strange activity were found, which traced back to attempts to exploit starting on May 7, 2026.
Exploitation attempts increased a lot in early June 2026, aiming at several organizations worldwide. Incident response teams need to focus on checking forensic logs and reviewing settings from the first day of known exploitation.
The threat actor is believed to be money-driven, using Qilin Linux ransomware files and trying to download harmful ELF files from their own servers.
Second Vulnerability – CVE-2026-50752
During the CVE-2026-50751 investigation, Check Point’s AI tool BLAST found another issue: CVE-2026-50752 (CVSS 7.4).
This security flaw affects how certificates are checked in the old IKEv1 key exchange. It can allow man-in-the-middle (MitM) attacks on VPN connections between sites in certain situations. Although it hasn’t been seen being used yet, customers should update their systems now.
Indicators of Compromise (IOCs)
Malicious IPs:
45.77.149[.]152, 209.182.225[.]136, 38.60.157[.]139, 162.33.177[.]101, 45.76.26[.]42
144.208.127[.]155, 38.54.88[.]201, 38.54.107[.]167, 66.42.99[.]200
File Hashes (MD5):
52fda5c1b9704544f32ee98d9060e689
51d39aa39478beeac94f2d12f682ecce
Mitigations
Check Point warns all customers with affected versions to quickly apply the hotfix for their Security Gateways. If organizations can’t patch right away, they should follow these temporary steps:
Remove support for legacy remote access clients.
Configure Remote Access VPN Authentication to IKEv2 only.
Set Machine Certificate Authentication as mandatory.
Enable IPS and download the latest signatures.
