Vpn
CVE-2026-50751: Check Point VPN Auth Bypass Exploited by Qilin — IKEv1 Sessions Without a Password
Check Point confirmed active exploitation of CVE-2026-50751, a CVSS 9.3 authentication bypass in Remote Access VPN and Mobile Access deployments running deprecated IKEv1. Attackers establish VPN sessions without a valid password; one case is tied to a Qilin ransomware affiliate. Earliest exploitation traces to May 7.
CVE-2026-0257: Palo Alto GlobalProtect Auth Bypass Now Exploited — Unauthorized VPN Access Into Your Network
Palo Alto confirmed active exploitation of CVE-2026-0257, a CVSS 7.8 GlobalProtect authentication bypass that lets attackers establish unauthorized VPN sessions into the internal network. Rapid7 traced exploitation back to May 17. CISA KEV deadline is June 1.
The Edge Device Audit: Turn CISA's BOD 26-02 Into a Playbook You Can Actually Run
CISA's BOD 26-02 just handed every infrastructure team a free edge-device audit checklist. Here is how to run it on your own network — inventory, version, exposure, and end-of-support triage — before an attacker runs theirs.
The Ransomware Dwell Time Collapse: When the Entire Kill Chain Fits Inside an Hour
Akira is encrypting domains 60 minutes after a VPN login. Storm-1175 is going from zero-day to domain-wide Medusa deployment in under 24 hours. The industry's average detection time is still measured in days. The math no longer works.
Akira Ransomware Now Encrypts in Under an Hour: SonicWall VPNs Are the Front Door
Akira ransomware operators are completing full attack chains from initial VPN access to encryption in under 60 minutes, targeting SonicWall SSL VPNs even on patched devices.
15-Year-Old strongSwan Integer Underflow Lets Unauthenticated Attackers Crash VPN Gateways
CVE-2026-25075 is an integer underflow in strongSwan's EAP-TTLS AVP parser that lets remote, unauthenticated attackers crash the charon IKE daemon — affecting every version since 4.5.0.