- CISA set a 72‑hour deadline for federal agencies to patch a critical VPN bug.
Check Point reported that threat actors had exploited a flaw in its Remote Access VPN and CloudGuard products to breach dozens of organizations, including multiple federal departments. The Cybersecurity and Infrastructure Security Agency (CISA) issued a directive on June 7, 2026, demanding that all affected agencies apply the vendor’s emergency updates by June 10.
The directive matters because the vulnerability bypasses authentication, giving attackers direct network access. With ransomware groups already proven to weaponize the bug, any unpatched system could become a foothold for data encryption or espionage.
Agencies that miss the deadline will face increased scrutiny and potential loss of funding, a reminder that compliance timelines are rarely optional.