Qilin ransomware exploited a Check Point VPN flaw for weeks before a fix arrived.
Check Point disclosed a critical zero‑day in its Remote Access and Mobile Access VPN products (CVE‑2026‑50751, CVSS 9.3). The bug let unauthenticated users skip password checks entirely. An affiliate of the Qilin ransomware group used it for roughly a month, moving laterally inside victim networks before Check Point issued a patch.
The incident underscores how quickly ransomware operators can weaponize unpatched VPN bugs. Enterprises that kept the vulnerable version running after the disclosure were exposed to data theft and encryption. Prompt patching and reducing exposure of VPN endpoints remain the simplest defenses.
The episode is a reminder that “zero‑day” isn’t a marketing buzzword; it’s a real window for attackers, and relying on vendors to discover and fix flaws after the fact leaves you open.