FILTERING BY: CLEAR FILTER

Check Point Remote Access VPN: Authentication Bypass CVE-2026-50751

CVE-2026-50751 is a critical authentication bypass vulnerability (CVSS 9.3) affecting Check Point Remote Access VPN and Mobile Access deployments utilizing the deprecated IKEv1 protocol. A logic error within the iked daemon's process_cert_payloads function allows remote attackers to manipulate certificate validation flags, effectively bypassing signature verification to establish VPN sessions without valid credentials. The flaw has been actively exploited by Qilin ransomware affiliates to gain initial perimeter access to targeted organizations. Remediation requires the immediate application of the vendor-supplied hotfix to enforce policy-based validation and the decommissioning of IKEv1 in favor of IKEv2.

Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass CVE-2026-0257

CVE-2026-0257 is a critical authentication bypass vulnerability residing within the GlobalProtect component of Palo Alto Networks PAN-OS. Threat actors are actively exploiting this flaw to circumvent authentication mechanisms, facilitating unauthorized access to secure network environments via VPN gateways. This vulnerability allows attackers to bypass standard security controls, potentially leading to full network compromise. Security teams must immediately prioritize patching or implementing vendor-recommended mitigations to prevent unauthorized ingress and subsequent lateral movement within the infrastructure.

TA4922 Deployment of Atlas RAT Malware via Silver Fox Campaign

The Chinese-linked threat actor TA4922 is conducting high-velocity cyberattacks across Europe and Africa using the undocumented Atlas RAT (also known as AtlasCross). The campaign utilizes a social engineering technique dubbed "Silver Fox," where attackers distribute weaponized VPN installers to gain unauthorized system access. By masquerading as legitimate remote-access software, the malware effectively bypasses perimeter security controls. Once installed, the Atlas RAT establishes persistent backdoor access, enabling remote command and control (C2) capabilities. This rapid deployment of specialized malware highlights a significant shift in the actor's operational scope and technical sophistication in targeting organizations reliant on VPN infrastructure.


LINK COPIED TO CLIPBOARD