In 2025, infostealer malware infected over 11 million devices and exposed 3.3 billion credentials, browser artifacts, session tokens, and system metadata. Sold as malware-as-a-service for as little as $60 a month, strains like Vidar and Lumma use sandbox detection and obfuscation to evade defenses, harvesting passwords, cookies, crypto keys, and more. Attackers then resell the data or use the stolen credentials to gain undetected access and deploy ransomware.

Check Point released updates for CVE-2026-50751, an authentication bypass in IKEv1-based Remote Access and Mobile Access VPNs that has been exploited since May and impacted a few dozen organizations, including a confirmed Qilin ransomware incident. They also patched CVE-2026-50752, a certificate validation flaw in IKEv1 site-to-site VPNs, and urge customers to move to IKEv2, enforce machine certificates, or apply the provided mitigations.

CISA has directed U.S. federal agencies to fix a critical authentication bypass in Check Point Remote Access and Mobile Access VPNs (CVE-2026-50751) by June 11. The flaw, exploited by Qilin ransomware affiliates since early May, affects IKEv1 deployments without machine certificates. Check Point released updates and mitigation steps for unpatched environments.