Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Check Point has confirmed that attackers are exploiting CVE-2026-50751, an authentication bypass flaw in its Remote Access VPN and Mobile Access products — and at least one intrusion has ended in Qilin ransomware, as reported by Help Net Security. The flaw lets a remote attacker establish a VPN connection without a valid password. No phishing, no stolen credentials — straight in the front door.

You’re affected if your Check Point Security Gateway is configured to use the deprecated IKEv1 key exchange protocol. That includes Check Point’s Spark firewalls, which are aimed squarely at small and medium businesses and the IT providers who manage them. The first known attacks date back to early May, and exploitation picked up sharply in early June. In the confirmed ransomware case, the attacker quietly copied data out using Rclone before encrypting anything — so by the time ransomware appears, the damage is already done.

What to do today: apply Check Point’s hotfix to every affected gateway. If you can’t patch immediately, disable IKEv1, remove support for legacy remote access client connections, and require a machine certificate for VPN connections. Then check your VPN logs going back to 7 May for logins you can’t explain — Check Point has published indicators of compromise worth reviewing.

Not sure whether your firewall is on the affected list, or whether anyone would notice a dodgy VPN login on your network? That’s exactly the kind of thing our managed cybersecurity service covers. Worth a quick call.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →