Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
India bank domain registry exposed sensitive data in security lapse: e...
RainbowEx scam template scales to 236,493 domains with workplace spill...
SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer V...
Critical Security Threatsand the Need for ZTNA: How evolving cyberatta...
Zero Trust Made Simple: Why it matters and how to get started
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

Critical VPN vulnerability actively exploited to bypass authentication without passwords

By CybersecAsia editors | Wednesday, June 10, 2026, 1:24 PM Asia/Singapore

Critical VPN vulnerability actively exploited to bypass authentication without passwords

CVE-2026-50751 lets attackers bypass VPN authentication without passwords via IKEv1 flaw; CISA added it to KEV, hotfixes released 8 June.

Check Point Software has issued an urgent warning about active exploitation of a critical vulnerability in its VPN and mobile access products. The flaw, identified as CVE-2026-50751 with a CVSS score of 9.3, enables unauthenticated attackers to bypass user authentication entirely and establish VPN connections without valid passwords.

The vulnerability stems from a logic flow weakness in certificate validation during the deprecated IKEv1 key exchange protocol. According to the firm, “an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements,” although additional post-authentication activity remains necessary to access internal resources or escalate privileges.

The affected products include Security Gateways R82.10 (Jumbo Hotfix Take 19 or below), R82 (Take 103 or below), R81.20 (Take 141 or below), and older versions R81.10, R81, R80.40, plus Spark Firewalls R80.20.X, R81.10.X, and R82.00.X .

Four specific conditions must exist for successful exploitation:

  1. VPN Remote Access or Mobile Access must be enabled
  2. IKEv1 must be enabled for remote access
  3. Gateways must accept legacy Remote Access clients
  4. Gateways must not require machine certificates for connections

Suspicious activity was first detected on 4 June 2026, with the earliest exploitation traced back to 7 May 2026. Attacks had surged significantly in early June. The campaign has targeted “a few dozen organizations globally” and remains opportunistic rather than narrowly characterized .

In one confirmed case, post-exploitation activity linked to a Qilin ransomware affiliate deployed ELF payloads using the Tox protocol for command-and-control communication, a pattern typical of financially motivated ransomware operators . Attackers utilized virtual private server infrastructure geolocated to specific countries to target organizations within those borders .

On 8 June 2026, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-50751 to its Known Exploited Vulnerabilities catalog, mandating Federal Civilian Executive Branch agencies apply fixes by 11 June 11 2026.

Check Point had released hotfixes on 8 June 2026 and published a security advisory detailing configurations at risk and mitigation strategies. Researchers also discovered a second vulnerability, CVE-2026-50752 (CVSS 7.40), which could enable adversary-in-the-middle attacks on VPN site-to-site connections, although no real-world exploitation has been observed.

Share:

PreviousWhen AI can weaponize software patches in working exploits within minutes…
NextCyber resilience – a national security imperative

Related Posts

APT group peddling fake AI-driven robotic dolls now linked to Iran

APT group peddling fake AI-driven robotic dolls now linked to Iran

Tuesday, August 23, 2022

Three quarters of IT and cybersecurity teams not aligned: study

Three quarters of IT and cybersecurity teams not aligned: study

Friday, February 28, 2020

When three cloud-first data threats converge, disaster is inevitable      

When three cloud-first data threats converge, disaster is inevitable      

Thursday, December 5, 2024

Top security threats and trends in July 2022

Top security threats and trends in July 2022

Friday, August 19, 2022

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • At VivaTech 2026, Taiwan-Based MaiAgent Says Enterprises Should Stop Building RAG and AI Agent Systems From Scratch

    Friday, June 19, 2026
    TAIPEI and PARIS, June 19, …Read More »
  • How large-scale AI drives the evolution of video encoding to intelligent understanding

    Thursday, June 18, 2026
    HANGZHOU, China, June 18, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.