This Week in Cybersecurity: Check Point VPN Zero-Day, Meta's AI Support Weaponized, and China's Stealth Malware

Explore this content with AI:

ChatGPT | Perplexity | Claude | Google AI Mode

Critical Check Point VPN zero-day exploited in ransomware attacks (CVE-2026-50751)

Israeli cybersecurity firm Check Point disclosed on June 8 that a critical authentication-bypass vulnerability in its Remote Access VPN and Mobile Access deployments has been under active exploitation since May 7, with activity surging sharply in early June. The flaw, tracked as CVE-2026-50751 (CVSS 9.3), affects only gateways configured to use the deprecated IKEv1 key exchange protocol — but unauthenticated remote attackers can exploit it to establish a full VPN session without providing a valid user password.

Check Point's investigation, launched June 4 after observing suspicious authentication patterns, confirmed that at least one confirmed intrusion has been linked to a Qilin ransomware affiliate. The gang, which has claimed nearly 400 victims since launching in 2022 under the name "Agenda," also claimed a separate attack on the Shipping Association of New York & New Jersey on June 8 — though that incident's connection to CVE-2026-50751 has not been confirmed. During its investigation, Check Point identified a related bug, CVE-2026-50752, affecting certificate validation under IKEv1 that could enable man-in-the-middle interference on site-to-site VPN communications; no in-the-wild exploitation of that flaw has been observed yet. CISA added CVE-2026-50751 to its KEV catalog and ordered Federal Civilian Executive Branch agencies to remediate by June 11.

Why it matters: VPN authentication bypasses are the master key attackers use to skip perimeter defenses entirely. If your Check Point gateway is configured for IKEv1 — even as a legacy fallback for older clients — you are exposed until you apply the June 8 hotfix or enforce IKEv2-only with mandatory machine certificates. The broader pattern here is troubling: Qilin is actively hunting for network edge vulnerabilities rather than relying on phishing, and they are fast-chaining initial access into ransomware deployment. Check Point's guidance to disable the legacy remote access client and enable IPS signatures is a reasonable interim step; patching is the only real fix.

Read more at Help Net Security

Meta's AI support chatbot manipulated into hijacking 20,225 Instagram accounts

Meta revealed on June 8 that attackers hijacked 20,225 Instagram accounts by exploiting a vulnerability in the company's AI-powered High Touch Support (HTS) system — not through technical exploit code, but by simply asking the chatbot to do it. The attack flow was disarmingly straightforward: an attacker opened a chat with Meta's AI Support Assistant, requested that a new email address be added to the target account, received a verification code at that attacker-controlled address, confirmed it to the chatbot, and was then presented with a "Reset Password" button that transferred account control. The flaw stemmed from a bug in a separate code path, where the HTS system failed to verify that the requester's email address matched the email address associated with the targeted account.

Victims included the Instagram handle for the Obama-era White House, the account of U.S. Space Force Chief Master Sergeant John Bentivegna, and a range of high-value short usernames resold on underground markets. Meta first acknowledged the attacks on June 1 and began alerting affected users on June 3. The company has since patched the HTS code path and invalidated sessions established through the vulnerable flow, but has not publicly stated how long the vulnerability was exploitable before discovery. The attack shares a conceptual surface with last week's ChatGPhish disclosure — both involve AI interfaces being turned against the users they were built to serve, without any traditional malware involved.

Why it matters: This incident illustrates a category of attack that security teams need to explicitly model: AI-assisted support systems as an authentication-bypass surface. Verification logic in AI chatbots is often implemented in natural language flows rather than deterministic code, making it harder to audit and easier to manipulate. The fact that attackers bypassed a major platform's account security at scale by chatting with a bot — no phishing, no credential stuffing, no malware — is a signal that AI-assisted support flows need the same adversarial review applied to any other authentication path. For organizations deploying AI support assistants internally, review whether your bots can be prompted into performing account or access changes without independent verification.

Read more at Help Net Security

Cisco SD-WAN zero-day under active attack — no patch available (CVE-2026-20245)

Cisco disclosed on June 5 that its Catalyst SD-WAN Manager is being actively exploited through CVE-2026-20245, a high-severity command injection flaw (CVSS 7.8) with no patch currently available. The vulnerability stems from insufficient validation of user-supplied input during file uploads, and allows attackers with netadmin-level privileges to execute arbitrary commands as root. Cisco's Product Security Incident Response Team (PSIRT) was notified of active exploitation by Mandiant, and noted that attackers are chaining this flaw with previously disclosed SD-WAN vulnerabilities — including CVE-2026-20182 and CVE-2026-20127 — to build the netadmin access needed for escalation. The flaw affects all deployment types, including on-premises, Cisco SD-WAN Cloud-Pro, Cloud (Cisco Managed), and SD-WAN for Government (FedRAMP).

SecurityWeek noted this is the seventh SD-WAN zero-day exploited in 2026 — we covered the sixth, CVE-2026-20182 (CVSS 10.0), in our May 19 post — a troubling pattern for organizations that rely on SD-WAN infrastructure for distributed site connectivity. Cisco has not released patches but has advised customers to apply the software update that fixes CVE-2026-20182 (released May 14), which removes one of the common initial-access vectors used to reach CVE-2026-20245. There are no workarounds available for the underlying flaw.

Why it matters: Cisco SD-WAN Manager is the central control plane for software-defined enterprise networking. Root-level access on a compromised manager gives an attacker visibility into — and control over — the entire connected network fabric. The fact that Mandiant flagged this as part of an active incident, not a researcher disclosure, means threat actors are already weaponizing it. Defenders should prioritize applying the May 14 upstream fix immediately to close the prerequisite vulnerability chain, monitor for anomalous netadmin activity, and review Mandiant's published indicators where available.

Read more at BleepingComputer

Chinese espionage group deploys new stealth malware toolkit to hold compromised networks

Volexity published research on June 4 detailing a multi-stage intrusion campaign by the threat actor it tracks as VerdantBamboo — known as UNC5221 (Google/Mandiant), Clay Typhoon (Microsoft), and WARP PANDA (CrowdStrike). The group deployed a new suite of custom malware to maintain long-term, persistent access inside compromised enterprise and Microsoft 365 environments, including an updated Brickstorm backdoor alongside two previously unknown strains: Plenet, a cross-platform .NET backdoor using WebSocket-based command-and-control, and AgentPSD, a Python reverse shell functioning as a fallback persistence mechanism when primary access is disrupted.

Forensic analysis of one confirmed intrusion revealed the threat actor had maintained undetected access for at least 18 months — entering through a managed service provider (MSP) used by the victim and re-establishing persistence even after the victim attempted remediation. The initial entry point was a compromised Egnyte Storage Sync appliance, a file sync device without EDR support. CISA has not yet issued a formal advisory on this specific toolkit, and formal nation-state attribution from the U.S. government beyond the multi-vendor UNC5221/VerdantBamboo cluster designation has not been released.

Why it matters: Eighteen months of undetected access through an MSP pivot is a worst-case scenario for organizations that assume their perimeter security covers third-party service relationships. VerdantBamboo's use of WebSocket C2 (Plenet) and Python fallback shells (AgentPSD) makes detection significantly harder than signature-based approaches. The practical takeaways: enforce strict network segmentation between MSP access and production environments, require your managed service providers to demonstrate EDR coverage across all systems that touch your estate, and assume that file-sync appliances and other edge devices without EDR are blind spots that nation-state actors are actively mapping.

Read more at The Hacker News

White House executive order directs CISA to deploy AI cyber defenses within 30 days

On June 2, President Trump signed an executive order titled "Promoting Advanced Artificial Intelligence Innovation and Security," directing the NSA and CISA to develop a classified benchmarking process to identify AI models with advanced cyber capabilities. Models meeting the threshold become "covered frontier models," and developers are invited — on a voluntary basis — to provide up to 30 days of pre-release government access before broader partner release. The order gives CISA a hard 30-day deadline to issue Binding Operational Directives expanding AI-enabled defensive tools across federal civilian systems, including extended access for state and local authorities and critical infrastructure operators such as rural hospitals, community banks, and local utilities.

The order also directs the Treasury Department, in coordination with CISA and the NSA, to stand up a voluntary AI cybersecurity clearinghouse alongside industry and critical infrastructure operators — a body tasked with coordinating vulnerability scanning, validating findings, and prioritizing patch distribution across sectors. The Attorney General is directed to prioritize federal criminal enforcement against AI-driven cybercrime. Federal News Network reported that CISA is expected to issue at least one Binding Operational Directive in short order as a result.

Why it matters: This executive order is significant less for its immediate operational impact and more for the signal it sends about where federal cyber priorities are heading. For security leaders in critical infrastructure — especially in healthcare, utilities, and financial services — the clearinghouse provision creates a new potential channel for coordinated vulnerability intelligence. The 30-day CISA BOD deadline means new directives are inbound; organizations that mirror federal cyber posture should closely watch what CISA issues in early July. The frontier model pre-release access provision also sets a precedent for government visibility into AI capabilities before they are publicly available, which will shape enterprise AI security governance discussions.

Read more at Federal News Network

Final thoughts

The common thread this week is trust — specifically, the ways attackers are finding to undermine it at the architectural level. Check Point's CVE-2026-50751 turned a VPN authentication mechanism into an open door. Meta's AI support chatbot bypassed identity verification due to a design flaw. The Cisco SD-WAN zero-day exploits a file upload path that administrators assume is protected by netadmin-level access. UNC5221 stayed invisible for 18 months by blending into legitimate traffic patterns and hiding C2 inside WebSocket connections. In each case, the attacker didn't break the system — they used it against itself.

The White House AI executive order provides some counterweight: federal momentum toward AI-enabled defenses and an AI cybersecurity clearinghouse with industry is meaningful, even if the timelines are ambitious. But policy moves slowly relative to adversary tempo. What organizations can control right now: patch Check Point VPN gateways immediately, audit AI-assisted support flows for authentication bypasses, begin a serious review of which edge devices lack EDR coverage, and verify MSP access is properly segmented from production environments.

Check back next Tuesday for the next edition of this series.