Critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments using deprecated IKEv1 protocol. Actively exploited since May 7, 2026, with confirmed post-compromise activity linked to Qilin ransomware affiliate. CVSS 8.1.
Immediately apply available security updates. Customers using IKEv1 key exchange protocol should upgrade to patched versions and migrate to IKEv2 protocol.
Source: Check Point Research • Published: 2026-06-08
Critical supply chain attack on May 11, 2026 compromising 84 malicious versions across 42 TanStack npm packages via GitHub Actions workflow exploitation and OIDC token extraction. Attack dubbed 'Mini Shai-Hulud' affected 170+ npm packages including Mistral AI, UiPath, OpenSearch. Includes persistent destructive daemon targeting developer systems.
Check for persistence daemon at ~/Library/LaunchAgents/com.user.gh-token-monitor.plist (macOS) or ~/.config/systemd/user/gh-token-monitor.service (Linux) and remove before revoking tokens. Audit lockfiles and CI logs for affected package versions. Check .claude/ and .vscode/ directories for persisted payloads.
Source: TanStack • Published: 2026-05-12
Campaign identifying 30+ vulnerabilities across 10+ AI IDEs including GitHub Copilot, Cursor, Windsurf, resulting in 24 CVEs (CVSS 8.1-9.6). 100% of tested AI IDEs vulnerable to attack chain leveraging prompt injection, tools, and base IDE features for remote code execution via settings file manipulation.
Update all AI IDEs to latest versions immediately. Implement capability-scoped tools. Review and lock down IDE configuration files (.vscode/settings.json, .idea/workspace.xml) to prevent unauthorized modification.
Source: Security Research • Published: 2026-06-08
Qilin ransomware group accelerating attacks with 55 confirmed victims in early 2026, accumulating 168 healthcare victims by June 2026. Most active ransomware group with over 1,000 victims claimed in 2025. Linked to Check Point VPN exploitation (CVE-2026-50751). Targets healthcare, manufacturing, and business services.
Implement offline backup verification, deploy EDR with anti-tamper protections, patch Check Point VPN systems immediately, review VPN configurations for legacy protocol exposure, prioritize healthcare infrastructure hardening.
Source: The Cyber Express • Published: 2026-06-08
INC Ransom among top ransomware groups with 47 attacks in January 2026 alone. Notable for NHS Scotland attack exposing 3TB patient data. Targeting healthcare, legal services, and public administration.
Implement healthcare-specific security controls. Deploy data loss prevention for large-scale exfiltration detection. Segment networks to isolate sensitive patient data. Conduct regular security assessments.
Source: The Cyber Express • Published: 2026-06-08
ShinyHunters ransomware group breached Canvas learning management system affecting 275 million records across 8,809 educational institutions. Data includes names, email addresses, student IDs, and course information. Massive scale education sector breach.
Educational institutions using Canvas should notify affected individuals, offer credit monitoring, review access logs for unauthorized activity, implement enhanced authentication controls, and coordinate with Instructure on incident response.
Source: Malwarebytes • Published: 2026-05-01
Largest US public health system suffered 78-day breach (Nov 25, 2025 - Feb 11, 2026) affecting 1.8+ million people via compromised third-party vendor. Exposed medical records, SSNs, financial accounts, biometric data including fingerprints and palm prints, credentials, and geolocation data.
Implement third-party risk management program with continuous monitoring. Reduce vendor access to minimum necessary. Deploy network segmentation to isolate vendor connections. Offer affected individuals 24 months credit monitoring.
Source: PKWARE • Published: 2026-06-08
Silent Ransom Group using fake IT support calls and remote support sessions to target legal, financial, and professional services. Social engineering evolution bypassing technical defenses through impersonation and legitimate remote access tools.
Implement strict remote access verification procedures. Train staff on IT support impersonation tactics. Require multi-factor authentication for all remote sessions. Establish out-of-band verification for support requests.
Source: CISO Platform • Published: 2026-06-08
ShinyHunters extortion gang breached Charter Communications in early April 2026 stealing data from 4.9 million customer accounts including names, contact information, plan details, support tickets, and CPNI data.
Notify affected customers immediately. Implement enhanced monitoring for account takeover attempts. Review and harden authentication mechanisms. Investigate initial access vector and remediate.
Source: Privacy Guides • Published: 2026-04-01
CVE-2026-50751: Critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments using deprecated IKEv1 protocol. Actively exploited since May 7, 2026, with confirmed post-compromise activity linked to Qilin ransomware affiliate. CVSS 8.1.