Skip to content
Krypteia Sec
Back to Threat Intel
TLP:CLEARCTI-2026-0625

Daily Threat Intelligence Brief - June 25, 2026

Qilin exploits Check Point VPN zero-day CVE-2026-50751 (CVSS 9.3) as CISA orders 3-day patch; Citrix NetScaler CVE-2026-3055 (CVSS 9.8) under mass exploitation; max-severity Ubiquiti UniFi OS flaws CVE-2026-34908/34910 added to KEV; FortiBleed exposes 73,000 FortiGate firewalls; Miasma worm trojanizes 32 Red Hat npm packages.

By The Operator·June 25, 2026·14 min read
ctivulnerabilitiesransomwareai-securityagentic-aithreat-actors

The Operator's Take

The story this week is not a single CVE, it is a pattern: the network edge is the initial-access market, and ransomware crews have industrialized it. Check Point, Citrix NetScaler, and Cisco Catalyst SD-WAN all bled remote-access zero-days in June, FortiBleed dumped administrator credentials for tens of thousands of FortiGate firewalls, and Check Point's own analysts assess the Qilin-linked actor behind CVE-2026-50751 is also working Palo Alto, Fortinet, and F5 VPN bugs from the same infrastructure. That is one crew treating every VPN concentrator on the internet as a turnstile. The non-obvious connection: while security teams chase AI headlines, the "boring" edge appliance is what is actually getting them ransomwared, and the second front, the developer and agent supply chain (Miasma npm, the Cordyceps CI/CD weakness, MCP tool poisoning), is the same play aimed at a softer perimeter. Both edges sell the same product: unauthenticated access at scale. What a defender should do differently this week is stop triaging by CVSS alone and triage by exposure: inventory and kill deprecated IKEv1 on Check Point gateways today, rotate FortiGate credentials that were never re-hashed after upgrade, and treat any CI secret or npm token touched after June 1 as already burned. The patch is the easy part. The credential and protocol debt sitting behind the patch is what gets exploited next.

Executive Summary

  • CVE-2026-50751 (CVSS 9.3), a Check Point VPN authentication bypass, is exploited in the wild since May 7 by a Qilin ransomware affiliate. CISA gave federal agencies three days to patch. (Check Point)
  • CVE-2026-3055 (CVSS 9.8), a Citrix NetScaler SAML Identity Provider out-of-bounds read enabling code execution, is under large-scale exploitation confirmed by Fortinet threat intelligence. (Threat-Modeling.com)
  • CISA added three max-severity Ubiquiti UniFi OS flaws (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) to the KEV catalog on June 23, after zero-day exploitation created rogue "John Sim" administrator accounts. (BleepingComputer)
  • CVE-2026-20245, a Cisco Catalyst SD-WAN Manager root command-execution zero-day, was exploited for months before patching and is the 7th Cisco SD-WAN bug exploited in 2026. (SecurityWeek)
  • FortiBleed exposed verified administrator credentials for more than 73,000 internet-facing FortiGate firewalls, roughly half of all internet-reachable FortiGate devices across 194 countries. (Bitsight)
  • Microsoft's June Patch Tuesday was the largest in history, addressing more than 200 CVEs including multiple zero-days, among them the HTTP.sys RCE CVE-2026-47291 (CVSS 9.8) and the Microsoft Defender RoguePlanet SYSTEM-access flaw. (BleepingComputer)
  • The Miasma worm trojanized at least 32 @redhat-cloud-services npm packages (~80,000 weekly downloads) via a compromised employee GitHub account and valid SLSA provenance. (Wiz)
  • Prompt injection remains OWASP's number one LLM risk for 2026, with reported year-over-year growth of 340% and tool-poisoning attack success rates reaching 72% against MCP-connected agents. (Practical DevSecOps)
  • PRC actor Salt Typhoon breached U.S. House Committee staff emails focused on national-security work, and the FBI confirms the operation is still ongoing. (DarkReading)

Critical Vulnerabilities

CVE-2026-50751: Check Point VPN Authentication Bypass

A logic-flow weakness in the certificate validation path of Check Point Remote Access and Mobile Access lets an unauthenticated attacker establish a VPN session without a valid password. CVSS is 9.3. The flaw affects gateways configured for the deprecated IKEv1 protocol and also affects Check Point Spark firewalls used by small and medium businesses. Exploitation has been observed since May 7, 2026, increasing in early June, and is limited so far to a few dozen targeted organizations. CISA added it to the KEV catalog and ordered federal agencies to remediate within three days. A companion flaw, CVE-2026-50752, affects IKEv1 certificate validation and may allow man-in-the-middle interference with site-to-site VPN traffic.

CVE-2026-3055: Citrix NetScaler SAML IdP Out-of-Bounds Read

An out-of-bounds read in NetScaler ADC and Gateway when operating as a SAML Identity Provider lets a remote attacker send a crafted SAML request to trigger a memory overread that can be driven to arbitrary code execution. CVSS is 9.8. Fortinet's threat intelligence team confirmed large-scale active exploitation. This is the latest in a long line of NetScaler edge bugs and should be treated as an active breach vector, not a future risk.

CVE-2026-20245: Cisco Catalyst SD-WAN Manager Root Command Execution

A flaw in the CLI of Cisco Catalyst SD-WAN Manager lets an authenticated local attacker with netadmin privileges upload a crafted file to escalate and run arbitrary commands as root. It was exploited in the wild for months before a fix existed and is the 7th Cisco SD-WAN vulnerability exploited in 2026. CISA added it to the KEV catalog on June 9. Treat management-plane access to SD-WAN controllers as a crown-jewel boundary and restrict it accordingly.

CVE-2026-34908 / 34909 / 34910: Ubiquiti UniFi OS Exploitation Chain

CISA added three Ubiquiti UniFi OS flaws to the KEV catalog on June 23 with a June 26 remediation deadline. CVE-2026-34908 is an improper access control bug allowing unauthorized configuration changes. CVE-2026-34909 is a path traversal allowing file read and manipulation. CVE-2026-34910 is an improper input validation bug enabling command injection. Chained, they yield root remote code execution. Operators reported zero-day exploitation that created rogue administrator accounts named "John Sim" during automated reconnaissance.

CVE-2026-11645: Google Chrome V8 Zero-Day

An out-of-bounds memory access in Chrome's V8 JavaScript and WebAssembly engine, CVSS 8.8, was actively exploited before Google's June 9 emergency patch and was added to the KEV catalog. Browser zero-days remain a reliable drive-by foothold for both espionage and commodity crime. Confirm forced auto-update across the fleet.

Microsoft June 2026 Patch Tuesday: Record 200-Plus CVEs

Microsoft shipped the largest Patch Tuesday on record, fixing more than 200 vulnerabilities including multiple publicly disclosed and exploited zero-days. Highlights:

CVE Component Impact Note
CVE-2026-47291 HTTP.sys Remote code execution (CVSS 9.8) Unauthenticated, no user action
CVE-2026-45586 Windows CTFMON ("GreenPlasma") SYSTEM elevation of privilege Publicly disclosed
CVE-2026-49160 HTTP.sys ("HTTP/2 Bomb") Denial of service Publicly disclosed
CVE-2026-50507 Windows BitLocker Security feature bypass Physical-access data exposure
RoguePlanet Microsoft Defender SYSTEM access on updated Windows Zero-day, see source

FortiBleed: Mass FortiGate Credential Exposure

FortiBleed is a credential-compromise campaign that exposed verified administrator credentials for more than 73,000 internet-facing FortiGate firewalls, roughly half of all internet-reachable FortiGate devices across 194 countries. The root cause is FortiOS credential handling that leaves administrator passwords stored as weak SHA-256 hashes until an admin manually logs in after an upgrade. Attackers used a 45-GPU offline cracking rig to break the hashes at scale. The dataset, including VPN credentials and firewall configuration data, is circulating in criminal markets. Force a password reset on every FortiGate that was upgraded without a subsequent admin login.

Oracle June 2026 Critical Patch Update: 245 Fixes

Oracle's June Critical Patch Update delivered 245 security fixes spanning Communications, E-Business Suite, Enterprise Manager, and other product families. Prioritize internet-facing E-Business Suite and middleware components first.

AI Security Threats

The AI attack surface in June 2026 splits into two reinforcing problems: the model still cannot reliably tell instructions from data, and the agent now has hands. Prompt injection remains the number one risk on the OWASP Top 10 for LLM applications in 2026, with reporting that the attack category grew 340% year over year and appears in a majority of production AI deployments. The severity is no longer theoretical: a single manipulated input becomes a multi-tool kill chain the moment the model can call functions.

MCP tool poisoning is the supply-chain version of prompt injection. In May 2026, researchers at OX Security described a systemic weakness in Model Context Protocol implementations as "the mother of all AI supply chains." Benchmarks against real-world MCP servers recorded tool-poisoning attack success rates above 60%, peaking at 72%, where a malicious tool description manipulates an agent into unsafe actions. The counterintuitive finding for defenders: the most capable models often performed worse, because superior instruction-following made them more compliant with malicious metadata. In one study the most resistant model refused poisoned tool calls less than 3% of the time. Static metadata analysis, model decision-path tracking, and behavioral anomaly detection are the proposed mitigations, and none of them are turnkey yet.

Concrete agentic exploits are already in the catalog. CVE-2025-53773 showed that hidden prompt injection in a pull-request description could drive remote code execution through an AI coding assistant, rated CVSS 9.6. The EchoLeak finding against Microsoft 365 Copilot demonstrated a zero-click prompt injection that could read and silently exfiltrate enterprise data with no user click. These are the reference cases for why agentic red teaming has to test the whole tool chain, not just the prompt box.

The developer pipeline is the newest agentic target. Researchers disclosed a CI/CD workflow weakness called Cordyceps that lets any unauthenticated user hijack workflows and compromise open-source supply chains, with potential exposure across repositories at organizations including Microsoft, Google, Apache, and Cloudflare. Pair that with the Miasma npm worm and the picture is clear: as more of the build and deploy path is driven by autonomous agents and automation tokens, the path itself becomes the prize.

Threat Actor Activity

Actor Attribution Recent Activity Source
Salt Typhoon PRC state Breached U.S. House Committee staff emails on national-security work; FBI confirms operation still ongoing DarkReading
APT28 Russia (GRU) Targeted transportation, logistics, and technology firms for military intelligence collection The Security Bench
Iranian state groups Iran Hit energy producers and critical infrastructure with credential harvesting, wipers, and ransomware SecurityWeek
Storm-2603 Undetermined Exploiting unpatched SharePoint (CVE-2025-49706, CVE-2025-49704) to deploy ransomware and custom backdoors Cyber Security News
KongTuke / Mistic Financially motivated Deploying the Mistic (MLTBackdoor) implant since April 2026 across insurance, education, IT, and professional services The Hacker News
Qilin affiliate Financially motivated Exploiting Check Point VPN CVE-2026-50751; assessed to also work Palo Alto, Fortinet, and F5 VPN bugs SecurityWeek

The through-line across the financially motivated activity is the edge appliance. The same Qilin-linked infrastructure that exploited Check Point is assessed to be probing other VPN vendors, which means a defender who patches only Check Point and stops has misread the campaign.

Ransomware and Data Breaches

Incident Actor Impact Source
Check Point VPN intrusions Qilin affiliate A few dozen organizations breached via CVE-2026-50751, ELF ransomware payloads staged Help Net Security
DentaQuest ShinyHunters 2.6 million accounts exposed including names, emails, government IDs, health insurance details TechCrunch
UN World Food Programme Undetermined Unauthorized access to a Gaza self-registration app exposed data on about 600,000 Palestinian households TechCrunch
Healthcare sector (aggregate) Multiple 772 breaches affecting 500 or more individuals reported to OCR in 2026, a historic high HIPAA Journal
Red Hat npm packages Miasma operator 32 trojanized @redhat-cloud-services packages, ~80,000 weekly downloads, credential-stealing worm Cybersecurity Dive

Ransomware in 2026 is converging on two reliable entry points: the unpatched internet-facing appliance and the poisoned dependency. Both bypass the endpoint controls most programs invest in most heavily.

Recommended Actions

Immediate (0 to 72 hours)

  • Patch Check Point gateways for CVE-2026-50751 and CVE-2026-50752, and disable the deprecated IKEv1 protocol where it is still enabled. Federal agencies are under a three-day CISA deadline; treat that as the bar for everyone.
  • Patch NetScaler ADC and Gateway for CVE-2026-3055 and hunt for crafted SAML requests against any SAML IdP configuration.
  • Remediate Ubiquiti UniFi OS (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) before the June 26 deadline and audit for rogue administrator accounts, including the reported "John Sim" pattern.
  • Force a credential reset on every FortiGate that was upgraded without a subsequent administrator login, and assume any exposed admin or VPN credential is already cracked.
  • Confirm Chrome auto-update completed fleet-wide for CVE-2026-11645, and deploy the June Microsoft updates with HTTP.sys (CVE-2026-47291) and the Defender RoguePlanet fix prioritized.

Short-Term (1 to 4 weeks)

  • Rotate all CI/CD secrets, cloud credentials, SSH keys, and npm tokens that were active after June 1, 2026, and audit dependency trees for the affected @redhat-cloud-services versions. Pin and verify provenance rather than trusting SLSA badges alone.
  • Restrict management-plane access to SD-WAN controllers and other edge management interfaces to dedicated admin networks, and review Cisco Catalyst SD-WAN Manager (CVE-2026-20245) for abuse.
  • Hunt for SharePoint exploitation (CVE-2025-49706, CVE-2025-49704) and the Mistic / MLTBackdoor implant if you operate on-premises SharePoint or match the targeted sectors.
  • Inventory every internet-facing VPN and firewall by vendor and protocol, because the active campaign is multi-vendor, not Check Point alone.

Strategic

  • Govern AI agents and MCP connections as a trust boundary. Allowlist and pin MCP tools, validate tool metadata statically, log and review agent decision paths, and run agentic red teaming against the full tool chain rather than only the prompt interface.
  • Treat prompt injection as an unsolved frontier risk. Constrain what agents can do after they are influenced: least-privilege tool access, human approval for high-impact actions, and egress controls to limit silent data exfiltration of the EchoLeak class.
  • Shift edge-appliance management from patch-reactive to exposure-driven. Build an authoritative inventory, kill deprecated protocols by policy, and rotate appliance credentials on a fixed cadence rather than on upgrade, since the credential debt outlives the patch.

Sources

ΛKrypteia Sec Research·June 25, 2026