Cyber Security News

Hacking Editorial Brief — June 12, 2026

Check Point Deploys Emergency Hotfix for Exploited VPN Bypass Flaw

Check Point released an urgent hotfix for CVE-2026-50751, a critical authentication bypass vulnerability in its deprecated IKEv1 VPN protocol currently under active exploitation. Financially motivated threat actors are leveraging the flaw to deploy Qilin ransomware against vulnerable infrastructure. The vulnerability allows unauthenticated attackers to bypass VPN authentication controls entirely, providing direct network access. Organizations using Check Point VPN services should apply the emergency hotfix immediately, particularly those still running legacy IKEv1 configurations. The incident underscores the continued risk posed by deprecated protocols that remain in production environments.

Void Blizzard Operative Extradited; Iran-Linked Group Claims California Water System Breach

Russian national Denis Obrezko was extradited from Thailand to the United States to face charges related to his alleged support of Void Blizzard, a Kremlin-linked hacking group tracked by Microsoft.Separately, Iran-linked hacktivist group Handala claimed responsibility for breaching California water infrastructure systems on Thursday, describing the operation as retaliation according to Iranian state-affiliated media. The claim had not been independently verified at the time of publication. In defensive developments, GitHub announced npm 12 will disable install scripts by default to mitigate supply chain attacks, requiring explicit approval before executing dependency code during package installation. Oracle also issued urgent patching guidance after discovering remote code execution vulnerabilities in PeopleSoft servers already exploited by attackers.

Sources: Check Point · Pluang · Iran International · The Hacker News · PYMNTS