CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates.

Why did CISA give federal agencies 3 days?

CISA response to an actively exploited VPN bug CISA directed US federal agencies to fix a VPN vulnerability within three days after a ransomware gang began exploiting it. The issue affected security tools used across the federal government, meaning the operational blast radius could be broad if…

LiteLLM Vulnerability CVE-2026-42271: 7 Things to Know

CISA added CVE-2026-42271, a command injection flaw in LiteLLM, to its Known Exploited Vulnerabilities catalog this morning. Researchers at Horizon3.ai have confirmed a chained exploit path that achieves unauthenticated remote code execution with no credentials required. Here is what you need to know. 1. What LiteLLM is and why it’s a target LiteLLM is an […] The post Top 7 Things to Know About the LiteLLM CVE-2026-42271 Exploit appeared first o…

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers.