Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups — Check Point disclosed active exploitation of CVE-2026-50751 (CVSS 9.3), a logic flaw in certificate validation affecting Remote Access VPN and Mobile Access deployments using the deprecated IKEv1 protocol. The bug lets an unauthenticated remote attacker establish a VPN session without a valid password, completely bypassing authentication. Exploitation was first observed as far back as May 7, 2026, and has since been linked to a Qilin ransomware affiliate that used a virtual private server infrastructure geolocated near target organizations to conduct attacks. A second related flaw, CVE-2026-50752, was also discovered that could enable adversary-in-the-middle attacks on site-to-site VPN connections, though no in-the-wild exploitation has been observed for that one yet.
C0XMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware — A new variant of the Gafgyt botnet dubbed C0XMO is actively exploiting a vulnerability in the DD-WRT open-source router firmware to build a network of enslaved devices across multiple CPU architectures. What makes C0XMO particularly aggressive is its behavior upon infecting a new device: it actively terminates competing malware processes already running on the host, clearing the field for itself before establishing persistence. The botnet is designed for flexibility and can pivot across device types, making it harder to contain through firmware-specific defenses alone.
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities — The intelligence agencies of the United States, United Kingdom, Australia, Canada, and New Zealand jointly warned that Chinese military intelligence officers are posing as recruiters on LinkedIn, Indeed, and Upwork to target government and military personnel with access to classified or sensitive information. The operation works by ranking applicants based on their potential access to privileged data, then gradually escalating requests for more sensitive “trial reports” while moving communications to encrypted messaging platforms and paying targets anywhere from a few hundred to several thousand dollars per submission. Authorities warn that even unclassified information can be combined with other sources to produce strategically significant intelligence, and that participants risk prosecution for espionage, job loss, and clearance revocation.
Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns — At Infosecurity Europe 2026, OWASP researcher Ariel Fogel delivered a blunt assessment: prompt injection remains an “unresolved problem” baked into the architecture of generative AI systems, not a bug that patches can fully fix. Unlike traditional injection vulnerabilities, prompt injection exploits the fundamental inability of large language models to reliably distinguish between trusted instructions and attacker-controlled content embedded in retrieved data or user input. Fogel’s warning lands as agentic AI deployments multiply across enterprise environments, dramatically expanding the attack surface and raising the stakes for any successful injection that hijacks an autonomous AI workflow.
Oxford University Careers Platform Hit by Third-Party Data Breach — The University of Oxford disclosed that its CareerConnect careers platform was compromised via a breach at third-party provider Group GTI, exposing users’ first names, last names, and email addresses — and, for those not using Single Sign-On, encrypted passwords as well. GTI assessed that the attack was aimed at harvesting credentials for use in future phishing campaigns, and has since patched the vulnerability and added additional security controls. Oxford confirmed no evidence of compromise to its own systems or to financial, course, or appointment data, but noted the incident is the second data breach to affect the university this term, following the separate Canvas/Instructure platform compromise that forced Oxford to temporarily disable access to its learning management system.
