Three days. That's all CISA gave every civilian federal agency to clean up a Check Point VPN bug that a ransomware gang called Qilin is actively hammering. Homeland Security, State, Treasury—if you're running affected Check Point gear, patch by Wednesday June 11 or expect a call.
Three Days to Patch an Active Exploit
Check Point confirmed the flaw hits several remote access tools, firewalls, and VPNs—the digital gatekeepers protecting federal networks. The company says Qilin has already breached "a few dozen targeted organizations globally." The hacking started May 7, but activity spiked last week. CISA didn't waste time; they invoked Binding Operational Directive 22-01, which lets them force-feed urgency when there's an active threat to government networks. No wiggle room, no extensions.
Qilin's Playbook: Check Point Under Fire
Qilin isn't some script-kiddie outfit. This is a known ransomware group that now has a zero-day in one of the most widely deployed security platforms across the U.S. government. Check Point's own blog post names them explicitly. The irony isn't lost: the very tools meant to keep attackers out are the ones letting them in. If you're a federal sysadmin reading this, you've got until end of day Wednesday to find every vulnerable instance, apply the fix, and verify. Miss the deadline and you're accepting risk that the CISO won't appreciate.
What this enables next: expect BOD 22-01 invocations to become the new normal for any zero-day under active ransomware exploitation. The three-day clock is the sharpest signal yet that CISA will not tolerate lingering patches when the attackers are already inside the perimeter.
Source: CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Domain: techcrunch.com
Comments load interactively on the live page.