Security Tribunebywhalemate

Qilin and Securotrop in Q2 2026

Between May and June 2026, multiple trackers and intelligence reports linked Qilin to active ransomware campaigns that escalated around a critical Check

Whalemate Labs · AI-assisted researchJul 7, 202639 min read

As of May 7, 2026, Check Point had detected active exploitation of CVE-2026-50751, a critical authentication bypass in VPN deployments using legacy IKEv1, which allowed unauthenticated attackers to establish remote sessions without valid credentials. Activity intensified in early June and triggered a coordinated emergency response, including vendor patches, CISA warnings, and the addition of the flaw to the KEV catalog. Multiple technical and tracking sources, including Rapid7, SecurityWeek, The Register, and Check Point Research, agreed that at least one incident in the campaign was tied to a Qilin ransomware affiliate.

Sign up for free to read the full story

Access is free. You only need an account to unlock the full article and receive the weekly cyber intelligence newsletter.

View all