Security1 min read

Urgent Action Needed: CISA Orders U.S. Federal Agencies to Patch Critical VPN Flaw Exploited by Ransomware Gang

The U.S. cybersecurity agency CISA has issued a stern warning, demanding all civilian agencies quickly fix an unpatched flaw in their security tools before it’s exploited further.

Admin User

Updated Jun 11, 2026
0
Urgent Action Needed: CISA Orders U.S. Federal Agencies to Patch Critical VPN Flaw Exploited by Ransomware Gang

A ransomware group is actively exploiting an unpatched vulnerability in critical security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order immediate action. According to a statement from Check Point Software, the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers protecting company networks from unauthorized access.

The cybersecurity firm revealed that this vulnerability has already been used by a known ransomware group called Qilin to hack into ‘a few dozen targeted organizations globally’ relying on the affected security tools. The attacks began on May 7 but have increased in frequency recently, according to Check Point.

Given the severity of the threat, CISA has issued an urgent order under BOD 22-01, its operational guidance memo that allows it to instruct agencies when there is an active cyber threat. The agency mandated all civilian federal agencies – including Homeland Security, the Department of State, and the Treasury – to remediate any instances where they are using the affected products by the end of day June 11.

“The risk posed by this unpatched vulnerability to our enterprise network is too great,” said CISA in a statement. “We cannot afford to delay action.”

cybersecurityCISAransomwarevulnerability