THE page discusses critical vulnerabilities detected in two CVEs (CVE-2026-42271 and CVE-2026-50751), with a specific focus on a Check Point VPN exploit that is active in the wild. It outlines a new tactic used by cybercriminals to hijack traffic intended for trusted open-source tools via cloned websites, which trick users into downloading malware.
The report details how these deceptive sites leverage complex malicious traffic routing and a Traffic Distribution System (TDS) to deliver malware while evading detection. Notable malware families highlighted include SessionGate— a framework designed to distribute unwanted applications— and RemusStealer, which targets sensitive browser information. Users are urged to verify download sources and employ strict application allowlisting to mitigate risks.