A critical vulnerability in Check Point's Remote Access VPN and Mobile Access products has been actively exploited since early May, allowing attackers to bypass authentication and establish unauthorized VPN sessions.