"The cybersecurity agency CISA has updated its Known Exploited Vulnerabilities (KEV) catalog entry for the BeyondTrust product flaw CVE-2026-1731 to inform organizations about its exploitation in ransomware attacks. CVE-2026-1731 is a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) that can be exploited for unauthenticated remote code execution. In-the-wild exploitation of the vulnerability began within 24 hours of a PoC being made public on February 10."
"Palo Alto Networks on Thursday said it has seen an increase in attacks exploiting the BeyondTrust vulnerability. The security firm has observed attackers conducting reconnaissance, stealing data, moving laterally, and deploying web shells, remote management tools, and backdoors. Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France."
CVE-2026-1731 is a critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access that allows unauthenticated remote code execution. A public proof-of-concept appeared on February 10, and in-the-wild exploitation began within 24 hours. CISA added the flaw to its KEV catalog on February 13 and instructed federal agencies to remediate it by February 16. CISA does not notify users when KEV entries are updated to indicate ransomware exploitation, but threat intelligence firm GreyNoise flagged an update warning of ransomware use. Security firms report reconnaissance, data theft, lateral movement, web shells, remote management tools, and backdoors across multiple sectors and countries. Some analysts call the activity pre-ransomware positioning, though no public links to specific ransomware groups are confirmed.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]