Cybersecurity

Cyber: Researchers Observe In-the-wild Exploitation Of Beyondtrust Cvss...

2026-02-13 0 views admin
Cyber: Researchers Observe In-the-wild Exploitation Of Beyondtrust Cvss...

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr.

"Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel."

The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests.

BeyondTrust noted last week that successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption.

The use of CVE-2026-1731 demonstrates how quickly threat actors can weaponize new vulnerabilities, significantly shrinking the window for defenders to patch critical systems.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows -

It's worth noting that CVE-2024-43468 was patched by Microsoft in October 2024 as part of its Patch Tuesday updates. It's currently unclear how this vulnerability is being exploited in real-world attacks. Nor is there any information about the identity of the threat actors exploiting the flaw and the scale of such efforts.

The addition of CVE-2024-43468 to the KEV catalog follows a recent report from Microsoft about a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets.

However, the Windows maker said it's not evident if the attacks exploited CVE-2025-40551, CVE-2025-40536, or CVE-2025-26399, since attacks occurred in December 2025 and on machines vulnerable to both the old and new sets of vulnerabilities.

As for CVE-2026-20700, Apple acknowledged that the shortcoming may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26, raising the possibility that it was l

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityvulnerabilitycveattack

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views