tldrdailynews.com logo
Tag

Beyondtrust

All articles tagged with #beyondtrust

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft
security1 month ago

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft

Threat actors are exploiting CVE-2026-1731 in BeyondTrust RS/PRA to run OS commands, deploy web shells and backdoors, establish C2, and exfiltrate data across sectors worldwide. Unit 42 reports use of a thin-scc-wrapper via WebSocket to execute commands in the site user context, effectively taking control of appliances and traffic. Campaigns include PHP backdoors, VShell, a bash dropper, and Spark RAT, with staged exfiltration of config files, internal databases, and PostgreSQL dumps. The activity aligns with prior CVE-2024-12356 issues, and CISA KEV confirms exploitation in ransomware operations.

via The Hacker News|
#beyondtrust#cve-2026-1731#data-exfiltration
Feds told to patch BeyondTrust flaw within 3 days after active exploitation
technology1 month ago

Feds told to patch BeyondTrust flaw within 3 days after active exploitation

CISA ordered Federal civilian agencies to patch BeyondTrust Remote Support and Privileged Remote Access within three days after CVE-2026-1731, a remote code execution flaw that’s been actively exploited. SaaS instances were patched by BeyondTrust on Feb 2, 2026, but on-premise deployments require manual updates. Exploitation can allow unauthenticated remote code execution, risking system compromise, data exfiltration, and service disruption. Threat intel reports active exploitation and about 11,000 exposed instances (roughly 8,500 on‑premises). The agency added the CVE to its Known Exploited Vulnerabilities catalog and urged mitigations or discontinuation per vendor guidance under BOD 22-01.

via BleepingComputer|
#beyondtrust#cybersecurity#government
BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates
security1 month ago

BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates

Threat actors are actively exploiting BeyondTrust CVE-2026-1731 (CVSS 9.9) in the wild by abusing get_portal_info to harvest the x-ns-company value before WebSocket setup, enabling unauthenticated remote code execution; BeyondTrust notes PRA v25.1+ do not require patching, while RS requires the BT26-02-RS patch (v21.3–25.3.1) and PRA patch (BT26-02-PRA, v22.1–24.X); watchTowr, GreyNoise/Defused Cyber, and Arctic Wolf report rapid activity and persistence attempts using SimpleHelp and PSexec; CISA added CVE-2026-1731 to KEV with federal patch deadlines by Feb 16, 2026, and KEV also lists other flaws (CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, CVE-2024-43468).

via The Hacker News|
#beyondtrust#cisa-kev#cve-2026-1731