Tag

Cve 2026 1731

All articles tagged with #cve 2026 1731

security1 month ago•2 min saved

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft

Threat actors are exploiting CVE-2026-1731 in BeyondTrust RS/PRA to run OS commands, deploy web shells and backdoors, establish C2, and exfiltrate data across sectors worldwide. Unit 42 reports use of a thin-scc-wrapper via WebSocket to execute commands in the site user context, effectively taking control of appliances and traffic. Campaigns include PHP backdoors, VShell, a bash dropper, and Spark RAT, with staged exfiltration of config files, internal databases, and PostgreSQL dumps. The activity aligns with prior CVE-2024-12356 issues, and CISA KEV confirms exploitation in ransomware operations.

via The Hacker News|

#beyondtrust #cve-2026-1731 #data-exfiltration

security1 month ago•5 min saved

BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates

Threat actors are actively exploiting BeyondTrust CVE-2026-1731 (CVSS 9.9) in the wild by abusing get_portal_info to harvest the x-ns-company value before WebSocket setup, enabling unauthenticated remote code execution; BeyondTrust notes PRA v25.1+ do not require patching, while RS requires the BT26-02-RS patch (v21.3–25.3.1) and PRA patch (BT26-02-PRA, v22.1–24.X); watchTowr, GreyNoise/Defused Cyber, and Arctic Wolf report rapid activity and persistence attempts using SimpleHelp and PSexec; CISA added CVE-2026-1731 to KEV with federal patch deadlines by Feb 16, 2026, and KEV also lists other flaws (CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, CVE-2024-43468).

via The Hacker News|

#beyondtrust #cisa-kev #cve-2026-1731