If attackers own your remote access, they own your entire domain. ๐
CVE-2026-1731 ยท Severity 9.9 ยท Critical unauthenticated remote code execution in @[BeyondTrust](urn:li:organization:12625) Remote Support.
We are seeing mass exploitation attempts against self-hosted appliances within 24 hours of proof-of-concept release. This is no longer a theoretical risk; it is an active threat to your infrastructure.
The @[CISA](urn:li:organization:13010360) has moved this to the KEV list with an immediate remediation deadline. Attackers are using this entry point to bypass identity checks and gain full administrative persistence.
The uncomfortable truth: The tools you trust to provide secure access are now the most targeted gateways into your internal network.
โ Patch all self-hosted Remote Support and PRA appliances to version BT26-02 immediately.
โ Restrict appliance management portals to known IP ranges or internal-only access.
โ Audit your service account logs for any unusual lateral movement originating from support nodes.
Is your remote access infrastructure currently internet-exposed without secondary IP restrictions? ๐
#Cybersecurity #ZeroTrust #IncidentResponse #ThreatIntelligence #CISO #CodeDefence