Attackers are using your remote support tools to deploy ransomware. π
CVE-2026-1731 Β· Severity 9.9 Β· Critical unauthenticated RCE in Remote Support and PRA tools.
The @[CISA](urn:li:organization:13010360) has confirmed that this vulnerability is now being actively weaponized by ransomware groups. Attackers are bypassing authentication to deploy VShell and achieve full administrative persistence.
This affects self-hosted @[BeyondTrust](urn:li:organization:12625) instances that haven’t applied the emergency patches. Because these tools have high-level access to your endpoints, a compromise here is often a “game over” scenario for the domain.
The uncomfortable truth: The tools you trust most for remote administration are currently the highest-value targets for initial network entry.
β Patch all self-hosted Remote Support and PRA appliances to version BT26-02 immediately.
β Restrict management portal access to internal VPN or verified IP ranges only.
β Audit your credential vaults for any unauthorized exports or new admin account creations.
Have you verified your remote support tool logs for unauthorized command execution today? π
#Cybersecurity #ZeroTrust #PatchManagement #Ransomware #CISO #CodeDefence