Your remote access tools are being used to dismantle your network. π
CVE-2026-1731 Β· Severity 9.9 Β· Critical unauthenticated RCE in Remote Support and PRA.
We are seeing a major escalation in the exploitation of @[BeyondTrust](urn:li:organization:12625) instances. Attackers are currently bypassing authentication to deploy VShell backdoors and SparkRAT for persistent control. The @[CISA](urn:li:organization:13010360) has confirmed these flaws are being used for reconnaissance, lateral movement, and data theft.
This campaign has already impacted sectors in the U.S., France, and Germany. Because these tools often hold the highest privileges in your network, a compromise here allows an attacker to bypass traditional identity controls entirely.
The uncomfortable truth: If you are running an unpatched management portal exposed to the internet, it is no longer a question of if you will be breached, but how long they have already been inside.
β Patch all self-hosted Remote Support and PRA appliances to version BT26-02 immediately.
β Restrict appliance portal access to internal VPN or verified IP allowlists only.
β Audit your main admin accounts for any unauthorized 60-second hijacks or new profile creations.
Have you confirmed that your remote support portals are hidden from public automated scanners? π
#Cybersecurity #ZeroTrust #PatchManagement #IncidentResponse #CISO #CodeDefence