Which threat actor is linked to the Notepad++ supply chain attack?

The China-linked state-sponsored group Lotus Blossom (also known as Billbug or Raspberry Typhoon) is responsible for the attack.

What is the impact of CVE-2024-43468 in Microsoft Configuration Manager?

This SQL injection vulnerability allows unauthenticated attackers to run commands on the server and the underlying database.

How does CVE-2026-20700 affect Apple devices?

It is a memory buffer overflow that allows attackers with memory write capabilities to run arbitrary code, potentially delivering commercial spyware.

What are the remediation deadlines set by CISA?

Agencies must address CVE-2025-40536 by February 15, 2026, and the other three vulnerabilities by March 5, 2026.

Attack

BeyondTrust and CISA Warn of Active Exploitation of Remote Support and Privileged Remote Access Flaw

Q: What is the technical mechanism of the BeyondTrust vulnerability?

Attackers abuse the get_portal_info function to extract the x-ns-company value before setting up a WebSocket channel to run operating system commands.

published: Feb. 14, 2026

Take action: Patch your BeyondTrust instances, start patching NOT. Attackers are using public exploit code to target these systems within hours of disclosure. Where possible, isolate all systems from the internet.

Learn More

CISA and BeyondTrust report that threat actors are actively exploiting a critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access products.

The exploited flaw is tracked as CVE-2026-1731 (CVSS score 9.9) - An operating system command injection vulnerability that allows unauthenticated attackers to run arbitrary commands. Attackers abuse the get_portal_info function to extract the x-ns-company value before setting up a WebSocket channel to run operating system commands.

BeyondTrust exploitation began less than 24 hours after a proof-of-concept was released, with 86% of reconnaissance coming from a single VPN-associated IP address in Frankfurt.

The BeyondTrust flaw affects Remote Support versions 21.3 through 25.3.1 and Privileged Remote Access versions 22.1 through 24.X.

BeyondTrust has released patches BT26-02-RS and BT26-02-PRA to resolve the command injection issue. Cloud customers were updated automatically. CISA has set a deadline of required remediation by March 5, 2026.

BeyondTrust and CISA Warn of Active Exploitation of Remote Support and Privileged Remote Access Flaw

Read More
Vulnerability in aiohttp scanned for exploit by ShadowSyndicate …
Microsoft warns of 2 year old vulnerability actively …
Chinese cyber espionage group uses Cisco zero-day flaw …
CISA reportd active exploitation of Meteobridge command injection …
Fortinet warns of active exploitation of FortiManager flaw