24h | 7d | 30d

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 10 Posts
  • 2 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

The CISA has updated its Known Exploited Vulnerabilities (KEV) catalog for a BeyondTrust vulnerability (CVE-2026-1731) indicating its exploitation in ransomware attacks. This critical flaw allows for unauthenticated remote code execution and has been observed in attacks targeting various sectors globally, with threat intelligence firms noting its use in reconnaissance, data theft, and malware deployment.
securityweek.com/beyondtrust-v

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"

"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: thehackernews.com/2026/02/beyo

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

  • 0
  • 0
  • 1
  • 1h ago

Bluesky

Profile picture fallback
Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News
  • 1
  • 1
  • 0
  • 7h ago
Profile picture fallback
Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Critical CVE-2026-1731 in BeyondTrust Remote Support/Privileged Remote Access permits OS command execution as the site user, enabling web shells, backdoors, and malware deployment.
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Critical BeyondTrust CVE-2026-1731 Exploited in the Wild: The Bash Arithmetic Injection That Hands Attackers the Keys to Your Kingdom + Video Introduction A recently disclosed critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products is under active…
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Anatomy of a Zero-Trigger RCE: Inside the BeyondTrust CVE-2026-1731 Attack Wave Deploying SparkRAT and VShell Backdoors + Video Introduction A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has triggered a wave of…
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Hospitals and clinics must urgently patch CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access to prevent ransomware footholds.
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.53%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture fallback

CSS Cyberattacks

Hackers sneak malicious code into CSS to hide attacks, steal data & evade detection: injection for phishing, keylogging via selectors, clickjacking overlays, hidden malware, even zero-day Chrome flaw (CVE-2026-2441) patched Feb 2026.
Protect: sanitize inputs, strong CSP, keep updated, monitor traffic.

Stay safe

  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback

A proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome's Blink CSS engine that is actively being exploited in the wild. Users are urged to update Chrome immediately to the latest versions to patch this vulnerability.
cybersecuritynews.com/chrome-0

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Windows 10 Version 1507

13 May 2025
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.35%

KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 4 Posts
  • 2 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture fallback
[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)
  • 0
  • 1
  • 0
  • 17h ago

Bluesky

Profile picture fallback
[RSS] Discovery & Analysis of CVE-2025-29969 www.safebreach.com -> (Windows MS-EVEN RPC Remote Code Execution Vulnerability) Original->
  • 1
  • 0
  • 0
  • 17h ago
Profile picture fallback
Discovery & Analysis of CVE-2025-29969
  • 0
  • 0
  • 1
  • 23h ago

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.07%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 3 Posts

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🛑 Windows Admin Center - CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine Mon article à ce sujet 👇 - www.it-connect.fr/cve-2026-261... #infosec #cybersecurite #WindowsAdminCenter #Microsoft
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Microsoft revela una vulnerabilidad crítica en el Centro de administración de Windows (CVE-2026-26119). Atención! Una vulnerabilidad crítica en Windows Admin Center permite a atacantes tomar el control total del servidor. Actualiza ya. #ciberseguridad #cybersecurity www.linkedin.com/pulse/micros...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP

17 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.

nvd.nist.gov/vuln/detail/CVE-2

The backing CVE data contains all of this:

cveawg.mitre.org/api/cve/CVE-2

  • 1
  • 3
  • 0
  • 20h ago
Profile picture fallback

CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. thecybermind.co/2026/02/20/cve

thecybermind.co/2026/02/20/cve

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • hcaptcha
  • hCaptcha for WP
  • hcaptcha-for-forms-and-more

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Statistics

  • 3 Posts

Last activity: 11 hours ago

Bluesky

Profile picture fallback
wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315… https://github.com/NixOS/nixpkgs/pull/492405 #security
  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback
#492496 [25.11] wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315 fix #492485 changedetection-io: 0.51.4 -> 0.53.5 #492483 erlang_26: 26.2.5.16 -> 26.2.5.17, erlang_27: 27.3.4.7 -> 27.3.4.8, erlang_28: 28.3.1 -> 28.3.2
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • isaacs
  • node-tar

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.01%

KEV

Description

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26960 impacts tar in 8 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/428 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
📌 CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardl... https://www.cyberhub.blog/cves/CVE-2026-26960
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Grandstream
  • GXP1610

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%

KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts

Last activity: 19 hours ago

Fediverse

Profile picture fallback

Hacking like the 1990s (cvss 9.8) —
A Cold War Style Vulnerability in Modern VoIP
‏ Presented by LowLevelTV –

[Invidious](yewtu.be/watch?v=I4brAvpjbrg)
[YouTube](youtube.com/watch?v=I4brAvpjbrg)

Writeups:

Douglas McKee
[The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP](rapid7.com/blog/post/ve-phone-)

Stephen Fewer:
[CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones](rapid7.com/blog/post/ve-cve-20)

#hacking #voip #security #infosec #osint #cve #bug

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
Grandstream VoIP Flaw Enables Eavesdropping Read More: buff.ly/TSDAjK1 #Grandstream #VoIPSecurity #CVE20262329 #RootAccess #TelecomSecurity #CriticalVulnerability #PatchNow #CyberAlert
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Samsung Mobile
  • Samsung Mobile Devices

07 Jan 2022
Published
21 Oct 2025
Updated

CVSS v3.1
MEDIUM (5.0)
EPSS
0.16%

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 23 hours ago

Fediverse

Profile picture fallback

Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post soez.github.io/posts/CVE-2022- by @javierprtd

  • 1
  • 3
  • 0
  • 23h ago

Overview

  • librenms
  • librenms

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.00%

KEV

Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26990 - LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnera... https://www.cyberhub.blog/cves/CVE-2026-26990
  • 0
  • 1
  • 0
  • 19h ago
Showing 1 to 10 of 70 CVEs