24h | 7d | 30d

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 10 Posts
  • 2 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

unit42.paloaltonetworks.com/be

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

The CISA has updated its Known Exploited Vulnerabilities (KEV) catalog for a BeyondTrust vulnerability (CVE-2026-1731) indicating its exploitation in ransomware attacks. This critical flaw allows for unauthenticated remote code execution and has been observed in attacks targeting various sectors globally, with threat intelligence firms noting its use in reconnaissance, data theft, and malware deployment.
securityweek.com/beyondtrust-v

  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback

"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"

"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News
  • 1
  • 1
  • 0
  • 1h ago
Profile picture fallback
The latest update for #CyCognito includes "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk" and "Emerging Threat: CVE-2026-1731 – BeyondTrust Privileged Access Exposure Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Critical CVE-2026-1731 in BeyondTrust Remote Support/Privileged Remote Access permits OS command execution as the site user, enabling web shells, backdoors, and malware deployment.
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Critical BeyondTrust CVE-2026-1731 Exploited in the Wild: The Bash Arithmetic Injection That Hands Attackers the Keys to Your Kingdom + Video Introduction A recently disclosed critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products is under active…
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Anatomy of a Zero-Trigger RCE: Inside the BeyondTrust CVE-2026-1731 Attack Wave Deploying SparkRAT and VShell Backdoors + Video Introduction A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has triggered a wave of…
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Hospitals and clinics must urgently patch CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access to prevent ransomware footholds.
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.07%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: 7 hours ago

Bluesky

Profile picture fallback
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
🛑 Windows Admin Center - CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine Mon article à ce sujet 👇 - www.it-connect.fr/cve-2026-261... #infosec #cybersecurite #WindowsAdminCenter #Microsoft
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Microsoft revela una vulnerabilidad crítica en el Centro de administración de Windows (CVE-2026-26119). Atención! Una vulnerabilidad crítica en Windows Admin Center permite a atacantes tomar el control total del servidor. Actualiza ya. #ciberseguridad #cybersecurity www.linkedin.com/pulse/micros...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

13 May 2025
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.35%

KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 11 hours ago

Fediverse

Profile picture fallback
[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)
  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
[RSS] Discovery & Analysis of CVE-2025-29969 www.safebreach.com -> (Windows MS-EVEN RPC Remote Code Execution Vulnerability) Original->
  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
Discovery & Analysis of CVE-2025-29969
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP

17 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.

nvd.nist.gov/vuln/detail/CVE-2

The backing CVE data contains all of this:

cveawg.mitre.org/api/cve/CVE-2

  • 1
  • 3
  • 0
  • 14h ago
Profile picture fallback

CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. thecybermind.co/2026/02/20/cve

thecybermind.co/2026/02/20/cve

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows Notepad

10 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.09%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 16 hours ago

Fediverse

Profile picture fallback

A proof-of-concept has been released for a Windows Notepad vulnerability (CVE-2026-20841) that allows malicious command execution by tricking users into opening a crafted Markdown file and clicking a link. Microsoft has patched this high-severity flaw in its February 2026 release, affecting Notepad versions 11.2508 and earlier.
cybersecuritynews.com/poc-wind

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad www.thezdi.com -> ZDI analysis of the notorious vuln Original->
  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.53%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture fallback

CSS Cyberattacks

Hackers sneak malicious code into CSS to hide attacks, steal data & evade detection: injection for phishing, keylogging via selectors, clickjacking overlays, hidden malware, even zero-day Chrome flaw (CVE-2026-2441) patched Feb 2026.
Protect: sanitize inputs, strong CSP, keep updated, monitor traffic.

Stay safe

  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback

A proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome's Blink CSS engine that is actively being exploited in the wild. Users are urged to update Chrome immediately to the latest versions to patch this vulnerability.
cybersecuritynews.com/chrome-0

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • hcaptcha
  • hCaptcha for WP
  • hcaptcha-for-forms-and-more

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Statistics

  • 3 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315… https://github.com/NixOS/nixpkgs/pull/492405 #security
  • 0
  • 0
  • 1
  • 17h ago
Profile picture fallback
#492496 [25.11] wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315 fix #492485 changedetection-io: 0.51.4 -> 0.53.5 #492483 erlang_26: 26.2.5.16 -> 26.2.5.17, erlang_27: 27.3.4.7 -> 27.3.4.8, erlang_28: 28.3.1 -> 28.3.2
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • isaacs
  • node-tar

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.01%

KEV

Description

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26960 impacts tar in 8 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/428 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
📌 CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardl... https://www.cyberhub.blog/cves/CVE-2026-26960
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • Grandstream
  • GXP1610

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%

KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts

Last activity: 13 hours ago

Fediverse

Profile picture fallback

Hacking like the 1990s (cvss 9.8) —
A Cold War Style Vulnerability in Modern VoIP
‏ Presented by LowLevelTV –

[Invidious](yewtu.be/watch?v=I4brAvpjbrg)
[YouTube](youtube.com/watch?v=I4brAvpjbrg)

Writeups:

Douglas McKee
[The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP](rapid7.com/blog/post/ve-phone-)

Stephen Fewer:
[CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones](rapid7.com/blog/post/ve-cve-20)

#hacking #voip #security #infosec #osint #cve #bug

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Grandstream VoIP Flaw Enables Eavesdropping Read More: buff.ly/TSDAjK1 #Grandstream #VoIPSecurity #CVE20262329 #RootAccess #TelecomSecurity #CriticalVulnerability #PatchNow #CyberAlert
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • isaacs
  • minimatch

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26996 impacts minimatch in 10 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/427 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 18h ago
Showing 1 to 10 of 72 CVEs