24h | 7d | 30d

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 10 Posts
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

unit42.paloaltonetworks.com/be

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
ekiledjian @edwardk

The CISA has updated its Known Exploited Vulnerabilities (KEV) catalog for a BeyondTrust vulnerability (CVE-2026-1731) indicating its exploitation in ransomware attacks. This critical flaw allows for unauthenticated remote code execution and has been observed in attacks targeting various sectors globally, with threat intelligence firms noting its use in reconnaissance, data theft, and malware deployment.
securityweek.com/beyondtrust-v

  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
/G|T|R|O|N|I|X\ :python: :emacs: :nix: :linux: @gtronix

"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"

"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
News Analysis @newsanalysis.com
Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News
  • 1
  • 1
  • 0
  • 1h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk" and "Emerging Threat: CVE-2026-1731 – BeyondTrust Privileged Access Exposure Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Critical CVE-2026-1731 in BeyondTrust Remote Support/Privileged Remote Access permits OS command execution as the site user, enabling web shells, backdoors, and malware deployment.
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical BeyondTrust CVE-2026-1731 Exploited in the Wild: The Bash Arithmetic Injection That Hands Attackers the Keys to Your Kingdom + Video Introduction A recently disclosed critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products is under active…
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Anatomy of a Zero-Trigger RCE: Inside the BeyondTrust CVE-2026-1731 Attack Wave Deploying SparkRAT and VShell Backdoors + Video Introduction A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has triggered a wave of…
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Hospitals and clinics must urgently patch CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access to prevent ransomware footholds.
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine it-connect.fr/cve-2026-26119-c #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

  • 1
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
IT-Connect @it-connect.bsky.social
🛑 Windows Admin Center - CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine Mon article à ce sujet 👇 - www.it-connect.fr/cve-2026-261... #infosec #cybersecurite #WindowsAdminCenter #Microsoft
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Ethical Hacking Consultores @ehcgroup.bsky.social
Microsoft revela una vulnerabilidad crítica en el Centro de administración de Windows (CVE-2026-26119). Atención! Una vulnerabilidad crítica en Windows Admin Center permite a atacantes tomar el control total del servidor. Actualiza ya. #ciberseguridad #cybersecurity www.linkedin.com/pulse/micros...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-29969

Overview

  • Microsoft
  • Windows 10 Version 1507
13 May 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.35%
KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)
  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] Discovery & Analysis of CVE-2025-29969 www.safebreach.com -> (Windows MS-EVEN RPC Remote Code Execution Vulnerability) Original->
  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Discovery & Analysis of CVE-2025-29969
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Tom Sellers @TomSellers

Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.

nvd.nist.gov/vuln/detail/CVE-2

The backing CVE data contains all of this:

cveawg.mitre.org/api/cve/CVE-2

  • 1
  • 3
  • 0
  • 14h ago
Profile picture fallback
Michael I Ransier @thecybermind

CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. thecybermind.co/2026/02/20/cve

thecybermind.co/2026/02/20/cve

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.09%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A proof-of-concept has been released for a Windows Notepad vulnerability (CVE-2026-20841) that allows malicious command execution by tricking users into opening a crafted Markdown file and clicking a link. Microsoft has patched this high-severity flaw in its February 2026 release, affecting Notepad versions 11.2508 and earlier.
cybersecuritynews.com/poc-wind

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad www.thezdi.com -> ZDI analysis of the notorious vuln Original->
  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.53%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Michael Brazda @omnipotens

CSS Cyberattacks

Hackers sneak malicious code into CSS to hide attacks, steal data & evade detection: injection for phishing, keylogging via selectors, clickjacking overlays, hidden malware, even zero-day Chrome flaw (CVE-2026-2441) patched Feb 2026.
Protect: sanitize inputs, strong CSP, keep updated, monitor traffic.

Stay safe

  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback
ekiledjian @edwardk

A proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome's Blink CSS engine that is actively being exploited in the wild. Users are urged to update Chrome immediately to the latest versions to patch this vulnerability.
cybersecuritynews.com/chrome-0

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-25315

Overview

  • hcaptcha
  • hCaptcha for WP
  • hcaptcha-for-forms-and-more
19 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Statistics

  • 3 Posts
Last activity: 6 hours ago

Bluesky

Profile picture fallback
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315… https://github.com/NixOS/nixpkgs/pull/492405 #security
  • 0
  • 0
  • 1
  • 17h ago
Profile picture fallback
nixpkgs prs bot @nixpkgs-prs-bot.bsky.social
#492496 [25.11] wordpressPackages.plugins.hcaptcha-for-forms-and-more: CVE-2026-25315 fix #492485 changedetection-io: 0.51.4 -> 0.53.5 #492483 erlang_26: 26.2.5.16 -> 26.2.5.17, erlang_27: 27.3.4.7 -> 27.3.4.8, erlang_28: 28.3.1 -> 28.3.2
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-26960

Overview

  • isaacs
  • node-tar
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV

Description

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26960 impacts tar in 8 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/428 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardl... https://www.cyberhub.blog/cves/CVE-2026-26960
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Rusty Shackleford @rusty__shackleford

Hacking like the 1990s (cvss 9.8) —
A Cold War Style Vulnerability in Modern VoIP
‏ Presented by LowLevelTV –

[Invidious](yewtu.be/watch?v=I4brAvpjbrg)
[YouTube](youtube.com/watch?v=I4brAvpjbrg)

Writeups:

Douglas McKee
[The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP](rapid7.com/blog/post/ve-phone-)

Stephen Fewer:
[CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones](rapid7.com/blog/post/ve-cve-20)

#hacking #voip #security #infosec #osint #cve #bug

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
CyberMaterial @cybermaterial.bsky.social
Grandstream VoIP Flaw Enables Eavesdropping Read More: buff.ly/TSDAjK1 #Grandstream #VoIPSecurity #CVE20262329 #RootAccess #TelecomSecurity #CriticalVulnerability #PatchNow #CyberAlert
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-26996

Overview

  • isaacs
  • minimatch
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26996 impacts minimatch in 10 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/427 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 18h ago
Showing 1 to 10 of 72 CVEs