Remote Code Execution
CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. The security issue affects BeyondTrust’s Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or earlier, and can be exploited for remote code execution. CISA added it to the Known Exploited Vulnerabilities (KEV) […]
Flaw in Grandstream VoIP phones allows stealthy eavesdropping
A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. VoIP communication equipment from Grandstream Networks is being used by small and medium businesses. The maker’s GXP product line is part of the company’s high-end offering for businesses, schools, hotels, and Internet Telephony Service Providers (ITSP) around the […]
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. BeyondTrust provides identity security services to more than 20,000 customers across over 100 countries, including government agencies and 75% of Fortune 100 companies worldwide. Tracked as CVE-2026-1731, this remote code […]
One threat actor responsible for 83% of recent Ivanti RCE attacks
Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340. The security issues have been flagged as actively exploited in zero-day attacks in Ivanti’s security advisory, where the company also announced hotfixes. Both flaws received a critical severity rating and […]
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and […]
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 […]
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. The security issue is tracked as CVE-2026-1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead […]
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular […]
BeyondTrust warns of critical RCE flaw in remote support software
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. Tracked as CVE-2026-1731, this pre-authentication remote code execution vulnerability stems from an OS command injection weakness discovered by Harsh Jaiswal and the Hacktron AI team, and it […]
CISA warns of SmarterMail RCE flaw used in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that ransomware actors are exploiting CVE-2026-24423, a critical vulnerability in SmarterMail that allows remote code execution without authentication. SmarterMail is a self-hosted, Windows-based email server and collaboration platform from SmarterTools. The product provides SMTP/IMAP/POP mail services along with webmail, calendars, contacts, and basic groupware functionality. It is commonly […]