Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical BeyondTrust Flaw Exploited by Hackers

Critical BeyondTrust Flaw Exploited by Hackers

Posted on February 20, 2026 By CWS

A severe security flaw in BeyondTrust’s remote support software is currently being exploited by cybercriminals to introduce harmful backdoors into vulnerable systems.

The Critical Vulnerability

Identified as CVE-2026-1731, this vulnerability has a CVSS score of 9.9, allowing attackers to execute system commands without authentication. BeyondTrust confirmed the flaw on February 6, 2026, highlighting it as an OS command injection vulnerability in the thin-scc-wrapper component, which is exposed to network attacks via WebSocket.

This vulnerability is actively being targeted across multiple sectors, including finance, healthcare, legal, education, and technology firms, with affected regions covering the United States, France, Germany, Australia, and Canada.

Active Exploitation and Impact

Palo Alto Networks’ Unit 42 has tracked over 10,600 instances of active exploitation, with attackers quickly advancing from initial access to complete system control. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1731 to its Known Exploited Vulnerabilities Catalog, urging immediate remediation by federal agencies and commercial organizations.

The exploitation campaign involves two main backdoors: SparkRAT, a Go-based remote access Trojan linked to the DragonSpark group, and VShell, a Linux backdoor known for its stealth execution capabilities.

Infection Chain and Mitigation Measures

The attack sequence begins with a threat actor establishing a WebSocket connection to the affected system, submitting a manipulated remoteVersion value that triggers the vulnerability. This malformed input is processed by the thin-scc-wrapper script, leading to the execution of malicious commands.

Subsequent steps involve deploying a compact PHP web shell and a multi-vector shell named aws.php, followed by a bash dropper that plants a password-protected backdoor and temporarily alters Apache configurations to conceal activities.

BeyondTrust advises all users to apply the latest patches for Remote Support and Privileged Remote Access software and upgrade to versions 25.3.2 and 25.1.1, respectively. Older versions should also be updated to ensure security compliance.

Stay informed by following us on Google News, LinkedIn, and X for real-time updates, and consider setting us as a preferred source in Google for continuous cybersecurity news.

Cyber Security News Tags:APT27, Backdoor, BeyondTrust, CISA, CVE-2026-1731, Cybersecurity, Hacking, Remote Support, security patch, SparkRAT, VSHell, Vulnerability

Post navigation

Previous Post: Windows Notepad Vulnerability Fixed in February Update
Next Post: FBI Alerts on $20M ATM Jackpotting Losses in 2025

Related Posts

FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code Cyber Security News
New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer Cyber Security News
ACSC Raises Alarm on CMS Exploitation Threat ACSC Raises Alarm on CMS Exploitation Threat Cyber Security News
Silver Fox Exploits EV Certificates in Malware Attack Silver Fox Exploits EV Certificates in Malware Attack Cyber Security News
Ransomware Negotiation When and How to Engage Attackers Ransomware Negotiation When and How to Engage Attackers Cyber Security News
NANOREMOTE Malware Leverages  Google Drive API for Command-and-Control (C2) to Attack Windows Systems NANOREMOTE Malware Leverages  Google Drive API for Command-and-Control (C2) to Attack Windows Systems Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark