Hackers Target BeyondTrust Flaw Within Hours of Exploit Code Release

Cybercriminals exploit BeyondTrust vulnerability CVE-2026-1731 within 24 hours, emphasizing urgent need for immediate enterprise updates.

By Content Team

Feb 13, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals began exploiting a critical BeyondTrust vulnerability just 24 hours after proof-of-concept code went public on February 10. The flaw, CVE-2026-1731, allows unauthenticated remote code execution in BeyondTrust Remote Support and Privileged Remote Access products used widely in enterprise environments.

Hacktron AI researchers found roughly 11,000 exposed instances online, including 8,500 on-premises deployments. GreyNoise detected attacks from multiple IP addresses, with one Frankfurt-based VPN accounting for 86% of reconnaissance activity.

The same threat actors previously targeted SonicWall, MOVEit, Apache, and Sophos vulnerabilities. BeyondTrust released patches on February 6, but the rapid exploitation highlights the critical need for immediate updates in enterprise remote access systems.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025

Google Rushes Chrome Security Update to Fix Critical WebView Vulnerability

Jan 7, 2026

'PackageGate' Vulnerabilities Expose JavaScript Package Managers to Supply Chain Attacks

Jan 27, 2026

Critical Zero-Click Flaw Lets Hackers Hijack FreeScout Mail Servers

Mar 6, 2026