BeyondTrust RCE flaw enables code execution without login

Kiswahili

A critical remote code execution vulnerability has been discovered in multiple BeyondTrust products. The flaw, rated 9.9 out of 10 in severity, allows hackers to run code on affected systems without needing to log in. The issue was reported on February 10, 2026.

Security researchers have identified a high-severity remote code execution (RCE) flaw in several products from BeyondTrust, a cybersecurity firm. According to TechRadar, this vulnerability permits unauthorized users to execute arbitrary code on vulnerable systems without authentication, posing significant risks to organizations relying on BeyondTrust's software for privileged access management.

The bug receives a CVSS score of 9.9 out of 10, indicating its critical nature due to potential for widespread exploitation. It affects multiple BeyondTrust offerings, though specific products were not detailed in the initial report. BeyondTrust has not yet issued a public response in the available information.

This discovery underscores ongoing challenges in securing enterprise software against sophisticated attacks. Organizations using BeyondTrust products are advised to monitor for patches, as no timeline for fixes was provided in the report published on February 10, 2026.

Makala yanayohusiana

Illustration of a Linux computer screen highlighting Amazon WorkSpaces vulnerability CVE-2025-12779, with security alert and hacker elements, for a news article on AWS security flaw.
Picha iliyoundwa na AI

Amazon discloses Linux WorkSpaces vulnerability in authentication tokens

Imeripotiwa na AI Picha iliyoundwa na AI

Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.

Zyxel warns of critical RCE flaw in over a dozen routers

Zyxel has issued a warning about a critical remote code execution (RCE) security flaw that could affect more than a dozen of its routers. The company has addressed a handful of concerning vulnerabilities in its devices. This update comes as part of ongoing efforts to secure networking equipment.

WatchGuard Firebox OS patches critical security flaw

Imeripotiwa na AI

WatchGuard has addressed a critical remote code execution vulnerability in its Firebox OS firewall software. The company urges users to update immediately to mitigate the risk. The flaw was identified by the firewall maker itself.

Teknolojia

HPE urges immediate patching of OneView after critical security flaw found

Teknolojia

North Korean hackers exploit maximum severity React2Shell flaw

Linux

React2Shell flaw exploited for PeerBlight malware on Linux

Chinese hackers install backdoors via Cisco email zero-day

Cisco Talos has detailed how a Chinese-linked group is exploiting an unpatched zero-day in email security appliances since late November 2025, deploying backdoors and log-wiping tools for persistent access.

China-nexus groups and cybercriminals ramp up React2Shell exploits

Imeripotiwa na AI

Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.

Huge data leak exposes 149 million credentials without protection

A massive data breach has come to light, involving 149 million credentials left exposed online. The 98GB cache includes unique usernames and passwords from financial services, social media, and dating apps. The discovery highlights ongoing vulnerabilities in digital security.

More than 40,000 WordPress sites affected by malware flaw

Imeripotiwa na AI

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

Jumatano, 11. Mwezi wa tatu 2026, 14:00:34

Google report warns of shifting cloud threat landscape

Jumatano, 18. Mwezi wa pili 2026, 11:16:48

Dell zero-day flaw unpatched for nearly two years

Alhamisi, 5. Mwezi wa pili 2026, 15:05:32

Critical flaws discovered in n8n workflow tool

Jumatano, 4. Mwezi wa pili 2026, 19:25:39

Russian hackers exploit Microsoft Office vulnerability days after patch

Jumanne, 27. Mwezi wa kwanza 2026, 23:02:25

Microsoft patches security flaw in Office software

Jumatano, 21. Mwezi wa kwanza 2026, 06:39:13

NVIDIA fixes critical flaw in NSIGHT Graphics for Linux

Jumanne, 13. Mwezi wa kwanza 2026, 14:43:27

US government urged to patch critical Gogs security flaw

Ijumaa, 9. Mwezi wa kwanza 2026, 07:35:39

IBM's AI Bob vulnerable to malware manipulation

Ijumaa, 19. Mwezi wa kumi na mbili 2025, 11:19:21

Cisco email security products targeted in zero-day campaign

Jumanne, 16. Mwezi wa kumi na mbili 2025, 23:12:04

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa