Originally reported by Security Affairs, The Record
TL;DR
Attackers are actively exploiting a critical 9.9 CVSS vulnerability in BeyondTrust remote access products to deploy backdoors and move laterally through networks. Meanwhile, a Romanian cybercriminal pleaded guilty to selling admin access to Oregon's emergency management network for Bitcoin.
CVE-2026-1731 has a CVSS score of 9.9 and is being actively exploited in the wild against enterprise remote access products, representing an immediate critical threat to organizations.
The digital perimeter continues to deteriorate as threat actors intensify attacks on remote access infrastructure while cybercriminals face consequences for breaching critical state systems.
Threat actors are actively exploiting CVE-2026-1731, a critical vulnerability with a CVSS score of 9.9 in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. According to Security Affairs, attackers are leveraging this flaw to deploy VShell backdoors, establish persistence, and conduct lateral movement within compromised networks.
The vulnerability's near-maximum severity score reflects its potential for complete system compromise without authentication. Organizations running BeyondTrust products should prioritize patching immediately, as the active exploitation indicates widespread threat actor awareness and tooling.
Catalin Dragomir, a 45-year-old Romanian national, pleaded guilty in U.S. federal court to selling unauthorized administrative access to Oregon's state emergency management network. Security Affairs reports that Dragomir gained initial access in June 2021 and subsequently sold the access for $3,000 in Bitcoin.
The breach targeted critical emergency management infrastructure, highlighting the vulnerability of state government networks to foreign cybercriminals. Dragomir repeatedly accessed the network to demonstrate control to potential buyers, underscoring the brazen nature of the operation.
Air Côte d'Ivoire confirmed a cyberattack on February 8 following claims by the INC ransomware group. The Record reports that the threat actors claim to have exfiltrated 208 GB of data from the West African airline.
The attack represents another instance of ransomware groups targeting critical transportation infrastructure. The airline's confirmation came only after the ransomware group made public claims about the breach, suggesting potential negotiations or extortion attempts may have preceded the public disclosure.
Global data protection authorities issued a joint statement warning generative AI companies against creating realistic depictions of real individuals without consent. The Record notes this follows incidents where the Grok AI chatbot generated and shared millions of "nudified" images of real people.
While not a direct cybersecurity threat, the warning highlights emerging privacy and consent challenges as AI capabilities advance, potentially creating new vectors for harassment and reputation damage.
Originally reported by Security Affairs, The Record