Find notable cyber news and cases, enriched with sources, timelines, and signals.

BeyondTrust Remote Support and Privileged Remote Access critical fixes

Security Patch Release
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

BeyondTrust released RS 25.3.3 and PRA 25.3.3 to fix four critical vulnerabilities in its remote-access appliances, including pre-authentication access-control bypass issues that could let unauthenticated attackers gain unauthorized access. The patch bundle also addresses a denial-of-service flaw and a limited-privilege authorization bypass issue affecting susceptible deployments.

Related Happenings

Microsoft April 2026 Patch Tuesday security update (165 CVEs)

Security Patch Release
H score62 First: 15.04.2026 00:22 Last: 15.04.2026 00:22 Sources 1

About this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...

Storm-1175 high-tempo Medusa ransomware campaign

Campaign
H score59 First: 07.04.2026 13:02 Last: 07.04.2026 13:02 Sources 1

About this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...

Storm-1175 high-velocity zero-day and N-day intrusion campaign

Campaign
H score44 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
H score46 First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

CISA updates KEV entry for CVE-2026-1731

Public Sector Action
H score36 First: 20.02.2026 17:45 Last: 20.02.2026 17:45 Sources 1

About this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...

Timeline

  1. 07.07.2026 08:16 2 articles · 2d ago

    BeyondTrust patches Remote Support and Privileged Remote Access critical flaws

    Mitigation Patch Update

    BeyondTrust released updates for Remote Support RS and Privileged Remote Access PRA to fix four critical vulnerabilities, including CVE-2026-40138 and CVE-2026-40139 pre-authentication access-control bypass issues, CVE-2026-40140 for denial of service, and CVE-2026-40141 for unintended data or resource access. The fixes apply to RS 25.3.2 or lower and PRA 25.3.2 or lower, with remediation available in RS 25.3.3 and PRA 25.3.3; BeyondTrust said it identified the issues internally with assistance from Anthropic Claude Opus 4.8 and proprietary research tooling and did not mention in-the-wild exploitation.

    Show sources