Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst, Head of Threat Intelligence at watchTowr, confirmed on Thursday. Rapid7 researchers published a technical analysis and proof-of-concept (PoC) exploit for CVE-2026-1731 on Tuesday, Feb. 10. Defused Cyber and GreyNoise have also detected widespread reconnaissance and limited exploitation activity. “So far … More → The post Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731) appeared first on Help Net Security .