However, the cybersecurity community has been seeing evidence of the flaw being in the crosshairs of ransomware gangs.SecureCyber, which called it “pre-ransomware positioning”,reporteda few days ago that it had been “tracking ransomware crews who are circling defense contractors and local governments again trying to take advantage of [CVE-2026-1731]”.Palo Alto Networks on Thursday said it has seen anincrease in attacksexploiting the BeyondTrust vulnerability.The security firm has observed attackers conducting reconnaissance, stealing data, moving laterally, and deploying web shells, remote management tools, and backdoors.Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France.Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
SecureCyber, which called it “pre-ransomware positioning”,reporteda few days ago that it had been “tracking ransomware crews who are circling defense contractors and local governments again trying to take advantage of [CVE-2026-1731]”.Palo Alto Networks on Thursday said it has seen anincrease in attacksexploiting the BeyondTrust vulnerability.The security firm has observed attackers conducting reconnaissance, stealing data, moving laterally, and deploying web shells, remote management tools, and backdoors.Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France.Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Palo Alto Networks on Thursday said it has seen anincrease in attacksexploiting the BeyondTrust vulnerability.The security firm has observed attackers conducting reconnaissance, stealing data, moving laterally, and deploying web shells, remote management tools, and backdoors.Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France.Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
The security firm has observed attackers conducting reconnaissance, stealing data, moving laterally, and deploying web shells, remote management tools, and backdoors.Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France.Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Attacks have targeted organizations in the financial services, high-tech, healthcare, higher education, legal services, and retail sectors across the US, Canada, Australia, Germany, and France.Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Palo Alto Networks has mentioned the delivery of malware such as SparkRAT and the VShell Linux backdoor, but has not mentioned any ransomware attacks.Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Related:CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Related:CISA Warns of Exploited SolarWinds, Notepad++, Microsoft VulnerabilitiesRelated:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Source: SecurityWeek
