Tag

#remote-access

2 posts tagged #remote-access.

Analysis · May 20, 2026 · Colten Anderson

The other half of the ScreenConnect chain just got a 2026 deadline

CVE-2024-1709 got the CVSS 10 and the headlines in February 2024. The path-traversal half that actually lands code execution, CVE-2024-1708, only got its own KEV deadline on April 28, 2026. Two years late, same chain.
Analysis · May 5, 2026 · Colten Anderson

BeyondTrust RS/PRA hit again. Same endpoint, same bug class, 15 months later.

The researcher who found CVE-2026-1731 did it by asking one question about the December 2024 fix: did the same pattern exist elsewhere? It did. Third critical BeyondTrust RCE in 15 months, confirmed ransomware, CISA gave you 3 days.