HEADLINES: Bleeping Computer Clips

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days.

• BeyondTrust provides identity security services to more than 20,000 customers across over 100 countries, including government agencies and 75% of Fortune 100 companies worldwide. 

CISA gives feds 3 days to patch actively exploited BeyondTrust flaw

By Sergiu Gatlan

 February 16, 2026

The Chinese hacking group has also targeted the Office of Foreign Assets Control (OFAC), which administers U.S. sanctions programs, and the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments for national security risks.

 

While BeyondTrust patched all Remote Support and Privileged Remote Access SaaS instances on February 2, 2026, on-premise customers must install patches manually. 

On Thursday, six days after BeyondTrust released CVE-2026-1731 security patches, watchTowr head of threat intelligence Ryan Dewhurst reported that attackers are now actively exploiting the security flaw, warning admins that unpatched devices should be assumed to be compromised.

Federal agencies ordered to patch immediately 
One day later, CISA confirmed Dewhurst's report, added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their BeyondTrust instances by the end of Monday, February 16, as mandated by Binding Operational Directive (BOD) 22-01.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," the U.S. cybersecurity agency warned. 

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."

CISA's warning comes on the heels of other BeyondTrust security flaws that were exploited to compromise the systems of U.S. government agencies.

For instance, the U.S. Treasury Department revealed two years ago that its network had been hacked in an incident linked to the Silk Typhoon,  a notorious Chinese state-backed cyberespionage group.

Silk Typhoon is believed to have exploited two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) to breach BeyondTrust's systems and later used a stolen API key to compromise 17 Remote Support SaaS instances, including the Treasury's instance.

LATEST ARTICLES

• 

  Washington Hotel in Japan discloses ransomware infection incident

  The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data.

  • Bill Toulas
  • February 16, 2026
  • 04:10 PM
  • 0
• 
  Security

  Eurail says stolen traveler data now up for sale on dark web

  Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web.

  • Bill Toulas
  • February 16, 2026
  • 02:19 PM
  • 0 
  •  
• 

  New Webinar: Defending Against Malicious Browser Extensions

  Attackers are doubling down on malicious browser extensions as their method of choice, stealing data, intercepting cookies and tokens, logging keystrokes, and more.

  Join Push Security for a teardown of malicious extension functionality, where you'll learn how to defend your organization from this growing attack vector.

• 
  Security

  Man arrested for demanding reward after accidental police data leak

  Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received "something in return."

  • Sergiu Gatlan
  • February 16, 2026
  • 02:13 PM
  • 0
• 
  Security, Artificial Intelligence

  Infostealer malware found stealing OpenClaw secrets for first time

  With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets.

  • Bill Toulas
  • February 16, 2026
  • 12:32 PM
  • 0
• 
  Security

  Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era

  Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices.

  • Passwork
  • February 16, 2026
  • 10:02 AM
  • 0

Security, Google

Google patches first Chrome zero-day exploited in attacks this year

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year.

• Sergiu Gatlan
• February 16, 2026
• 03:19 AM
• 0 
•  

Security

Canada Goose investigating as hackers leak 600K customer records

ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems.

• Ax Sharma
• February 15, 2026
• 11:45 PM
• 0

Security

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

• Lawrence Abrams
• February 15, 2026
• 07:29 PM
• 1 
•  

Microsoft

Windows 11 KB5077181 fixes boot failures linked to failed updates

Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an "UNMOUNTABLE_BOOT_VOLUME" error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday update.

• Lawrence Abrams
• February 15, 2026
• 05:08 PM
• 0

Security

CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups

CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems.

• CTM360
• February 15, 2026
• 11:30 AM
• 0

Security

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets.

• Lawrence Abrams
• February 15, 2026
• 10:17 AM
• 0

Deals

This refurbished Microsoft Surface Pro 6 is on sale for just $230

Portability and performance don't usually show up in the same sentence, but the Microsoft Surface Pro 6 manages to strike that balance surprisingly well. And it's on sale for just $229.99 (MSRP $849.99) while stock lasts.

• BleepingComputer Deals
• February 15, 2026
• 08:11 AM
• 0

Security

One threat actor responsible for 83% of recent Ivanti RCE attacks

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340.

• Bill Toulas
• February 14, 2026
• 11:02 AM
• 0

Security

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks.

• Lawrence Abrams
• February 14, 2026
• 10:15 AM
• 1

Deals

Pay once and get 1TB of Koofr cloud storage for life

Sick of paying for your cloud storage subscription every month? If you're looking for a more affordable and secure option, it's time to check out Koofr Cloud Storage. This service lets you pay once and enjoy 1TB of cloud storage forever with this lifetime subscription, and right now it's on sale for just $129.99 with code KOOFR.

• BleepingComputer Deals
• February 14, 2026
• 08:12 AM
• 0

Security, CryptoCurrency

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.

• Bill Toulas
• February 13, 2026
• 05:35 PM
• 0 

 

Security

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.

• Bill Toulas
• February 13, 2026
• 03:21 PM
• 0

Security, Legal

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers.

• Bill Toulas
• February 13, 2026
• 01:35 PM
• 0