Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

A critical pre-authentication command injection vulnerability (CVE-2026-1731) in BeyondTrust Remote Support is being actively exploited to compromise self-hosted deployments and Bomgar appliances. Arctic Wolf researchers detected attacks where threat actors deployed SimpleHelp RMM tools, created domain admin accounts, and performed lateral movement across networks. Many affected Bomgar B-series appliances have reached end of life, complicating patching efforts. A public proof-of-concept exploit has accelerated attacks, making these remote access solutions attractive targets for state-sponsored actors and ransomware groups.

Critical BeyondTrust RS vulnerability exploited in active attacks