CyberNews: 15/02/2026 Edition

Published by Dunateo on 2026-02-15

Today’s roundup

  • One threat actor responsible for 83% of recent Ivanti RCE attacks
  • Snail mail letters target Trezor and Ledger users in crypto-theft attacks
  • U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

    • Summary

    Threat intelligence observations indicate that a single threat actor is responsible for 83% of the active exploitation of two critical Remote Code Execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). These flaws are identified as CVE-2026-21962 and CVE-2026-24061.

    Cybercriminals are launching a physical phishing campaign, sending fake "snail mail" letters to users of cryptocurrency hardware wallets, including Trezor and Ledger. These deceptive letters attempt to trick recipients into revealing their recovery phrases to steal their digital assets.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1731, a critical pre-authentication remote code execution vulnerability (CVSS 9.9) affecting BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA) products, to its Known Exploited Vulnerabilities (KEV) catalog. BeyondTrust issued patches on February 6, 2026, but active exploitation attempts were detected by February 11, following the public release of a proof-of-concept exploit. Approximately 11,000 BeyondTrust instances are exposed online, and the exploiting threat actors are also observed targeting other high-value platforms such as SonicWall, MOVEit, and Log4j. CISA has mandated federal agencies to address this vulnerability by February 16, 2026.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-21962 Critical
    CVE-2026-24061 Critical
    CVE-2026-1731 Critical