#globalprotect

#globalprotect

"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company said in an advisory released February 6, 2026. "By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user." The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier CVE-2026-1731.

This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Zero trust is not a thing; it is an idea. It is not a product; it is a concept - it is a destination that has no precise route and may never be reached. But it is described very succinctly: trust nothing until the trust is justified. Justification starts with verifying every subject's identity and authority. This is the single constant in all zero trust journeys: they start with the subject's identity. Zero trust's reliance on identity, and identity's reliance on AI Two questions. Can you have zero trust without effective identity verification? No. Can you have effective identity verification in the age of AI? Maybe, and maybe not.

Palo Alto Networks has officially completed its $25 billion acquisition of CyberArk. Identity security will now become a core pillar of Palo Alto's platform offering. The deal, announced in July 2025, was completed faster than expected due to German approval. The acquisition adds more than 10,000 CyberArk customers to Palo Alto's customer base. These organizations use the platform for identity security, with a focus on Privileged Access Management. The offering focuses on securing human, machine, and AI identities.