A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online.

Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 and earlier.

BeyondTrust disclosed the vulnerability on February 6, warning that unauthenticated attackers could exploit it by sending specially crafted client requests.

“BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests,” explained BeyondTrust.

“Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.”

BeyondTrust automatically patched all Remote Support and Privileged Remote Access SaaS instances on February 2, 2026, but on-premise customers must install patches manually.

CVE-2026-1731 is now exploited in the wild

Hacktron discovered the vulnerability and responsibly disclosed it to BeyondTrust on January 31.

Hacktron says approximately 11,000 BeyondTrust Remote Support instances were exposed online, with around 8,500 on-premises deployments.

Ryan Dewhurst, head of threat intelligence at watchTowr, now reports that attackers have begun actively exploiting the vulnerability, warning that if devices are not patched, they should be assumed to be compromised.

“Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Dewhurst posted on X.

“Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel.”

This exploitation comes a day after a proof-of-concept exploit was published on GitHub targeting the same /get_portal_info endpoint.

The attacks target exposed BeyondTrust portals to retrieve the ‘X-Ns-Company‘ identifier, which is then used to create a websocket to the targeted device. This allows the attackers to execute commands on vulnerable systems.

Organizations using self-hosted BeyondTrust Remote Support or Privileged Remote Access appliances should immediately apply available patches or upgrade to the latest versions.

BleepingComputer contacted BeyondTrust and Dewhurst to ask if they had any details on post-exploitation activity and will update this story if we receive a response.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

It’s rare that I spot something at the grocery store that makes my heart cry out with unbridled, capitalistic desire. Yes, both the wine and fancy cheese departments sometimes have fun finds, but otherwise, there are only so many ways to remix the foodstuff canon. 

It wasn’t something edible that recently caught my eye, though, but rather a genius bit of infrastructure. And it was brightly colored packaging, in fact, but not in the processed-food department or the produce aisle. I spotted them in a fellow shopper’s cart: four technicolor shopping bags, one of them insulated, designed to fit inside the grocery cart, with overhanging handles that keep them open and in place while you shop. 

Simple. Genius. How did I not realize that these were missing in my life?

The rainbow colors are certainly what grabbed my attention here, but once my brain processed what I was seeing, it was my type-A heart that decided I must have them. (I enthusiastically stopped the owner to ask if I could take a picture, as though they were a quartet of puppies and not shopping bags.) 

Surely for a highly organized, competitive personality, efficiently sorting one’s grocery purchases into their shopping bags while parading the well-stocked aisles is about as much fun as one can have in the grocery store outside of contestantship on Supermarket Sweep. (The spice rack, you fools! Go to the spice rack!)

Bags designed for grocery cart organization in real time

There are plenty of reusable grocery shopping bags that are sturdy enough to situate inside your cart, but to maximize space and organization, look for those called “cart bags,” “cart caddies” or “trolley bags,” which also offer the added bonus of making grocery shopping sound like a fun outing more than a weekly chore. 

Advertisement

There are numerous designs and layouts here to choose from: Some have clip-on cart handles that retract, some have separate, removable clips, and others are outfitted with dowels that overhang the sides of the cart, which are then stored in what looks rather like a tent roll. (Again, adventure, not tedium.) Not every set comes with an insulated bag, and some brands feature bags that are all the same color. (Presumably so you don’t attract the attention of people like me who treat the grocery store like a fact-finding mission.) 

You do you with regard to these various options, but here are several sets available on Amazon, all around the $30 to $40 range:

Advertisement

Sort as you shop

Perhaps your kitchen pantry, like mine, isn’t exactly designed with grocery aisle layouts in mind. Things that sit side by side on retail shelves often live in opposite corners in real life. “Snacks,” for example, are relegated to various shelves in my kitchen based on factors that I don’t know you well enough to divulge here. 

Perhaps you get sniffy about cleaning products sharing bag space, or even cart space, with fresh produce. Perhaps you have numerous errands to run when you grocery shop, and you’re wondering about the condition of your refrigerated or frozen items once you leave the store. These bags create order for all of this potential chaos, real or imagined.

Advertisement

The real beauty of these bags is that you can sort your groceries in real time, according to whatever system makes sense to you. (See “snacks,” above.) This is also the argument for multi-colored bags, which let you assign groceries to their appropriate bags, saving you time at the putting-away stage of grocery acquisition. 

I’m sure I don’t need to mention that these are also environment-positive, if you’re not already in the reusable grocery bag game. A dedicated, ventilated bag for all your produce may even preclude the need to wrestle with the uncooperative produce aisle bag roll. Safe in their own color-coordinated zone, your lettuces and broccoli crowns won’t mingle with anything you don’t want them to touch. 

Use with scan-as-you-go apps for extreme efficiency

Advertisement

Checking out and repacking your groceries becomes that much more sane when everything is already sorted in a like-with-like format. I realize this only amounts to mere minutes of your life, but for many of us, those minutes add up, not even over the course of a lifetime but in the course of a day, and a little bit of extra sanity can go a very long way in turbulent times.

If your grocery store has an app or device that allows you to scan as you go, now you’re really in a high-efficiency grocery zone. Like TSA Pre-check, except for the kind of elite grocery shoppers who would never double-park their cart in a high-traffic aisle. Those programs, which preclude even the need for checking out in any time-sucking sense, plus your pre-sorted groceries in these bags, amount to just about the pinnacle of what in-person grocery shopping can aspire to.

A Dutch appeal court also upheld an October decision to suspend the company’s Chinese CEO Zhang Xuezheng.

Nexperia’s Chinese owner Wingtech was unable to sway the Amsterdam Court of Appeal and regain control of the Dutch chipmaker that plays a vital role in the global automotive industry.

As per a translated press release published yesterday (11 February), the court’s enterprise chamber instead ordered an investigation into Nexperia, citing “well-founded reasons to doubt a proper policy and proper course of affairs” at the company.

The court also upheld an October decision to suspend the company’s Chinese CEO Zhang Xuezheng and hand control off to EU-based directors. Xuezheng’s shares were handed over to a trust, but he still retained economic benefits.

Nexperia’s seizure began in September last year when the Dutch government invoked the rarely used Goods Availability Act, pointing to “serious governance shortcomings” at the company.

The Netherlands believed that alleged mismanagement at Nexperia posed a “threat” to Europe’s semiconductor capabilities.

Responding to the seizure, China halted Nexperia chip exports in early October, which resulted in a disruption affecting nearly three-quarters of the company’s output. On 9 November, however, the export ban was lifted.

In a statement issued that month, the Dutch government said that concerns around Nexperia stemmed from the now-suspended CEO who took part in the “improper transfer of product assets, funds, technology and knowledge to a foreign entity”.

Nexperia’s Chinese and European arms have stopped collaborating since the seizure, and despite signs of easing tensions in November, issues between the parties still persist.

The Dutch company stopped shipping silicon wafers to its Chinese subsidiary last year, claiming the local unit refused to make payments. According to the Financial Times, customers are now purchasing wafers from the European unit and sending them to the Chinese unit for assembly themselves.

Nexperia supplies chips to the likes of Volvo, JLR and Volkswagen.

In its order following the public hearing of 14 January, the Dutch court found “indications that careless action was taken with a conflicting interest” at Nexperia.

It said that Xuezheng changed company strategies without consulting other board members. In a hearing last month, Nexperia’s lawyers claimed that Zhang was moving equipment to China and used its assets for Wing Systems, a different company he owned.

Responding to yesterday’s orders, Nexperia said it welcomed the ruling and is committed to fully complying with the investigation.

“Despite the challenging situation, our underlying business continues to be healthy and resilient and we remain committed to being a strong, reliable partner for all our stakeholders, including customers,” it said.

The Dutch-headquartered Nexperia – an offshoot of NXP – was acquired by China’s contract manufacturing giant Wingtech Technology in 2018.

Last year’s takeover has caused a severe strain in the relationship between parent company Wingtech and Nexperia, who have accused each other of disrupting operations and destabilising business.

In 2024, the US government added Wingtech to its Entity List – a designation given to companies that could pose a risk to the country’s national security. In 2022, the UK government ordered Wingtech-owned Nexperia to undo its acquisition of the Newport Wafer Fab, citing a national security risk.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

from the fuck-everyone-but-us-policy-still-in-play dept

The DHS and its components want to find non-white people to deport by any means necessary. Of course, “necessary” is something that’s on a continually sliding scale with Trump back in office, which means everything (legal or not) is “necessary” if it can help White House advisor Stephen Miller hit his self-imposed 3,000 arrests per day goal.

As was reported last week, DHS components (ICE, CBP) are using a web app that supposedly can identify people and link them with citizenship documents. As has always been the case with DHS components (dating back to the Obama era), the rule of thumb is “deploy first, compile legally-required paperwork later.” The pattern has never changed. ICE, CBP, etc. acquire new tech, hand it out to agents, and much later — if ever — the agencies compile and publish their legally-required Privacy Impact Assessments (PIAs).

PIAs are supposed to precede deployments of new tech that might have an impact on privacy rights and other civil liberties. In almost every case, the tech has been deployed far ahead of the precedential paperwork.

As one would expect, the Trump administration was never going to be the one to ensure the paperwork arrived ahead of the deployment. As we covered recently, both ICE and CBP are using tech provided by NEC called “Mobile Fortify” to identify migrants who are possibly subject to removal, even though neither agency has bothered to publish a Privacy Impact Assessment.

As Wired reported, the app is being used widely by officers working with both agencies, despite both agencies making it clear they don’t have the proper paperwork in place to justify these deployments.

While CBP says there are “sufficient monitoring protocols” in place for the app, ICE says that the development of monitoring protocols is in progress, and that it will identify potential impacts during an AI impact assessment. According to guidance from the Office of Management and Budget, which was issued before the inventory says the app was deployed for either CBP or ICE, agencies are supposed to complete an AI impact assessment before deploying any high-impact use case. Both CBP and ICE say the app is “high-impact” and “deployed.”

While this is obviously concerning, it would be far less concerning if we weren’t dealing with an administration that has told immigration officers that they don’t need warrants to enter houses or effect arrests. And it would be insanely less concerning if we weren’t dealing with an administration that has claimed that simply observing or reporting on immigration enforcement efforts is an act of terrorism.

Officers working for the combined forces of bigotry d/b/a/ “immigration enforcement” know they’re safe. The Supreme Court has ensured they’re safe by making it impossible to sue federal officers. And the people running immigration-related agencies have made it clear they don’t even care if the ends justify the means.

These facts make what’s reported here even worse, especially when officers are using the app to “identify” pretty much anyone they can point a smartphone at.

Despite DHS repeatedly framing Mobile Fortify as a tool for identifying people through facial recognition, however, the app does not actually “verify” the identities of people stopped by federal immigration agents—a well-known limitation of the technology and a function of how Mobile Fortify is designed and used.

[…]

Records reviewed by WIRED also show that DHS’s hasty approval of Fortify last May was enabled by dismantling centralized privacy reviews and quietly removing department-wide limits on facial recognition—changes overseen by a former Heritage Foundation lawyer and Project 2025 contributor, who now serves in a senior DHS privacy role.

Even if you’re the sort of prick who thinks whatever happens to non-citizens is deserved due to their alleged violation of civil statutes, one would hope you’d actually care what happens to your fellow citizens. I mean, one would hope, but even the federal government doesn’t care what happens to US citizens if they happen to be unsupportive of Trump’s migrant-targeting crime wave.

DHS—which has declined to detail the methods and tools that agents are using, despite repeated calls from oversight officials and nonprofit privacy watchdogs—has used Mobile Fortify to scan the faces not only of “targeted individuals,” but also people later confirmed to be US citizens and others who were observing or protesting enforcement activity.

TLDR and all that: DHS knows this tool performs worst in the situations where it’s used most. DHS and its components also knew they were supposed to produce PIAs before deploying privacy-impacting tech. And DHS knows its agencies are not only misusing the tech to convert AI shrugs into probable cause, but are using it to identify people protesting or observing their efforts, which means this tech is also a potential tool of unlawful retribution.

There’s nothing left to be discussed. This tech will continue to be used because it can turn bad photos into migrant arrests. And its off-label use is just as effective: it allows ICE and CBP agents to identify protesters and observers, even as DHS officials continue to claim doxing should be a federal offense if they’re not the ones doing it. Everything about this is bullshit. But bullshit is all this administration has.

Filed Under: border patrol, cbp, dhs, facial recognition tech, ice, privacy impact assessment, surveillance, trump administration

Companies: mobile fortify, nec

Dell‘s Presidents’ Day sale is happening this week, so I’ve asked TechRadar’s own computing experts to hand-pick their favorite deals. You can find discounts on award-winning Dell laptops, monitors, and desktops at prices comparable to those in its Black Friday sale.

• Shop Dell’s full Presidents’ Day sale

You’ll find our favorite laptop deals first, including the budget Dell 15 laptop for only $329.99, the powerful XPS 13 laptop for $949.99, and the versatile Inspiron 14 2-In-1 Laptop for $499.99.

If you’re looking for a cheap monitor for your home office, Dell has this 24-inch model for only $89.99, and gamers can get this 34-inch curved Alienware monitor for $349.99.

Last but not least, Dell is also offering discounts on its desktops, and our favorite is a whopping $470 off the Dell Tower Desktop.

Dell designs some of the best laptops on the market, and today’s offers make them even more affordable. Dell’s Presidents’ Day deals are limited-time offers, and all offers will expire at Midnight on Presidents’ Day proper (Monday, February 16).

Dell’s best laptop deals

TikTok has introduced a new Local Feed for US users. It uses precise GPS data to surface nearby content, mirroring the Nearby Feed that launched in the UK and Europe last year.

Local Feeds should appear as a tab on the home screen once enabled. TikTok says the feed will highlight posts related to travel, events, restaurants, shopping, and local creators. Small businesses also gain visibility, making the feature a potential tool for local discovery.

The rollout comes shortly after TikTok’s US app faced a major outage. The company blamed a “cascading systems failure” for the disruption. Local Feeds mark the first new feature since TikTok’s ownership change last month.

MicroLEDs, with pixels just micrometers across, have long been a byword in the display world. Now, microLED-makers have begun shrinking their creations into the uncharted nano realm. In January, a startup named Polar Light Technologies unveiled prototype blue LEDs less than 500 nanometers across. This raises a tempting question: How far can LEDs shrink?

We know the answer is, at least, considerably smaller. In the past year, two different research groups have demonstrated LED pixels at sizes of 100 nm or less.

These are some of the smallest LEDs ever created. They leave much to be desired in their efficiency—but one day, nanoLEDs could power ultra-high-resolution virtual reality displays and high-bandwidth on-chip photonics. And the key to making even tinier LEDs, if these early attempts are any precedents, may be to make more unusual LEDs.

New Approaches to LED

Take Polar Light’s example. Like many LEDs, the Sweden-based startup’s diodes are fashioned from III-V semiconductors like gallium nitride (GaN) and indium gallium nitride (InGaN). Unlike many LEDs, which are etched into their semiconductor from the top down, Polar Light’s are instead fabricated by building peculiarly shaped hexagonal pyramids from the bottom up.

Polar Light designed its pyramids for the larger microLED market, and plans to start commercial production in late 2026. But they also wanted to test how small their pyramids could shrink. So far, they’ve made pyramids 300 nm across. “We haven’t reached the limit, yet,” says Oskar Fajerson, Polar Light’s CEO. “Do we know the limit? No, we don’t, but we can [make] them smaller.”

Elsewhere, researchers have already done that. Some of the world’s tiniest LEDs come from groups who have foregone the standard III-V semiconductors in favor of other types of LEDs—like OLEDs.

“We are thinking of a different pathway for organic semiconductors,” says Chih-Jen Shih, a chemical engineer at ETH Zurich in Switzerland. Shih and his colleagues were interested in finding a way to fabricate small OLEDs at scale. Using an electron-beam lithography-based technique, they crafted arrays of green OLEDs with pixels as small as 100 nm across.

Where today’s best displays have 14,000 pixels per inch, these nanoLEDs—presented in an October 2025 Nature Photonics paper—can reach 100,000 pixels per inch.

Another group tried their hands with perovskites, cage-shaped materials best-known for their prowess in high-efficiency solar panels. Perovskites have recently gained traction in LEDs too. “We wanted to see what would happen if we make perovskite LEDs smaller, all the way down to the micrometer and nanometer length-scale,” says Dawei Di, engineer at Zhejiang University in Hangzhou, China.

Di’s group started with comparatively colossal perovskite LED pixels, measuring hundreds of micrometers. Then, they fabricated sequences of smaller and smaller pixels, each tinier than the last. Even after the 1 μm mark, they did not stop: 890 nm, then 440 nm, only bottoming out at 90 nm. These 90 nm red and green pixels, presented in a March 2025 Nature paper, likely represent the smallest LEDs reported to date.

Efficiency Challenges

Unfortunately, small size comes at a cost: Shrinking LEDs also shrinks their efficiency. Di’s group’s perovskite nanoLEDs have external quantum efficiencies—a measure of how many injected electrons are converted into photons—around 5 to 10 percent; Shih’s group’s nano-OLED arrays performed slightly better, topping 13 percent. For comparison, a typical millimeter-sized III-V LED can reach 50 to 70 percent, depending on its color.

Shih, however, is optimistic that modifying how nano-OLEDs are made can boost their efficiency. “In principle, you can achieve 30 percent, 40 percent external quantum efficiency with OLEDs, even with a smaller pixel, but it takes time to optimize the process,” Shih says.

Di thinks that researchers could take perovskite nanoLEDs to less dire efficiencies by tinkering with the material. Although his group is now focusing on the larger perovskite microLEDs, Di expects researchers will eventually reckon with nanoLEDs’ efficiency gap. If applications of smaller LEDs become appealing, “this issue could become increasingly important,” Di says.

What Can NanoLEDs Be Used For?

What can you actually do with LEDs this small? Today, the push for tinier pixels largely comes from devices like smart glasses and virtual reality headsets. Makers of these displays are hungry for smaller and smaller pixels in a chase for bleeding-edge picture quality with low power consumption (one reason that efficiency is important). Polar Light’s Fajerson says that smart-glass manufacturers today are already seeking 3 μm pixels.

But researchers are skeptical that VR displays will ever need pixels smaller than around 1 μm. Shrink pixels too far beyond that, and they’ll cross their light’s diffraction limit—that means they’ll become too small for the human eye to resolve. Shih’s and Di’s groups have already crossed the limit with their 100-nm and 90-nm pixels.

Very tiny LEDs may instead find use in on-chip photonics systems, allowing the likes of AI data centers to communicate with greater bandwidths than they can today. Chip manufacturing giant TSMC is already trying out microLED interconnects, and it’s easy to imagine chipmakers turning to even smaller LEDs in the future.

But the tiniest nanoLEDs may have even more exotic applications, because they’re smaller than the wavelengths of their light. “From a process point of view, you are making a new component that was not possible in the past,” Shih says.

For example, Shih’s group showed their nano-OLEDs could form a metasurface—a structure that uses its pixels’ nano-sizes to control how each pixel interacts with its neighbors. One day, similar devices could focus nanoLED light into laser-like beams or create holographic 3D nanoLED displays.

The head of the antitrust division is out at the US Department of Justice. Gail Slater, a former JD Vance adviser and Fox Corp VP, reportedly clashed with Attorney General Pam Bondi. Their longstanding feud is said to have centered around Slater’s skepticism of corporate mergers.

“It is with great sadness and abiding hope that I leave my role as [Assistant Attorney General] for Antitrust today,” Slater posted on X. “It was indeed the honor of a lifetime to serve in this role.”

Although Slater technically resigned, The Guardian reports that she was forced out. The fallout was said to be over her differences with Bondi (who just yesterday yelled, insulted and deflected her way through a hearing over the DOJ’s stonewalling of the Epstein files). In recent weeks, Bondi reportedly reiterated to the White House that Slater’s views on the antitrust division’s direction made the pair’s relationship irreconcilable.

The tensions reportedly began simmering last summer, when Slater sought to block the merger between Hewlett-Packard Enterprise and Juniper Networks. She opposed the deal out of concerns that it would create a duopoly in cloud computing and wireless networking. In addition, Slater reportedly told Bondi that US intelligence hadn’t raised any concerns about blocking the merger. However, CIA Director John Ratcliffe later claimed that blocking it would pose national security risks because it could lead to the loss of business to China. The Trump administration’s merger-friendly DOJ ultimately approved the deal.

Alongside Bondi, Slater was overseeing the DOJ’s review of Netflix’s proposed acquisition of Warner Bros. Discovery. In December, Trump said he would be involved in the regulatory review. That followed intense lobbying by Netflix and Paramount, the latter of which launched a hostile takeover bid. Earlier this month, The Wall Street Journal reported that the department was investigating whether Netflix was involved in anticompetitive practices during the process.

Slater’s ousting also comes weeks ahead of the DOJ’s antitrust trial against Ticketmaster owner Live Nation. The department’s lawsuit was filed during the Biden administration. It claims that Live Nation is operating as a monopoly, harming competition, fans, industry promoters and artists.