FlagThis

The eSentire Threat Intelligence team has observed a notable spike in the use of NetSupport RAT (Remote Access Trojan) in multiple recent incidents since January 2025. This increase is observed in attacks that involved the emerging “ClickFix” initial access vector. Cybercriminals weaponize it to gain full control over victim systems, monitor screens, control input, and steal data.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.