Global Cyberattacks Surge as Hackers Exploit Critical Bomgar RMM Flaw
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — A wave of cyberattacks targeting remote management software has spread globally after threat actors exploited a critical security vulnerability in Bomgar RMM systems, leading to widespread ransomware deployments and supply chain compromises.
The attacks, identified on April 21, 2026, leverage a critical unauthenticated remote code execution flaw designated CVE-2026-1731. Security researchers observed the activity through the Huntress Security Operations Center, which detected the surge in malicious activity across multiple organizations. The vulnerability allows attackers to execute code on affected systems without authentication, providing direct access to sensitive networks.
The exploitation has resulted in ransomware being deployed across numerous organizations, with attackers moving laterally through networks to maximize impact. The attacks have particularly affected managed service providers (MSPs) and their downstream clients, creating a cascading effect through supply chains. Organizations relying on Bomgar RMM for remote management have found their systems compromised, with attackers using the initial access point to infiltrate deeper into corporate networks.
The vulnerability affects Bomgar RMM instances worldwide, with no geographic concentration identified. The global nature of the attacks reflects the widespread adoption of remote management tools across industries. MSPs serving multiple clients have become prime targets, as compromising a single provider can grant attackers access to numerous downstream organizations simultaneously.
Security experts warn that the unauthenticated nature of the flaw makes it particularly dangerous, as attackers do not need credentials to exploit it. The flaw has been actively exploited in the wild, with threat actors using it to deploy ransomware and establish persistent access to victim networks. The attacks demonstrate the risks associated with supply chain vulnerabilities, where compromising a single vendor can impact hundreds or thousands of downstream organizations.
The Huntress Security Operations Center has been monitoring the activity, tracking the spread of the attacks and identifying affected organizations. However, the identity of the threat actors behind the campaign remains unknown. Security researchers are working to understand the full scope of the compromise and identify all affected systems.
Organizations are urged to patch affected Bomgar RMM instances immediately and monitor for signs of compromise. The attacks highlight the importance of timely vulnerability management and the need for robust security monitoring across supply chains. As the situation develops, more details about the extent of the damage and the identity of the attackers are expected to emerge.
The incident underscores the growing threat posed by supply chain attacks and the critical need for organizations to secure their remote management infrastructure. With the vulnerability actively exploited, the window for prevention is closing rapidly for unpatched systems worldwide.