BeyondTrust investigated a cybersecurity incident where a compromised API key was used to access 17 Remote Support SaaS instances. The breach, detected on December 5, 2024, resulted from a zero-day vulnerability in a third-party application, allowing attackers to infiltrate BeyondTrust's AWS environment and exploit a separate AWS account. Two vulnerabilities (CVE-2024-12356 and CVE-2024-12686) were later added to CISA's Known Exploited Vulnerabilities catalog. BeyondTrust revoked the compromised API key, suspended affected instances, and provided alternatives. The U.S. Treasury Department was among the impacted entities, but no other federal agencies were affected.

‍