Beazley Security has seen attackers disabling EDR solutions leveraging Windows Defender Access Control Policies in the wild. 🫨
Mar 6 - 3 Min Read
Threat Actor abusing free Cloudflare Argo Tunnels for C2 contained by Beazley Security MDR.
Nov 13 - 9 Min Read
Fog ransomware is a relatively new ransomware family first reported in June 2024, targeting mainly the education sector. Most of the victim organizations are in the education sector with majority of them being located in the United States.
Oct 5 - 3 Min Read
More research coming soon, in the mean time, check out our advisories
A path traversal flaw in Ivanti Endpoint Manager running versions 2024 November Security Update and prior or 2022 SU6 November Security Update and prior allows for leakage of sensitive information by a remote, unauthenticated attacker.
Mar 13 - 5 Min Read
On March 4th, 2025, Broadcom published an advisory detailing multiple critical vulnerabilities in VMWare ESXi. Two of the vulnerabilities (CVE-2025-22224 and CVE-2025-22225) can be used together to allow a successful attacker with local administrator privileges on a hosted virtual machine to escape the virtual machine and execute code on the hypervisor. Beazley Security is aware of active exploitation of this vulnerability by sophisticated attackers and strongly recommends affected organizations apply updates from Broadcom to their ESXi clusters as soon as possible.
Mar 5 - 4 Min Read
On January 15th, multiple vulnerabilities were reported in SimpleHelp’s Remote Support Software product. One of the vulnerabilities, CVE-2024-57727, would allow successful attackers to access arbitrary files on a victim’s server, including sensitive configuration files containing passwords.
Feb 26 - 4 Min Read
On January 7th, Sonicwall published an advisory regarding an improper authentication vulnerability in their SonicOS SSL VPN service. Criticality of this vulnerability was enhanced February 10, 2025 when trivial proof-of-concept code emerged, and attacks began being observed in the wild.
Feb 20 - 4 Min Read
On February 12th, Palo Alto Networks released an advisory (CVE-2025-0108) for an authentication bypass vulnerability in Palo Alto Networks PAN-OS software related to the management web interface. The vulnerability could allow for an unauthenticated attacker to run PHP scripts, potentially impacting device integrity.
Feb 19 - 4 Min Read