A follow-up to a previous article on LoneNone and his PXA Stealer malware where we detail some rare insights into the malware author's back-end operations and the evolution of their capabilities.
Oct 30 - 17 Min Read
When you send phishing campaigns to a security company, you really shouldn't ask LLMs to build your infrastructure.
Oct 27 - 26 Min Read
Beazley Security Labs and SentinelLabs collaborated to investigate a complex delivery & execution chain leading to PXA Stealer
Aug 4 - 19 Min Read
Updated to include discovery of PDFMaker reskin. Beazley Security MXDR Teams recently observed a “free word to PDF converter” exhibit suspicious activity across client environments.
May 28 - 5 Min Read
Late last year, Beazley Security Managed Extended Detection and Response (MXDR) identified and thwarted a threat actor within a client's environment. We previously published our initial analysis that included some of the activity and tools used by the threat actor. In this article, we detail additional findings based on our continued study of telemetry and artifacts related to this breach.
Apr 14 - 9 Min Read
More research coming soon, in the mean time, check out our advisories
On January 6th, 2026, CVE-2026-21858 was published by n8n, followed shortly by articles by Dor Attias and Cyera documenting critical flaws in n8n's request parsing. The vulnerability allows an unauthenticated attacker to exfiltrate sensitive data, which can lead to full compromise of the n8n system. If a vulnerable n8n system is directly connected to the internet, this could provide threat actors with initial access to an organizations internal network.
Jan 8 - 2 Min Read
On December 28, 2025, NIST published a critical file upload vulnerability affecting SmarterTools SmarterMail server. The flaw, documented as CVE-2025-52691, carries a maximum CVSS score of 10 and allows remote unauthenticated attackers the ability to upload malicious files to the mail server, potentially leading to remote code execution.
Dec 29 - 3 Min Read
On December 19th, software company MongoDB published an advisory regarding a critical vulnerability (tracked as CVE-2025-14847) in their popular database engine of the same name. The vulnerability is an information disclosure issue that allows a successful unauthenticated attacker to leak portions of host memory on a victim machine, potentially disclosing sensitive data such as authentication material. The vulnerability impacts all modern versions of MongoDB released in the last 5 years. On December 24th, security firm Ox Security published enough technical details to create a weaponized exploit, and on December 25th, a technical lead from Elastic published proof-of-concept exploit code to github.
Dec 27 - 2 Min Read
Multiple Fortinet pieces of software are vulnerable to an SSO bypass are now being targeted in the wild by attackers abusing CVE-2025-59718 & CVE-2025-59719
Dec 16 - 4 Min Read
UPDATED - Original patches mitigating React2Shell properly address Remote Code Execution (RCE) but are still vulnerable to information leakage and DoS issues - To address recently disclosed vulnerabilities, React have released patches which should be applied ASAP. If your organization previously updated to React 19.0.2, 19.1.3, and 19.2.2, these are incomplete and organizations will need to update again. On December 3rd, open-source web software library React disclosed a critical vulnerability in the React Server Components (RSC) “Flight” protocol impacting the React 19 ecosystem and frameworks that implement it React and Next.js are widely used across the internet and therefore this vulnerability requires immediate action.
Dec 3 - 8 Min Read