Articles

Disabling EDR With WDAC

Beazley Security has seen attackers disabling EDR solutions leveraging Windows Defender Access Control Policies in the wild. 🫨

Mar 6 - 3 Min Read

Hunting Mice In Tunnels

Threat Actor abusing free Cloudflare Argo Tunnels for C2 contained by Beazley Security MDR.

Nov 13 - 9 Min Read

Fog Ransomware

Fog ransomware is a relatively new ransomware family first reported in June 2024, targeting mainly the education sector. Most of the victim organizations are in the education sector with majority of them being located in the United States.

Oct 5 - 3 Min Read

More research coming soon, in the mean time, check out our advisories

Advisories

Oracle Cloud Infrastructure Client Data Leaked to Cybercrime Forum

On March 20th, a user on BreachForums claimed to have compromised Oracle Cloud Infrastructure (OCI). The breach reportedly affected servers responsible for authenticating users to Oracle Cloud services. The individual provided sample data to support their claim and offered to sell access to “about 6 million” credentials and authentication materials for 100,000 Monero (XMR), a cryptocurrency considered more difficult to trace than bitcoin. The threat actor is offering to remove any compromised accounts from the data dump for an unspecified payment and to trade breach information for 0-day exploits. This post was updated on March 26th, 2025 with additional information.

Mar 24 - 12 Min Read

Critical Vulnerability in Veeam Backup and Replication (CVE-2025-23120)

On March 19th, backup solution vendor Veeam published an advisory detailing a critical vulnerability in their Backup and Replication product. This product is used as a data backup and restoration solution, and the vulnerability is due to a deserialization bug that would allow an authenticated attacker to achieve remote code execution (RCE) on a targeted device. Ransomware threat actors often target Veeam to steal and destroy backups, and they could opportunistically leverage this vulnerability to enhance the impact and destruction of victim files.

Mar 21 - 3 Min Read

Uptick in Fake Captcha Campaigns Tricking Users to Deliver Malware

Beazley Security has identified multiple cybercriminal campaigns leveraging deceptive advertisements and fake CAPTCHA pages to distribute malware.

Mar 17 - 3 Min Read

Ivanti EPM Traversal Flaw (CVE-2024-13159)

A path traversal flaw in Ivanti Endpoint Manager running versions 2024 November Security Update and prior or 2022 SU6 November Security Update and prior allows for leakage of sensitive information by a remote, unauthenticated attacker.

Mar 13 - 5 Min Read

Actively Exploited Critical Vulnerabilities in VMWare ESXi (CVE-2025-22224, CVE-2025-22225)

On March 4th, 2025, Broadcom published an advisory detailing multiple critical vulnerabilities in VMWare ESXi. Two of the vulnerabilities (CVE-2025-22224 and CVE-2025-22225) can be used together to allow a successful attacker with local administrator privileges on a hosted virtual machine to escape the virtual machine and execute code on the hypervisor. Beazley Security is aware of active exploitation of this vulnerability by sophisticated attackers and strongly recommends affected organizations apply updates from Broadcom to their ESXi clusters as soon as possible.

Mar 5 - 4 Min Read