Articles
Vect 2.0: An Insider Perspective On The New Ransomware Variant
An insider look at Vect 2.0, a rapidly emerging ransomware-as-a-service operation that has gone from forum post to full-fledged platform in a matter of months. We walk through the affiliate panel, commission structure, and the technical capabilities of its Windows and ESXi lockers.
Apr 24 - 18 Min Read
Pay2Key Iranian-Linked Ransomware is Back, Back Again
In late February, Beazley Security's Incident Response team responded to a ransomware intrusion at a U.S. healthcare organization attributed to Pay2key, an Iranian government-linked threat actor that has operated since 2020. Upon investigation, the attacker had maintained access to a compromised admin account for several days before deploying ransomware and encrypting the environment within three hours.
Mar 24 - 25 Min Read
Chasing a Ghost : PXA Stealer Part 2
A follow-up to a previous article on LoneNone and his PXA Stealer malware where we detail some rare insights into the malware author's back-end operations and the evolution of their capabilities.
Oct 30 - 17 Min Read
Quantum Redirect: Offense by Vibes
When you send phishing campaigns to a security company, you really shouldn't ask LLMs to build your infrastructure.
Oct 27 - 26 Min Read
Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
Beazley Security Labs and SentinelLabs collaborated to investigate a complex delivery & execution chain leading to PXA Stealer
Aug 4 - 19 Min Read
Advisories
Critical Auth Bypass Vulnerability in FortiAuthenticator (CVE-2026-44277)
On May 12th, Fortinet publicly released a critical vulnerability affecting Fortinet FortiAuthenticator which handles Identity and Access Management (IAM) within some Fortinet architectures. The flaw is tracked as CVE-2026-44277 and classified as an improper access control vulnerability allowing unauthenticated attackers the ability to execute unauthorized code remotely.
May 12 - 2 Min Read
Critical Supply Chain Attack targeting TenStack affecting multiple NPM & PyPi Packages
Another TeamPCP NPM supply-chain attack hitting TanStack and worming to other dependencies across NPM and other package managers, affecting over 200 affected versions of widely distributed packages.
May 11 - 7 Min Read
Critical Vulnerability in PaloAlto PAN-OS Authentication Portal (CVE-2026-0300)
On May 6th, Palo Alto Networks announced CVE-2026-0300, an authentication bypass vulnerability in their PAN-OS which allows an unauthenticated attacker to bypass authentication and remotely execute code as root on PAN-OS PA-Series and VM-Series firewalls.
May 5 - 4 Min Read
Critical Vulnerability in Apache HTTP Server Disclosed (CVE-2026-23918)
On May 4th, 2026 Apache released an advisory regarding a flaw that under certain conditions, could allow unauthenticated remote code execution (RCE) in Apache HTTP Server version 2.4.66. Tracked as CVE-2026-23918, the vulnerability stems from a memory corruption bug within the version’s implementation.
May 5 - 3 Min Read
Critical Vulnerability in Progress MOVEit Automation (CVE-2026-4670)
On April 30th, Progress Software published an alert bulletin regarding a critical vulnerability in their widely used file share product MOVEit Automation. The flaw, tracked as CVE-2026-4670, could allow unauthenticated, remote attackers access to affected systems.
Apr 30 - 2 Min Read