// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / managed service provider
Breach Record

managed service provider

DISCLOSED 2025-05-28 · UNPATCHED CVE · RANSOMWARE

The DragonForce ransomware gang exploited security flaws in the SimpleHelp remote monitoring and management tool to compromise a managed service provider and distribute ransomware to its customers. The attack vector involved unpatched vulnerabilities in the RMM software, allowing the threat actor to deploy ransomware across the MSP's client base.

The record

What we know

Disclosed
2025-05-28
Attack vector
Unpatched Cve
Sector
IT services
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that snapshots a known-good state and rejects unauthorized changes would likely have blocked the ransomware execution, as it would prevent the unauthorized RMM software from distributing malicious payloads.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the managed service provider disclosure. It updates if new public reporting emerges. All tracked breaches →

managed service provider just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →