Close Menu
    What's Hot

    China’s Xi says AI ‘should not be a solo performance by a single country’ | Regulation News

    Coca-Cola suspended production at its Fairlife dairy after a ransomware attack

    Narendra Modi steps up India’s hunt for uranium and critical minerals

    Facebook X (Twitter) Instagram
    Trending
    • China’s Xi says AI ‘should not be a solo performance by a single country’ | Regulation News
    • Coca-Cola suspended production at its Fairlife dairy after a ransomware attack
    • Narendra Modi steps up India’s hunt for uranium and critical minerals
    • Arhaus Stock Continues To Struggle With Comp Sales (NASDAQ:ARHS)
    • Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
    • The happiness mistake almost every entrepreneur makes
    • Opinion | The King of the North, Andy Burnham, Won’t Save Britain
    • Assessing the Documents: Fake IDs From China
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

    adminBy adminFebruary 27, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananFeb 27, 2026Network Security / Vulnerability

    900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

    The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.

    Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.

    The non-profit entity said the compromises are likely accomplished via the exploitation of CVE-2025-64328 (CVSS score: 8.6), a high-severity security flaw that could enable post-authentication command injection.

    “The impact is that any user with access to the FreePBX Administration panel could leverage this vulnerability to execute arbitrary shell commands on the underlying host,” FreePBX said in an advisory for the flaw in November 2025. “An attacker could leverage this to obtain remote access to the system as the asterisk user.”

    Cybersecurity

    The vulnerability affects FreePBX versions higher than and including 17.0.2.36. It was resolved in version 17.0.3. As mitigations, it’s advised to add security controls to ensure that only authorized users have access to the FreePBX Administrator Control Panel (ACP), restrict access from hostile networks to the ACP, and update the filestore module to the latest version.

    The vulnerability has since come under active exploitation in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog earlier this month.

    Source: The Shadowserver Foundation

    In a report published late last month, Fortinet FortiGuard Labs revealed that the threat actor behind the cyber fraud operation codenamed INJ3CTOR3 has been exploiting CVE-2025-64328 starting early December 2025 to deliver a web shell codenamed EncystPHP.

    “By leveraging Elastix and FreePBX administrative contexts, the web shell operates with elevated privileges, enabling arbitrary command execution on the compromised host and initiating outbound call activity through the PBX environment,” the cybersecurity company noted.

    FreePBX users are recommended to update their FreePBX deployments to the latest version as soon as possible to counter active threats.

    Attacks Compromised FreePBX Instances ongoing Sangoma Shell web
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleWhat Happens When Your European River Cruise Can’t Sail…
    Next Article Here’s your first look at Kratos and Atreus in Amazon’s upcoming God of War TV adaptation
    admin
    • Website

    Related Posts

    Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

    July 17, 2026

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    July 17, 2026

    New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

    July 17, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    China’s Xi says AI ‘should not be a solo performance by a single country’ | Regulation News

    Coca-Cola suspended production at its Fairlife dairy after a ransomware attack

    Narendra Modi steps up India’s hunt for uranium and critical minerals

    Arhaus Stock Continues To Struggle With Comp Sales (NASDAQ:ARHS)

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by