> TritonInfoSec News
Home / Mar 01, 2026 / Story
0
#7 SecurityWeek general February 27, 2026 at 13:24 UTC

900 Sangoma FreePBX Instances Infected With Web Shells

By Ionut Arghire

AI Summary

Attackers infected 900 Sangoma FreePBX instances with web shells by exploiting a post-authentication command injection vulnerability in the endpoint manager's interface. The widespread compromise of these business phone system servers creates persistent backdoor access for attackers in corporate networks.

Read full article → https://www.securityweek.com/900-sangoma-freepbx-i…

Relevance score: 82.0/100

# More from March 01

  1. 1
    $4.8M in crypto stolen after Korean tax agency exposes wallet seed BleepingComputer
  2. 2
    Canadian Tire Data Breach Impacts 38 Million Accounts SecurityWeek
  3. 3
    Who is the Kimwolf Botmaster “Dort”? Krebs on Security
  4. 4
    Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement The Hacker News
  5. 5
    QuickLens Chrome extension steals crypto, shows ClickFix attack BleepingComputer
  6. 6
    ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket The Hacker News
  7. 8
    ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks The Hacker News
  8. 9
    Juniper Networks PTX Routers Affected by Critical Vulnerability SecurityWeek
  9. 10
    Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor The Hacker News