> TritonInfoSec News
Home / Feb 28, 2026 / Story
0
#4 The Hacker News general February 27, 2026 at 17:59 UTC

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

By [email protected] (The Hacker News)

AI Summary

Over 900 Sangoma FreePBX instances remain infected with web shells following attacks that exploited a command injection vulnerability starting in December 2025. The Shadowserver Foundation identified 401 compromised instances in the US, with additional infections across Brazil (51), Canada (43), Germany (40), and France (36).

Read full article → https://thehackernews.com/2026/02/900-sangoma-free…

Relevance score: 90.0/100

# More from February 28

  1. 1
    Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access The Hacker News
  2. 2
    APT37 hackers use new malware to breach air-gapped networks BleepingComputer
  3. 3
    CISA warns that RESURGE malware can be dormant on Ivanti devices BleepingComputer
  4. 5
    Europol-led crackdown on The Com hackers leads to 30 arrests BleepingComputer
  5. 6
    Google quantum-proofs HTTPS by squeezing 2.5kB of data into 64-byte space Ars Technica Security
  6. 7
    DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams The Hacker News
  7. 8
    Ukrainian man pleads guilty to running AI-powered fake ID site BleepingComputer
  8. 9
    New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises Ars Technica Security
  9. 10
    Ransomware payment rate drops to record low despite attack surge BleepingComputer