CP
cyberpings
VulnerabilitiesHIGH

900+ FreePBX Instances Compromised by Web Shell Attacks

THThe Hacker News19h ago2 min read
FreePBXweb shellscommand injectionShadowserver Foundationcybersecurity threats
🎯

Basically, hackers have taken control of over 900 phone systems worldwide using a sneaky trick.

Quick Summary

Over 900 FreePBX phone systems have been compromised by hackers using web shells. This affects users worldwide, especially in the U.S. and Brazil. The risk of data theft and unauthorized access is significant, prompting immediate action for affected organizations.

What Happened

Imagine waking up to find your phone system hijacked by hackers. That's the reality for over 900 Sangoma FreePBX instances that have fallen victim to web shell attacks. The Shadowserver Foundation? reported that these attacks began exploiting a command injection vulnerability? back in December 2025, and the fallout is still ongoing.

Among the compromised? systems, 401 are in the U.S., with others scattered across Brazil, Canada, Germany, and France. This widespread infection raises serious concerns about the security of communication systems globally. The attackers have managed to install web shells?, which are malicious scripts that allow them to control the systems remotely, putting sensitive information at risk.

The situation is alarming, as these web shells? can be used for various malicious activities, including data theft and further infiltration into networks. The Shadowserver Foundation?'s findings highlight the urgent need for organizations using FreePBX to take immediate action to secure their systems and prevent further exploitation.

Why Should You Care

If you or your company uses FreePBX, this news hits close to home. Think of your phone system as a front door to your business. If that door is left unlocked, anyone can walk in and take what they want. The risk of data theft and unauthorized access is real, and it can have devastating consequences for your operations and reputation.

Moreover, even if you don’t use FreePBX, this incident serves as a reminder of how vulnerabilities can expose any organization to cyber threats. Just like a thief might try to enter through an open window, hackers are always looking for weaknesses to exploit. Protecting your systems is essential.

What's Being Done

The Shadowserver Foundation? is actively monitoring the situation and providing updates on the compromised? instances. Here’s what affected users should do right now:

  • Update FreePBX: Ensure you are running the latest version to patch vulnerabilities.
  • Audit your systems: Check for any signs of unauthorized access or malware.
  • Enhance security measures: Implement stronger security protocols, such as firewalls and intrusion detection systems.

Experts are closely watching for any new developments and potential follow-up attacks. Staying vigilant is key in this evolving threat landscape.

💡 Tap dotted terms for explanations

🔒 Pro insight: The persistence of web shells in these instances indicates a broader trend of exploitation in VoIP systems, warranting enhanced monitoring and defense strategies.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHVulnerabilities

CISA Alerts on Apple Flaws Targeted by Spyware Attacks

CISA has warned about critical security flaws in Apple devices. These vulnerabilities are being exploited for cyberespionage and crypto-theft. Users must act now to secure their devices and protect personal information.

BleepingComputer·11h ago·2m
MEDIUMVulnerabilities

OpenAnt: AI-Powered Tool to Uncover Vulnerabilities

OpenAnt is a new AI-based tool designed to find vulnerabilities in software. It's aimed at security teams and open-source maintainers. This tool helps prevent security breaches by identifying flaws early. Developers should check it out on GitHub to enhance their software security.

Cyber Security News·12h ago·2m
MEDIUMVulnerabilities

ActiveMQ Flaw Opens Door to Denial-of-Service Attacks

A flaw in Apache ActiveMQ allows attackers to crash systems with malformed packets. This affects organizations relying on this messaging service, potentially leading to service disruptions. Stay alert for updates and patches from Apache to safeguard your operations.

Cyber Security News·13h ago·2m
HIGHVulnerabilities

CISA Flags iOS Vulnerabilities from Coruna Exploit Kit

CISA has flagged critical iOS vulnerabilities from the Coruna Exploit Kit. Millions of iPhone users could be at risk. Stay updated and secure your device with the latest patches.

SecurityWeek·13h ago·2m
HIGHVulnerabilities

Critical WordPress Plugin Flaw Lets Attackers Create Admin Accounts

A critical flaw in a popular WordPress plugin allows hackers to create admin accounts. If you're using this plugin, your website could be at risk. Update your plugin immediately to secure your site.

Cyber Security News·14h ago·2m
HIGHVulnerabilities

AWS-LC Vulnerabilities Expose Users to Certificate Bypass Risks

A critical vulnerability in Amazon's AWS-LC allows attackers to bypass security checks. This affects users relying on this cryptographic library for secure communications. If unpatched, your sensitive data could be at risk. Stay alert for updates and ensure your systems are secure.

Cyber Security News·14h ago·2m