Attackers Exploit FreePBX Vulnerability to Deploy EncystPHP Webshell

Attackers Exploit FreePBX Vulnerability to Deploy EncystPHP Webshell

First seen 29 Jan 2026, 22:54 UTC Cybersecuritynews 100% similarity 31.6

Article Content

Browse articles
ThreatCluster

Hackers are exploiting a critical vulnerability in FreePBX, specifically CVE-2025-64328, to deploy a persistent webshell named EncystPHP. This attack, attributed to the group INJ3CTOR3, allows complete administrative control over compromised VoIP systems. The campaign began in early December 2025, targeting systems with the FreePBX Endpoint Manager's administrative interface.

ThreatCluster AI

Community

Browse all →