Cybersecuritynews
Attackers Exploit FreePBX Vulnerability to Deploy EncystPHP Webshell
First seen 29 Jan 2026, 22:54 UTC
•
•100% similarity
•31.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Hackers are exploiting a critical vulnerability in FreePBX, specifically CVE-2025-64328, to deploy a persistent webshell named EncystPHP. This attack, attributed to the group INJ3CTOR3, allows complete administrative control over compromised VoIP systems. The campaign began in early December 2025, targeting systems with the FreePBX Endpoint Manager's administrative interface.
ThreatCluster AI