Sangoma is a organization tracked across 4 threat clusters and 6 intelligence report mentions on ThreatCluster. First observed February 4, 2026; most recent activity May 22, 2026.
A cyber campaign attributed to the threat actor INJ3CTOR3 is targeting FreePBX systems, deploying a new PHP webshell named JOMANGY. This operation utilizes a six-layer persistence mechanism to maintain control over…
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical-severity vulnerability in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) Catalog. This update also includes…
Approximately 900 Sangoma FreePBX systems are compromised due to CVE-2025-64328, a command injection vulnerability. This bug was patched in version 17.0.3, but many systems remain unpatched and vulnerable to…
Attackers exploited CVE-2025-64328, a command injection vulnerability, affecting 900 Sangoma FreePBX systems. The exploitation resulted in the installation of web shells, with hundreds of instances remaining compromised…