CVE-2025-64328 is a vulnerability tracked across 5 threat clusters and 7 intelligence report mentions on ThreatCluster. First observed January 29, 2026; most recent activity May 22, 2026.
A cyber campaign attributed to the threat actor INJ3CTOR3 is targeting FreePBX systems, deploying a new PHP webshell named JOMANGY. This operation utilizes a six-layer persistence mechanism to maintain control over…
Ruslan Satuchin, a Moscow resident, has been accused of attempting to extort the Conti ransomware group by impersonating an officer of Russia's Federal Security Service (FSB). Local media reports indicate that he…
Approximately 900 Sangoma FreePBX systems are compromised due to CVE-2025-64328, a command injection vulnerability. This bug was patched in version 17.0.3, but many systems remain unpatched and vulnerable to…
Attackers exploited CVE-2025-64328, a command injection vulnerability, affecting 900 Sangoma FreePBX systems. The exploitation resulted in the installation of web shells, with hundreds of instances remaining compromised…
Hackers are exploiting a critical vulnerability in FreePBX, specifically CVE-2025-64328, to deploy a persistent webshell named EncystPHP. This attack, attributed to the group INJ3CTOR3, allows complete administrative…