3CX Hackers Also Compromised Critical Infrastructure Firms
Symantec warns North Korean actors may return for further exploitation
3CX concerns cybersecurity risks in a business communications platform, including supply-chain compromise, malicious updates, and incident response.
Search across headline titles and summaries.
Background for this topic.
3CX is a software-based private branch exchange (PBX) system that manages business phone calls over internet protocol (VoIP). It handles call routing, voicemail, conferencing, and integrates with other communication tools, often hosted on-premises or in cloud environments. As a core telephony platform, it processes sensitive voice data and user credentials, making it a critical asset in enterprise communications infrastructure.
Security risks with 3CX include exploitation of software vulnerabilities that could allow attackers to intercept calls, access voicemail, or execute unauthorized commands. Weak authentication or exposed management interfaces increase the risk of account compromise or system takeover. Defenders should focus on applying patches promptly, enforcing strong access controls, and isolating the PBX network segment to limit exposure and protect voice traffic confidentiality and integrity.
Weekly headline count for the current query.
Symantec warns North Korean actors may return for further exploitation
Mandiant said this would be the first instance of a software supply chain attack leading to another
Kaspersky links campaign to Gopuram backdoor
Windows and Mac versions of the software were compromised to deliver infostealers