Security news aggregator

Latest coverage for 3CX

3CX concerns cybersecurity risks in a business communications platform, including supply-chain compromise, malicious updates, and incident response.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

3CX is a software-based private branch exchange (PBX) system that manages business phone calls over internet protocol (VoIP). It handles call routing, voicemail, conferencing, and integrates with other communication tools, often hosted on-premises or in cloud environments. As a core telephony platform, it processes sensitive voice data and user credentials, making it a critical asset in enterprise communications infrastructure.

Security risks with 3CX include exploitation of software vulnerabilities that could allow attackers to intercept calls, access voicemail, or execute unauthorized commands. Weak authentication or exposed management interfaces increase the risk of account compromise or system takeover. Defenders should focus on applying patches promptly, enforcing strong access controls, and isolating the PBX network segment to limit exposure and protect voice traffic confidentiality and integrity.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application