The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack. 3CX, ...

The cybersecurity industry has scrambled in recent weeks to understand the origins and fallout of the breach of 3CX, a VoIP provider whose software was corrupted by North Korea–linked hackers in a ...

The supply chain compromise of a widely used VoIP phone system vendor, 3CX, has led to attacks against numerous customers and prompted comparisons to some of the largest breaches in recent memory — ...

Software supply-chain attacks, in which hackers corrupt widely used applications to push their own code to thousands or even millions of machines, have become a scourge, both insidious and potentially ...

ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering ...

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack.

Of the many unanswered questions about the widely felt compromise, the impact on 3CX’s end customers will be a major one to watch, according to security researchers. Days after the supply chain ...

The customer support team for 3CX waited six days to address warnings that a recent update for its desktop VoIP client was malicious, and then its only advice was for customers to investigate the ...

Update December 17, 15:30 EST: As shared today by 3CX CEO Nick Galea, the SQL injection flaw was discovered by independent security researcher Theo Stein in the 3CX CRM Integration and is now tracked ...

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines ...