CP
cyberpings
VulnerabilitiesHIGH

900+ FreePBX Instances Compromised by Web Shell Attacks

THThe Hacker NewsFeb 27, 2026
FreePBXweb shellscommand injectionShadowserver Foundationcybersecurity threats
🎯

Basically, hackers have taken control of over 900 phone systems worldwide using a sneaky trick.

Quick Summary

Over 900 FreePBX phone systems have been compromised by hackers using web shells. This affects users worldwide, especially in the U.S. and Brazil. The risk of data theft and unauthorized access is significant, prompting immediate action for affected organizations.

What Happened

Imagine waking up to find your phone system hijacked by hackers. That's the reality for over 900 Sangoma FreePBX instances that have fallen victim to web shell attacks. The Shadowserver Foundation? reported that these attacks began exploiting a command injection vulnerability? back in December 2025, and the fallout is still ongoing.

Among the compromised? systems, 401 are in the U.S., with others scattered across Brazil, Canada, Germany, and France. This widespread infection raises serious concerns about the security of communication systems globally. The attackers have managed to install web shells?, which are malicious scripts that allow them to control the systems remotely, putting sensitive information at risk.

The situation is alarming, as these web shells? can be used for various malicious activities, including data theft and further infiltration into networks. The Shadowserver Foundation?'s findings highlight the urgent need for organizations using FreePBX to take immediate action to secure their systems and prevent further exploitation.

Why Should You Care

If you or your company uses FreePBX, this news hits close to home. Think of your phone system as a front door to your business. If that door is left unlocked, anyone can walk in and take what they want. The risk of data theft and unauthorized access is real, and it can have devastating consequences for your operations and reputation.

Moreover, even if you don’t use FreePBX, this incident serves as a reminder of how vulnerabilities can expose any organization to cyber threats. Just like a thief might try to enter through an open window, hackers are always looking for weaknesses to exploit. Protecting your systems is essential.

What's Being Done

The Shadowserver Foundation? is actively monitoring the situation and providing updates on the compromised? instances. Here’s what affected users should do right now:

  • Update FreePBX: Ensure you are running the latest version to patch vulnerabilities.
  • Audit your systems: Check for any signs of unauthorized access or malware.
  • Enhance security measures: Implement stronger security protocols, such as firewalls and intrusion detection systems.

Experts are closely watching for any new developments and potential follow-up attacks. Staying vigilant is key in this evolving threat landscape.

💡 Tap dotted terms for explanations

🔒 Pro insight: The persistence of web shells in these instances indicates a broader trend of exploitation in VoIP systems, warranting enhanced monitoring and defense strategies.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Authentication Bypass Flaw Exposes pac4j-jwt Users

A critical vulnerability in the pac4j-jwt library allows attackers to impersonate users. Developers using this library must update immediately to prevent unauthorized access. Ignoring this could lead to severe security breaches.

Arctic Wolf Blog·Yesterday, 8:34 PM
CRITICALVulnerabilities

Critical Authentication Bypass in pac4j-jwt Library Exposed!

A severe flaw in the pac4j-jwt library allows hackers to bypass authentication. This affects applications relying on the library, risking user data and security. Immediate updates are essential to protect against exploitation.

Arctic Wolf Blog·Yesterday, 7:55 PM
HIGHVulnerabilities

Firefox Faces 22 Vulnerabilities Discovered by Anthropic

Anthropic discovered 22 vulnerabilities in Firefox, with 14 marked high-severity. This puts users at risk of data breaches and unauthorized access. Mozilla is working on patches to fix these issues.

TechCrunch Security·Yesterday, 7:00 PM
CRITICALVulnerabilities

Cisco FMC Faces Maximum-Severity Vulnerabilities: Act Now!

Cisco has identified two critical vulnerabilities in its Secure Firewall Management Center software. Organizations using this software are at risk of unauthorized access and control. Immediate patching is essential to protect sensitive data and maintain security.

Arctic Wolf Blog·Yesterday, 5:58 PM
HIGHVulnerabilities

Firefox Vulnerabilities Exposed by AI in Just Two Weeks

AI has uncovered 22 vulnerabilities in Firefox in just two weeks. This affects anyone using the browser, putting personal data at risk. Mozilla is working on patches to fix these issues, so stay updated!

Cyber Security News·Yesterday, 5:38 PM
HIGHVulnerabilities

Linux Rootkits Evolve with eBPF and io_uring Threats

Linux rootkits are evolving into a serious threat, targeting cloud and IoT systems. This shift puts many users at risk of data breaches and disruptions. Experts are working on detection methods and patches to combat these threats.

Cyber Security News·Yesterday, 5:33 PM