Web Scouter
Back to News
Security NewsHighIncidentunauthorized access

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

UnknownFeb 27, 2026(24 days ago)

Over 900 Sangoma FreePBX instances are compromised with web shells due to a command injection vulnerability.

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely

Related News

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Unknownabout 1 hour ago

FBI warns of Handala hackers using Telegram in malware attacks

Unknownabout 2 hours ago

CISA orders feds to patch DarkSword iOS flaws exploited attacks

Unknownabout 3 hours ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.