PhantomCore exploits TrueConf vulnerabilities — threat to corporate networks

Colleagues — a cybersecurity alert: PhantomCore is leveraging a TrueConf vulnerability chain for RCE and network intrusion.
- Positive Technologies observed exploitation of three bugs (BDU:2025-10114/10115/10116): authentication bypass, file disclosure and command execution.
- Patches released 27 Aug 2025; attacks began Sept 2025. Actors deploy web shells, PhantomPxPigeon, establish tunnels and harvest credentials.
- Phishing remains an entry vector (ZIP/RAR, Jan–Feb 2026).
Why it matters: unpatched TrueConf servers can serve as a beachhead for widespread compromise.
What mitigation steps will you take?
#cybersecurity #vulnerabilities #threatintelligence


Latest comments
No comments yet.