Dark Reading

3CX Supply Chain Attack Tied to Financial Trading App Breach

Turns out 3CX was not the original target in a recent supply chain compromise affecting customers of the video conferencing software maker: The attack came via a prior supply chain compromise ...
CRN

3CX: We’re Aware Of ‘Complex Supply Chain Attack’

The communications app maker apologized to partners and customers and said that ‘we will do everything in our power to make up for this error.’ Communications app ...
CRN

Hackers May Still Have Access To 3CX Supply Chain: Huntress Researcher

While communications app maker 3CX has acknowledged it is responding to the compromise of its Windows VoIP app, Huntress’ John Hammond said it’s unclear if attackers may still be able to ‘poison ...
Ars Technica

3CX knew its app was flagged as malicious, but took no action for 7 days

There is so much wrong here. 3CX should not have blown this off as it got bigger, they should have looked into it. People using SentinelOne should have contacted them to find out what was going on.
Dark Reading

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

Security researchers are sounding the alarm on what may well be another major SolarWinds or Kaseya-like supply chain attack, this time involving Windows and Mac versions of a widely used video ...