Krebs on Security

3CX Breach Was a Double Supply Chain Compromise

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines ...
CRN

3CX Supply Chain Attack: Big Questions Remain

Of the many unanswered questions about the widely felt compromise, the impact on 3CX’s end customers will be a major one to watch, according to security researchers. Days after the supply chain ...
Ars Technica

3CX support tells customers to investigate malware warnings themselves

The customer support team for 3CX waited six days to address warnings that a recent update for its desktop VoIP client was malicious, and then its only advice was for customers to investigate the ...
WeLiveSecurity

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering ...