Dark Reading

3CX Supply Chain Attack Tied to Financial Trading App Breach

Turns out 3CX was not the original target in a recent supply chain compromise affecting customers of the video conferencing software maker: The attack came via a prior supply chain compromise ...
Ars Technica

3CX knew its app was flagged as malicious, but took no action for 7 days

There is so much wrong here. 3CX should not have blown this off as it got bigger, they should have looked into it. People using SentinelOne should have contacted them to find out what was going on.
CRN

3CX Attack Shows The Dangers Of ‘Alert Fatigue’ For Cybersecurity

The widely felt supply chain compromise of VoIP vendor 3CX was not caught as quickly as it might have been, as both the vendor and users initially assumed the alerts were false positives, according to ...
Ars Technica

Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack

Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, ...
Dark Reading

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

Security researchers are sounding the alarm on what may well be another major SolarWinds or Kaseya-like supply chain attack, this time involving Windows and Mac versions of a widely used video ...