3CX
Company Details
Linkedin ID:
3cx
Website:
Employees number:
137
Number of followers:
58,550
NAICS:
5112
Industry Type:
Homepage:
3cx.com
IP Addresses:
0
Company ID:
3CX_2846582
Scan Status:
In-progress
3CX Company CyberSecurity Posture
3cx.com
3CX is the developer of an open standards communications solution which innovates business connectivity and collaboration, replacing proprietary PBXs. The award-winning software enables companies of all sizes to cut telco costs, boost employee productivity, and enhance the customer experience. With integrated video conferencing, apps for Android and iOS, website live chat, SMS and WhatsApp Messaging Integration, 3CX offers companies a complete communications package out of the box.
3CX A.I CyberSecurity Scoring
3CX Risk Score (AI oriented)Between 700 and 749
3CX
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
3CX Global Score (TPRM)XXXX
3CX
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
3CX Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
3CX
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The **3CX supply chain attack (2023)** compromised software used by **600,000 organizations globally**, including major enterprises like American Express and Mercedes-Benz. Attackers infiltrated 3CX’s update mechanism, distributing a trojanized version of its desktop app that installed malware on end-user systems. The attack leveraged **polymorphic malware**, making detection difficult via traditional signature-based tools. The breach enabled data exfiltration, lateral movement within corporate networks, and potential follow-on attacks, including credential theft and ransomware deployment. While not explicitly AI-generated, the attack exhibited **AI-like characteristics**—unique payloads per victim, evasion of sandboxing, and delayed activation—highlighting vulnerabilities in software supply chains. The incident resulted in **operational disruptions**, **reputational damage**, and **financial losses** across affected organizations, with some victims reporting **fraudulent transactions** and **compromised internal systems**. The prolonged detection timeline (aligned with IBM’s 2025 report average of **276 days**) exacerbated the impact, as attackers maintained persistence in breached environments.
3CX Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for 3CX
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for 3CX in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for 3CX in 2025.
Incident Types 3CX vs Software Development Industry Avg (This Year)
No incidents recorded for 3CX in 2025.
Incident History — 3CX (X = Date, Y = Severity)
3CX cyber incidents detection timeline including parent company and subsidiaries
3CX Company Subsidiaries
3CX is the developer of an open standards communications solution which innovates business connectivity and collaboration, replacing proprietary PBXs. The award-winning software enables companies of all sizes to cut telco costs, boost employee productivity, and enhance the customer experience. With integrated video conferencing, apps for Android and iOS, website live chat, SMS and WhatsApp Messaging Integration, 3CX offers companies a complete communications package out of the box.
Loading...
3CX Similar Companies
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
Thomson Reuters
Thomson Reuters is the world’s leading provider of news and information-based tools to professionals. Our worldwide network of journalists and specialist editors keep customers up to speed on global developments, with a particular focus on legal, regulatory and tax changes. Our customers operat
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa
Instacart, the leading grocery technology company in North America, works with grocers and retailers to transform how people shop. The company partners with more than 1,500 national, regional, and local retail banners to facilitate online shopping, delivery and pickup services from more than 85,000
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
Amazon Fulfillment Technologies & Robotics
On the Fulfillment Technologies & Robotics Team, we build dynamic partnerships between people and intelligent machines. This intricate collaboration helps Amazon fulfill orders with unmatched accuracy. Since we began working with robotics, we've added over a million new jobs worldwide. Working in s
Booking.com
A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge techno
Cox Automotive Inc.
Cox Automotive is the world’s largest automotive services and technology provider. Fueled by the largest breadth of first-party data fed by 2.3 billion online interactions a year, Cox Automotive tailors leading solutions for car shoppers, auto manufacturers, dealers, lenders and fleets. The company
Agoda
At Agoda, we bridge the world through travel. We aim to make it easy and rewarding for more travelers to explore and experience the amazing world we live in. We do so by enabling more people to see the world for less – with our best-value deals across our 4,700,000+ hotels and holiday properties, 13
.png)
3CX CyberSecurity News
November 21, 2025 08:00 AM
Norrenberger Pensions grows client base to 164,619, revenue hits ₦2.5b
Norrenberger Pensions Limited has announced its financial performance for the 2024 financial year. It has expanded its Retirement Savings...
August 18, 2025 07:00 AM
The new administration’s cyber strategy: A shifting landscape for enterprise security
Cyberattacks are exploding, AI is fueling the fire, and budget cuts to CISA couldn't come at a worse time for America's digital defenses.
July 03, 2025 07:00 AM
3CX’s Software Supply Chain Compromise: Lessons Learned
3CX has transformed its software security in the two years since a damaging compromise — and RL was there to help. Here are key takeaways.
December 23, 2024 08:00 AM
Top 10 Tech Internships Offered in Cyprus
Discover the top 10 tech internships in Cyprus. From leading companies like Wargaming to PrimeTel, enhance your career with these...
December 17, 2024 08:00 AM
More Frequent—and Disruptive—Tech Outages Are on the Way
Last July, one of the world's largest cybersecurity firms, CrowdStrike, released a routine software update containing a bug that crashed 8.5...
January 25, 2024 08:00 AM
Assessing and mitigating cybersecurity risks lurking in your supply chain
Supply chain cyber risks could take many forms, from ransomware and data theft to denial of service (DDoS) and fraud.
December 29, 2023 08:00 AM
10 Most Notable Cyber Attacks of 2023
Top 10 Hacks of 2023. Malware. Phishing. Denial of Service (DoS). Distributed Denial of Service (DDoS). Man-in-the-Middle (MitM).
December 13, 2023 08:00 AM
10 Major Cyberattacks And Data Breaches In 2023
Major data breaches, ransomware attacks and data extortion attacks included the MOVEit and Barracuda Email Security Gateway attacks.
November 23, 2023 08:00 AM
North Korean Software Supply Chain Threat is Booming, UK and South Korea Warn
The UK's NCSC and South Korea's NIS issued a joint advisory describing some of North Korean hackers' tactics in deploying supply chain...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
3CX CyberSecurity History Information
Official Website of 3CX
The official website of 3CX is http://www.3cx.com.
3CX’s AI-Generated Cybersecurity Score
According to Rankiteo, 3CX’s AI-generated cybersecurity score is 735, reflecting their Moderate security posture.
How many security badges does 3CX’ have ?
According to Rankiteo, 3CX currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does 3CX have SOC 2 Type 1 certification ?
According to Rankiteo, 3CX is not certified under SOC 2 Type 1.
Does 3CX have SOC 2 Type 2 certification ?
According to Rankiteo, 3CX does not hold a SOC 2 Type 2 certification.
Does 3CX comply with GDPR ?
According to Rankiteo, 3CX is not listed as GDPR compliant.
Does 3CX have PCI DSS certification ?
According to Rankiteo, 3CX does not currently maintain PCI DSS compliance.
Does 3CX comply with HIPAA ?
According to Rankiteo, 3CX is not compliant with HIPAA regulations.
Does 3CX have ISO 27001 certification ?
According to Rankiteo,3CX is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of 3CX
3CX operates primarily in the Software Development industry.
Number of Employees at 3CX
3CX employs approximately 137 people worldwide.
Subsidiaries Owned by 3CX
3CX presently has no subsidiaries across any sectors.
3CX’s LinkedIn Followers
3CX’s official LinkedIn profile has approximately 58,550 followers.
NAICS Classification of 3CX
3CX is classified under the NAICS code 5112, which corresponds to Software Publishers.
3CX’s Presence on Crunchbase
No, 3CX does not have a profile on Crunchbase.
3CX’s Presence on LinkedIn
Yes, 3CX maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/3cx.
Cybersecurity Incidents Involving 3CX
As of December 04, 2025, Rankiteo reports that 3CX has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
3CX has an estimated 27,191 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at 3CX ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
What was the total financial impact of these incidents on 3CX ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $195 million.
How does 3CX detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with google's oss-fuzz (ai-generated code detection), third party assistance with microsoft's counterfit (defensive ai), third party assistance with google's ai red team, and containment measures with runtime application self-protection (rasp) by netflix, containment measures with behavioral provenance analysis (commit pattern tracking), containment measures with ai-specific detection (statistical analysis of code patterns), and remediation measures with dependency audits for typosquatting variants, remediation measures with commit signing enforcement (gpg), remediation measures with review of recently added packages (90-day lookback), remediation measures with deployment of behavioral analysis in ci/cd pipelines, and enhanced monitoring with ai-aware security tools, enhanced monitoring with zero-trust runtime defense..
Incident Details
Can you provide details on each incident ?
Title: AI-Enabled Supply Chain Attacks Surge 156% with Advanced Polymorphic Malware and AI-Generated Threats
Description: AI-enabled supply chain attacks have surged 156% in the past year, leveraging polymorphic, context-aware, and temporally evasive malware. Traditional defenses like static analysis and signature-based detection are failing against these adaptive threats. Notable incidents include the 3CX breach (affecting 600,000 companies), NullBulge attacks on Hugging Face/GitHub, Solana Web3.js library compromise, and Wondershare RepairIt vulnerabilities. AI-generated malware exhibits unique characteristics: polymorphic code, sandbox evasion, semantic camouflage, and delayed activation. Regulatory frameworks like the EU AI Act now mandate strict penalties (up to €35M or 7% of global revenue) for non-compliance. Organizations are adopting AI-aware security, behavioral provenance analysis, and zero-trust runtime defenses to counter these threats.
Date Publicly Disclosed: 2024-2025
Type: Supply Chain Attack
Attack Vector: Malicious Open-Source Packages (PyPI, npm, GitHub, Hugging Face)TyposquattingPhishing (Solana Web3.js publish-access compromise)Hardcoded Cloud Credentials (Wondershare RepairIt)AI Model TamperingFake Developer Personas (SockPuppet attacks)Automated Social Engineering (context-aware pull requests)Backdoored Dependencies (e.g., torchtriton, ComfyUI_LLMVISION)
Vulnerability Exploited: Lack of Package Integrity VerificationInsufficient Code Review for Open-Source DependenciesWeak Authentication for Publish Access (npm, PyPI)Hardcoded Credentials in BinariesInadequate Sandboxing for AI/ML EnvironmentsSignature-Based Detection GapsDelayed Breach Detection (avg. 276 days per IBM 2025 report)
Threat Actor: NullBulge GroupUnknown (Solana Web3.js attackers)Unknown (Wondershare RepairIt credential exposure)Unknown (3CX breach actors)AI-Generated Fake Developer Personas (SockPuppet attacks)
Motivation: Financial Gain (e.g., $160K–$190K crypto theft in Solana attack)Data Exfiltration (e.g., Discord webhook leaks in NullBulge attacks)Ransomware Deployment (LockBit via NullBulge)Supply Chain DisruptionAI Model SabotageLong-Term Persistence (dormant malware variants)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Open-Source Packages (PyPI, npm, GitHub and Hugging Face)Phished Publish-Access Credentials (Solana Web3.js)Hardcoded Cloud Credentials in Binaries (Wondershare RepairIt)Fake Developer Profiles (SockPuppet attacks).
Impact of the Incidents
What was the impact of each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Financial Loss: $160,000–$190,000 (Solana Web3.js attack)Potential fines up to €35M or 7% global revenue (EU AI Act violations)
Data Compromised: Private keys (solana web3.js), Sensitive ml environment data (pytorch/torchtriton), User data (wondershare repairit hardcoded credentials), Ai model integrity (data poisoning risks)
Systems Affected: 600,000 companies (3CX breach)Thousands of systems (PyTorch/torchtriton)AI/ML environments (NullBulge, Hugging Face/GitHub)Cryptocurrency Wallets (Solana Web3.js)Wondershare RepairIt application binaries
Operational Impact: Compromised CI/CD PipelinesDisrupted AI/ML WorkflowsLoss of Trust in Open-Source EcosystemsIncreased Scrutiny for Dependency Updates
Brand Reputation Impact: Erosion of Trust in AI/ML ToolsReputational Damage to Open-Source Platforms (GitHub, Hugging Face, npm, PyPI)Potential Customer Attrition for Affected Vendors (e.g., Wondershare, 3CX)
Legal Liabilities: EU AI Act Penalties (up to €35M or 7% global revenue)Potential Litigation from Affected CustomersRegulatory Non-Compliance Fines
Identity Theft Risk: ['Exfiltrated Private Keys (Solana Web3.js)', 'Compromised Developer Credentials (publish-access phishing)']
Payment Information Risk: ['Cryptocurrency Wallet Drainage (Solana Web3.js)', 'Potential Payment Fraud via Poisoned AI Models']
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $195.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Private Cryptographic Keys, Sensitive Ml Environment Data, User Credentials (Hardcoded Cloud Credentials), Ai Model Integrity, Developer Persona Data (Sockpuppet Attacks) and .
Which entities were affected by each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: 3CX
Entity Type: Software Vendor
Industry: VoIP Communications
Location: Global
Size: 600,000+ customer companies (including American Express, Mercedes-Benz)
Customers Affected: 600,000+
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: Hugging Face
Entity Type: AI Platform
Industry: Machine Learning
Location: Global
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: GitHub
Entity Type: Code Repository
Industry: Software Development
Location: Global
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: Solana Foundation
Entity Type: Blockchain Organization
Industry: Cryptocurrency
Location: Global
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: Wondershare
Entity Type: Software Vendor
Industry: Multimedia Tools
Location: Global
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: PyTorch (via torchtriton package)
Entity Type: AI Framework
Industry: Machine Learning
Location: Global
Customers Affected: Thousands of systems
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: ComfyUI_LLMVISION (GitHub Extension)
Entity Type: AI Tool
Industry: Machine Learning
Location: Global
Incident : Supply Chain Attack 3CX2832428111125
Entity Name: Open-Source Ecosystem (npm, PyPI)
Entity Type: Package Repositories
Industry: Software Development
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Third Party Assistance: Google'S Oss-Fuzz (Ai-Generated Code Detection), Microsoft'S Counterfit (Defensive Ai), Google'S Ai Red Team.
Containment Measures: Runtime Application Self-Protection (RASP) by NetflixBehavioral Provenance Analysis (commit pattern tracking)AI-Specific Detection (statistical analysis of code patterns)
Remediation Measures: Dependency Audits for Typosquatting VariantsCommit Signing Enforcement (GPG)Review of Recently Added Packages (90-day lookback)Deployment of Behavioral Analysis in CI/CD Pipelines
Enhanced Monitoring: AI-Aware Security ToolsZero-Trust Runtime Defense
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Google's OSS-Fuzz (AI-generated code detection), Microsoft's Counterfit (defensive AI), Google's AI Red Team, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Supply Chain Attack 3CX2832428111125
Type of Data Compromised: Private cryptographic keys, Sensitive ml environment data, User credentials (hardcoded cloud credentials), Ai model integrity, Developer persona data (sockpuppet attacks)
Sensitivity of Data: High (private keys, AI models)Medium (developer credentials, cloud access)
Data Exfiltration: Via Discord Webhooks (NullBulge attacks)Automated Transfer to Attacker-Controlled Servers
File Types Exposed: Python Packages (PyPI)JavaScript Libraries (npm)AI Model Binaries (Wondershare RepairIt)GitHub Repository Code
Personally Identifiable Information: Potential PII in Exfiltrated ML DataDeveloper Identities (SockPuppet personas)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Dependency Audits for Typosquatting Variants, Commit Signing Enforcement (GPG), Review of Recently Added Packages (90-day lookback), Deployment of Behavioral Analysis in CI/CD Pipelines, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by runtime application self-protection (rasp) by netflix, behavioral provenance analysis (commit pattern tracking), ai-specific detection (statistical analysis of code patterns) and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Supply Chain Attack 3CX2832428111125
Ransomware Strain: LockBit (deployed by NullBulge group)
Data Exfiltration: Yes (via Discord webhooks in NullBulge attacks)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Regulations Violated: EU AI Act (potential violations for AI supply chain security failures), General Data Protection Regulation (GDPR) (if PII exposed), Potential Sector-Specific Regulations (e.g., financial services for 3CX customers),
Fines Imposed: ['Up to €35 million or 7% of global revenue (EU AI Act)']
Regulatory Notifications: 72-hour breach notification requirement (EU AI Act)
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Lessons Learned: Traditional security tools (static analysis, signature-based detection) are ineffective against AI-generated polymorphic malware., AI supply chain attacks exploit trust in open-source ecosystems, requiring behavioral and provenance-based defenses., Delayed breach detection (avg. 276 days) exacerbates impact; real-time monitoring is critical., Fake developer personas (SockPuppet attacks) highlight the need for 'proof of humanity' verification (e.g., GPG-signed commits)., Hardcoded credentials and typosquatting remain persistent vulnerabilities in AI/ML toolchains., Regulatory frameworks like the EU AI Act impose strict penalties, necessitating proactive compliance measures., Defensive AI (e.g., Microsoft Counterfit, Google AI Red Team) is essential to counter offensive AI threats., Runtime protection (RASP) and zero-trust architectures are critical for containing post-breach threats.
What recommendations were made to prevent future incidents ?
Incident : Supply Chain Attack 3CX2832428111125
Recommendations: Regulatory: Document AI usage and supply chain controls for EU AI Act compliance., Conduct regular risk assessments of AI-related threats., Establish processes for 72-hour breach notifications involving AI systems., Regulatory: Document AI usage and supply chain controls for EU AI Act compliance., Conduct regular risk assessments of AI-related threats., Establish processes for 72-hour breach notifications involving AI systems., Regulatory: Document AI usage and supply chain controls for EU AI Act compliance., Conduct regular risk assessments of AI-related threats., Establish processes for 72-hour breach notifications involving AI systems., Regulatory: Document AI usage and supply chain controls for EU AI Act compliance., Conduct regular risk assessments of AI-related threats., Establish processes for 72-hour breach notifications involving AI systems..
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Traditional security tools (static analysis, signature-based detection) are ineffective against AI-generated polymorphic malware.,AI supply chain attacks exploit trust in open-source ecosystems, requiring behavioral and provenance-based defenses.,Delayed breach detection (avg. 276 days) exacerbates impact; real-time monitoring is critical.,Fake developer personas (SockPuppet attacks) highlight the need for 'proof of humanity' verification (e.g., GPG-signed commits).,Hardcoded credentials and typosquatting remain persistent vulnerabilities in AI/ML toolchains.,Regulatory frameworks like the EU AI Act impose strict penalties, necessitating proactive compliance measures.,Defensive AI (e.g., Microsoft Counterfit, Google AI Red Team) is essential to counter offensive AI threats.,Runtime protection (RASP) and zero-trust architectures are critical for containing post-breach threats.
References
Where can I find more information about each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Source: IBM Cost of a Data Breach Report 2025
Incident : Supply Chain Attack 3CX2832428111125
Source: Sonatype State of the Software Supply Chain Report
Incident : Supply Chain Attack 3CX2832428111125
Source: MITRE Analysis of PyPI Malware Campaigns
Incident : Supply Chain Attack 3CX2832428111125
Source: EU AI Act (Official Text)
Incident : Supply Chain Attack 3CX2832428111125
Source: Anthropic Research on AI Model Data Poisoning
Incident : Supply Chain Attack 3CX2832428111125
Source: Google OSS-Fuzz Project (AI-Generated Code Detection)
Incident : Supply Chain Attack 3CX2832428111125
Source: Microsoft Counterfit (Defensive AI Tool)
Incident : Supply Chain Attack 3CX2832428111125
Source: Netflix Runtime Application Self-Protection (RASP) Implementation
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: IBM Cost of a Data Breach Report 2025, and Source: Sonatype State of the Software Supply Chain Report, and Source: MITRE Analysis of PyPI Malware Campaigns, and Source: EU AI Act (Official Text), and Source: Anthropic Research on AI Model Data Poisoning, and Source: Google OSS-Fuzz Project (AI-Generated Code Detection), and Source: Microsoft Counterfit (Defensive AI Tool), and Source: Netflix Runtime Application Self-Protection (RASP) Implementation.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Investigation Status: Ongoing (multiple incidents; some resolved, others active)
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Stakeholder Advisories: Cisos: Prioritize Ai-Aware Security Tools And Zero-Trust Architectures., Developers: Verify Open-Source Dependencies With Behavioral Analysis., Compliance Teams: Align With Eu Ai Act Requirements For Ai Supply Chain Security., Executives: Allocate Budget For Defensive Ai And Runtime Protection..
Customer Advisories: Audit AI/ML toolchains for compromised dependencies (e.g., PyTorch, Hugging Face).Monitor cryptocurrency wallets for unauthorized transactions (Solana Web3.js users).Update Wondershare RepairIt to patched versions to mitigate hardcoded credential risks.Verify the authenticity of open-source contributors (watch for SockPuppet attacks).
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Cisos: Prioritize Ai-Aware Security Tools And Zero-Trust Architectures., Developers: Verify Open-Source Dependencies With Behavioral Analysis., Compliance Teams: Align With Eu Ai Act Requirements For Ai Supply Chain Security., Executives: Allocate Budget For Defensive Ai And Runtime Protection., Audit Ai/Ml Toolchains For Compromised Dependencies (E.G., Pytorch, Hugging Face)., Monitor Cryptocurrency Wallets For Unauthorized Transactions (Solana Web3.Js Users)., Update Wondershare Repairit To Patched Versions To Mitigate Hardcoded Credential Risks., Verify The Authenticity Of Open-Source Contributors (Watch For Sockpuppet Attacks). and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Entry Point: Compromised Open-Source Packages (Pypi, Npm, Github, Hugging Face), Phished Publish-Access Credentials (Solana Web3.Js), Hardcoded Cloud Credentials In Binaries (Wondershare Repairit), Fake Developer Profiles (Sockpuppet Attacks),
Reconnaissance Period: ['Months (SockPuppet attacks with fake developer histories)', 'Weeks/Days (typosquatting campaigns)', 'Hours (Solana Web3.js backdoor deployment)']
Backdoors Established: ['LockBit Ransomware (NullBulge attacks)', 'Private Key Theft (Solana Web3.js)', 'Discord Webhook Exfiltration (NullBulge)', 'AI Model Tampering (Wondershare RepairIt)']
High Value Targets: Cryptocurrency Wallets (Solana Web3.Js), Ai/Ml Models (Pytorch, Hugging Face), Ci/Cd Pipelines (Open-Source Dependencies), Enterprise Voip Systems (3Cx),
Data Sold on Dark Web: Cryptocurrency Wallets (Solana Web3.Js), Ai/Ml Models (Pytorch, Hugging Face), Ci/Cd Pipelines (Open-Source Dependencies), Enterprise Voip Systems (3Cx),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Supply Chain Attack 3CX2832428111125
Root Causes: Over-Reliance On Signature-Based Detection For Polymorphic Malware., Insufficient Verification Of Open-Source Dependencies (Lack Of Behavioral Analysis)., Weak Authentication For Package Publish Access (Npm, Pypi)., Hardcoded Credentials In Production Binaries (Wondershare Repairit)., Delayed Breach Detection (Avg. 276 Days Per Ibm 2025)., Lack Of 'Proof Of Humanity' For Code Contributors (Sockpuppet Vulnerabilities)., Inadequate Sandboxing For Ai/Ml Environments (Pytorch/Torchtriton)., Typosquatting Exploits Due To Lack Of Dependency Hygiene.,
Corrective Actions: Replace Signature-Based Detection With Ai-Aware Behavioral Analysis., Enforce Multi-Factor Authentication (Mfa) And Gpg Signing For Package Publishers., Implement Runtime Application Self-Protection (Rasp) For Critical Systems., Deploy Defensive Ai Tools (E.G., Microsoft Counterfit, Google Ai Red Team)., Mandate Regular Audits Of Ai/Ml Dependencies And Model Integrity., Adopt Zero-Trust Principles For Open-Source Contribution Workflows., Integrate Automated Typosquatting Detection In Ci/Cd Pipelines., Establish Ai Incident Response Teams With Adversarial Ml Expertise., Align Security Controls With Eu Ai Act Requirements (Transparency, Risk Assessments).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Google'S Oss-Fuzz (Ai-Generated Code Detection), Microsoft'S Counterfit (Defensive Ai), Google'S Ai Red Team, , Ai-Aware Security Tools, Zero-Trust Runtime Defense, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Replace Signature-Based Detection With Ai-Aware Behavioral Analysis., Enforce Multi-Factor Authentication (Mfa) And Gpg Signing For Package Publishers., Implement Runtime Application Self-Protection (Rasp) For Critical Systems., Deploy Defensive Ai Tools (E.G., Microsoft Counterfit, Google Ai Red Team)., Mandate Regular Audits Of Ai/Ml Dependencies And Model Integrity., Adopt Zero-Trust Principles For Open-Source Contribution Workflows., Integrate Automated Typosquatting Detection In Ci/Cd Pipelines., Establish Ai Incident Response Teams With Adversarial Ml Expertise., Align Security Controls With Eu Ai Act Requirements (Transparency, Risk Assessments)., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an NullBulge GroupUnknown (Solana Web3.js attackers)Unknown (Wondershare RepairIt credential exposure)Unknown (3CX breach actors)AI-Generated Fake Developer Personas (SockPuppet attacks).
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-2025.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was ['$160,000–$190,000 (Solana Web3.js attack)', 'Potential fines up to €35M or 7% global revenue (EU AI Act violations)'].
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Private Keys (Solana Web3.js), Sensitive ML Environment Data (PyTorch/torchtriton), User Data (Wondershare RepairIt hardcoded credentials), AI Model Integrity (data poisoning risks) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were 600,000 companies (3CX breach)Thousands of systems (PyTorch/torchtriton)AI/ML environments (NullBulge, Hugging Face/GitHub)Cryptocurrency Wallets (Solana Web3.js)Wondershare RepairIt application binaries.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was google's oss-fuzz (ai-generated code detection), microsoft's counterfit (defensive ai), google's ai red team, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Runtime Application Self-Protection (RASP) by NetflixBehavioral Provenance Analysis (commit pattern tracking)AI-Specific Detection (statistical analysis of code patterns).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were AI Model Integrity (data poisoning risks), Private Keys (Solana Web3.js), User Data (Wondershare RepairIt hardcoded credentials) and Sensitive ML Environment Data (PyTorch/torchtriton).
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was Up to €35 million or 7% of global revenue (EU AI Act), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Runtime protection (RASP) and zero-trust architectures are critical for containing post-breach threats.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are IBM Cost of a Data Breach Report 2025, MITRE Analysis of PyPI Malware Campaigns, Google OSS-Fuzz Project (AI-Generated Code Detection), Anthropic Research on AI Model Data Poisoning, Sonatype State of the Software Supply Chain Report, EU AI Act (Official Text), Netflix Runtime Application Self-Protection (RASP) Implementation and Microsoft Counterfit (Defensive AI Tool).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (multiple incidents; some resolved, others active).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was CISOs: Prioritize AI-aware security tools and zero-trust architectures., Developers: Verify open-source dependencies with behavioral analysis., Compliance Teams: Align with EU AI Act requirements for AI supply chain security., Executives: Allocate budget for defensive AI and runtime protection., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Audit AI/ML toolchains for compromised dependencies (e.g., PyTorch and Hugging Face).Monitor cryptocurrency wallets for unauthorized transactions (Solana Web3.js users).Update Wondershare RepairIt to patched versions to mitigate hardcoded credential risks.Verify the authenticity of open-source contributors (watch for SockPuppet attacks).
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Months (SockPuppet attacks with fake developer histories)Weeks/Days (typosquatting campaigns)Hours (Solana Web3.js backdoor deployment).
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=3cx' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
