Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
3CX

3CX Vendor Cyber Rating & Cyber Score

3cx.com
in
Add Your Compliance Badge
ISO 27001
SOC 2 Type 1
SOC 2 Type 2
PCI DSS
HIPAA
GDPR

3CX is the developer of an open standards communications solution which innovates business connectivity and collaboration, replacing proprietary PBXs. The award-winning software enables companies of all sizes to cut telco costs, boost employee productivity, and enhance the customer experience. With integrated video conferencing, apps for Android and iOS, website live chat, SMS and WhatsApp Messaging Integration, 3CX offers companies a complete communications package out of the box.


3CX A.I CyberSecurity Scoring

Incident Details
3CX
Company Information
Website:http://www.3cx.com
Employees number:180
Number of followers:61,947
NAICS:5112
Industry Type:Software Development
Homepage:3cx.com
Cyber Premium EstimationGet Supply Chain
3CX Risk Score (AI oriented)
Between 700 and 749
logo
3CXSoftware Development
Updated:
04/04/2026
738/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
3CX Global Score (TPRM)
xxxx
logo
3CXSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

3CX
3CXModerate
Current Score
738Ba (MODERATE)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JUNE 2026
740Before Incident
MAY 2026
739Before Incident
APRIL 2026
739Before Incident
MARCH 2026
738Before Incident
FEBRUARY 2026
738Before Incident
JANUARY 2026
737Before Incident
DECEMBER 2025
735Before Incident
NOVEMBER 2025
735Before Incident
OCTOBER 2025
735Before Incident
SEPTEMBER 2025
734Before Incident
AUGUST 2025
733Before Incident
JULY 2025
733Before Incident
JUNE 2023
753Before Incident
Cyber Attack
16 Jun 20233CX
3CX

AI-Enabled Supply Chain Attacks Surge 156% with Advanced Polymorphic Malware and AI-Generated Threats

707After Incident
CRITICAL-46
3CX2832428111125
The 3CX supply chain attack (2023) compromised software used by 600,000 organizations globally, including major enterprises like American Express and Mercedes-Benz. Attackers infiltrated 3CX’s update mechanism, distributing a trojanized version of its desktop app that installed malware on end-user systems. The attack leveraged polymorphic malware, making detection difficult via traditional signature-based tools. The breach enabled data exfiltration, lateral movement within corporate networks, and potential follow-on attacks, including credential theft and ransomware deployment. While not explicitly AI-generated, the attack exhibited AI-like characteristics—unique payloads per victim, evasion of sandboxing, and delayed activation—highlighting vulnerabilities in software supply chains. The incident resulted in operational disruptions, reputational damage, and financial losses across affected organizations, with some victims reporting fraudulent transactions and compromised internal systems. The prolonged detection timeline (aligned with IBM’s 2025 report average of 276 days) exacerbated the impact, as attackers maintained persistence in breached environments.
INCIDENT DETAILS -
TYPE
Supply Chain AttackMalware DistributionAI-Generated ThreatsPolymorphic AttackData ExfiltrationRansomware (LockBit variant)Cryptocurrency TheftCredential TheftData Poisoning
MOTIVATION
Financial Gain (e.g., $160K–$190K crypto theft in Solana attack)Data Exfiltration (e.g., Discord webhook leaks in NullBulge attacks)Ransomware Deployment (LockBit via NullBulge)Supply Chain DisruptionAI Model SabotageLong-Term Persistence (dormant malware variants)
IMPACT
$160,000–$190,000 (Solana Web3.js attack)Potential fines up to €35M or 7% global revenue (EU AI Act violations)Private Keys (Solana Web3.js)Sensitive ML Environment Data (PyTorch/torchtriton)User Data (Wondershare RepairIt hardcoded credentials)AI Model Integrity (data poisoning risks)600,000 companies (3CX breach)Thousands of systems (PyTorch/torchtriton)AI/ML environments (NullBulge, Hugging Face/GitHub)Cryptocurrency Wallets (Solana Web3.js)Wondershare RepairIt application binariesCompromised CI/CD PipelinesDisrupted AI/ML WorkflowsLoss of Trust in Open-Source EcosystemsIncreased Scrutiny for Dependency UpdatesErosion of Trust in AI/ML ToolsReputational Damage to Open-Source Platforms (GitHub, Hugging Face, npm, PyPI)Potential Customer Attrition for Affected Vendors (e.g., Wondershare, 3CX)EU AI Act Penalties (up to €35M or 7% global revenue)Potential Litigation from Affected CustomersRegulatory Non-Compliance FinesExfiltrated Private Keys (Solana Web3.js)Compromised Developer Credentials (publish-access phishing)Cryptocurrency Wallet Drainage (Solana Web3.js)Potential Payment Fraud via Poisoned AI Models
DATA BREACH
Private Cryptographic KeysSensitive ML Environment DataUser Credentials (hardcoded cloud credentials)AI Model IntegrityDeveloper Persona Data (SockPuppet attacks)High (private keys, AI models)Medium (developer credentials, cloud access)Via Discord Webhooks (NullBulge attacks)Automated Transfer to Attacker-Controlled ServersPython Packages (PyPI)JavaScript Libraries (npm)AI Model Binaries (Wondershare RepairIt)GitHub Repository CodePotential PII in Exfiltrated ML DataDeveloper Identities (SockPuppet personas)
REFERENCES
Blog URLSource URL

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for 3CX ?
?
What was 3CX's A.I Rankiteo Cyber Score in May 2026 ?
?
What was 3CX's A.I Rankiteo Cyber Score in April 2026 ?
?
What was 3CX's A.I Rankiteo Cyber Score in March 2026 ?
?
What was 3CX's A.I Rankiteo Cyber Score in February 2026 ?
?
What was 3CX's A.I Rankiteo Cyber Score in January 2026 ?
?
What was 3CX's A.I Rankiteo Cyber Score in December 2025 ?
?
What was 3CX's A.I Rankiteo Cyber Score in November 2025 ?
?
What was 3CX's A.I Rankiteo Cyber Score in October 2025 ?
?
What was 3CX's A.I Rankiteo Cyber Score in September 2025 ?
?
What was 3CX's A.I Rankiteo Cyber Score in August 2025 ?
?
What was 3CX's A.I Rankiteo Cyber Score in July 2025 ?
?
What is the average per-incident point impact on 3CX's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with 3CX ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view 3CX's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?