Supply chain blunder puts 3CX telephone app users at risk


Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories.

As you can imagine, given that the company is scrambling not only to figure out what happened, but also to repair and document what went wrong, 3CX doesn’t have much detail to share about the incident yet, but it does state, right at the very top of its official security alert:

The issue appears to be one of the bundled libraries that we compiled into the Windows Electron App via Git.