Critical Triofox Bug Exploited for Malicious Payloads

Hackers exploited a critical Triofox flaw, CVE-2025-12480, to bypass authentication and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted the threat actors exploiting the vulnerability, which allowed them to upload and run remote access tools. The attackers used a newly created admin account to execute malicious scripts with SYSTEM privileges, deploying tools like Zoho Assist and AnyDesk for remote access. Mandiant recommends upgrading to the latest Triofox release and auditing admin accounts to mitigate the risk.

Latest mentioned: 11-11

Earliest mentioned: 11-10

Sources

securityaffairs.com securityonline.info google.com gbhackers.com thehackernews.com

Also Read

Fantasy Hub: Advanced Android RAT Sold on Cybercrime Channels

Researchers at zLabs have discovered Fantasy Hub, a sophisticated Android Remote Access Trojan (RAT) sold as Malware-as-a-Service (MaaS) on cybercrime channels. The spyware, advertised with extensive documentation and Telegram-based subscriptions, enables full device control, data exfiltration, and banking credential theft. Its advanced features, including SMS interception and live streaming, rival nation-state spyware. The malware uses phishing overlays to target major banks and employs sophisticated evasion techniques to avoid detection.

11-10Read more →