Triofox Exploitation Cluster (UNC6485): Six-Month Outlook, Copycat Risk, and What to Watch UNC6485 is farming Triofox: Host: localhost → setup → mint admin → AV path = your script → SYSTEM → RMM + reverse RDP/443. Patch to 16.7.10368.56560 now. Copycats next. 🔥🛡️

UNC6485 turned “localhost” into everyone’s admin panel and the AV path into a SYSTEM catapult. Copycats ride RDP over 443 next. Patch Triofox 16.7.10368.56560 now. 🔒🧯

Get the playbook first—subscribe.

blog.alphahunt.io/triofox-expl...

#AlphaHunt #CyberSecurity #Triofox #CVE202512480

L’Antivirus Triofox sfruttato per installare componenti di accesso remoto

📌 Link all'articolo : www.redhotcyber.com/post/lan...

#redhotcyber #news #cybersecurity #hacking #gladinet #triofox #vulnerabilita #CVE202512480 #sicurezzainformatica #patch

Critical vulnerability CVE-2025-12480 in Triofox exploited by UNC6485 to install remote access tools via antivirus feature. Update to version 16.7.10368.56560 immediately. #CyberSecurity #Triofox #CVE202512480 Link: thedailytechfeed.com/critical-vul...

Triofox Unauthenticated Access Flaw, Chained with AV Scanning Feature Abuse to Deploy Remote Access Tools A critical vulnerability in Triofox is being exploited by hackers who abuse its antivirus feature to install remote access tools and compromise servers.

Full Details: www.technadu.com/triofox-unau...

💭 How often do you think AV scanning features are overlooked in red-team assessments?
#CyberSecurity #Triofox #CVE202512480 #RCE #InfoSec #APT #Mandiant #ThreatIntel #Vulnerability

Triofox Unauthenticated RCE Vulnerability

~Mandiant~
Threat actor UNC6485 is exploiting Triofox vulnerability CVE-2025-12480 to gain unauthenticated remote code execution.
-
IOCs: 85. 239. 63. 37, 84. 200. 80. 252, 216. 107. 136. 46
-
#CVE202512480 #ThreatIntel #Triofox