Triofox Exploitation Cluster (UNC6485): Six-Month Outlook, Copycat Risk, and What to Watch UNC6485 is farming Triofox: Host: localhost → setup → mint admin → AV path = your script → SYSTEM → RMM + reverse RDP/443. Patch to 16.7.10368.56560 now. Copycats next. 🔥🛡️

UNC6485 turned “localhost” into everyone’s admin panel and the AV path into a SYSTEM catapult. Copycats ride RDP over 443 next. Patch Triofox 16.7.10368.56560 now. 🔒🧯

Get the playbook first—subscribe.

blog.alphahunt.io/triofox-expl...

#AlphaHunt #CyberSecurity #Triofox #CVE202512480

L’Antivirus Triofox sfruttato per installare componenti di accesso remoto

📌 Link all'articolo : www.redhotcyber.com/post/lan...

#redhotcyber #news #cybersecurity #hacking #gladinet #triofox #vulnerabilita #CVE202512480 #sicurezzainformatica #patch

(1/3)
🚨 Hackers exploited a critical flaw in Gladinet’s Triofox (#CVE202512480), using the built-in antivirus feature for remote code execution with SYSTEM privileges. The auth bypass was caused by spoofing “localhost” in HTTP headers. #CyberSecurity #Infosec #RCE #Triofox

Synology, Triofox e SAP correggono zero-day e flaw critiche RCE, bypass e credenziali hardcoded con patch novembre 2025.

#rce #SAP #sql #Synology #Triofox #zeroday
www.matricedigitale.it/2025/11/12/v...

Critical vulnerability CVE-2025-12480 in Triofox exploited by UNC6485 to install remote access tools via antivirus feature. Update to version 16.7.10368.56560 immediately. #CyberSecurity #Triofox #CVE202512480 Link: thedailytechfeed.com/critical-vul...

Triofox Unauthenticated Access Flaw, Chained with AV Scanning Feature Abuse to Deploy Remote Access Tools A critical vulnerability in Triofox is being exploited by hackers who abuse its antivirus feature to install remote access tools and compromise servers.

Full Details: www.technadu.com/triofox-unau...

💭 How often do you think AV scanning features are overlooked in red-team assessments?
#CyberSecurity #Triofox #CVE202512480 #RCE #InfoSec #APT #Mandiant #ThreatIntel #Vulnerability

Threat actors exploit Triofox AV scanner (CVE-2025-12480) for RCE - deploying AnyDesk & Zoho Assist for persistence.

#CyberSecurity #Triofox #RCE #ThreatIntel

CISA impone patch per zero-day Samsung CVE-2025-21042, con vulnerabilità critiche in AWS, Triofox e librerie JavaScript expr-eval.

#AWS #cisa #Landfall #rce #spyware #Triofox
www.matricedigitale.it/2025/11/11/c...

Triofox Unauthenticated RCE Vulnerability

~Mandiant~
Threat actor UNC6485 is exploiting Triofox vulnerability CVE-2025-12480 to gain unauthenticated remote code execution.
-
IOCs: 85. 239. 63. 37, 84. 200. 80. 252, 216. 107. 136. 46
-
#CVE202512480 #ThreatIntel #Triofox

Hackers exploiting zero-day in Gladinet file sharing software Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication.

Hackers exploiting zero-day in Gladinet file sharing software

Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and #Triofox products, which allows a local attacker to access #system files without authentication!

www.bleepingcomputer.com/news/securit...

Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability by the vulnerability read more about Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability reconbee.com/gladinets-tr...

#gladinet #triofox #centrestack #RCEvulnerability #cybersecurity

🚨CVE-2025-30406 is under active exploit — 7 orgs hit. 
Update CentreStack & Triofox now. 

Try with Modat Magnify: 
Run → web.headers~"Set-Cookie: y-glad-state" 
magnify.modat.io 

#ModatMagnify #CyberSecurity #RCE #CVE202530406 #ModatMagnify #CentreStack #Triofox #VulnerabilityAlert #PatchNow

Original post on securityweek.com

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities The flaw, tagged...

www.securityweek.com/huntress-documents-in-th...

#Malware #& #Threats #Supply #Chain […]

[Original post on securityweek.com]