CyberSum logo
Back

Critical Triofox Vulnerability Exploited by UNC6485

Cyber Security News by CyberSum.net
3 sources
Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The flaw, now patched as CVE-2025-12480, allowed attackers to bypass authentication and achieve SYSTEM-level code execution. The exploitation campaign was detected on August 24, 2025, with attackers targeting version 16.4.10317.56372. Mandiant confirmed that Gladinet has released a fix, and the vulnerability is resolved in new versions of Triofox. The attackers used the flaw to create an administrative account and execute malicious scripts, achieving code execution as SYSTEM. They also used PuTTY and Plink to create an SSH tunnel for covert persistence.

Also Read

Whisper Leak Attack: AI Chatbots Vulnerable Despite Encryption

Microsoft researchers have identified a sophisticated side-channel attack called Whisper Leak that can infer conversation topics from encrypted AI chatbot traffic. Despite TLS encryption, the attack exploits patterns in packet sizes and timing to classify user prompts. Mitigations have been implemented by multiple vendors, but the attack poses significant risks, especially in regions with oppressive surveillance. The methodology and models are publicly available on GitHub for further research.

By Cyber Security News by CyberSum.net