Critical Triofox Vulnerability Exploited in the Wild
A threat actor has exploited the issue to create a new administrator account and then used the account to execute remote access tools. The post Critical Triofox Vulnerability Exploited in the Wild appeared first on SecurityWeek.
A threat actor has exploited a critical vulnerability in Triofox to obtain remote access to a vulnerable server and then achieve code execution, Google warns.
Designed to ease remote work and data management, Gladinet’s Triofox is a secure file sharing and remote access solution that can be integrated with existing IT infrastructure.
Prior to version 16.7.10368.56560, Triofox was affected by a critical-severity improper access control vulnerability that allowed attackers to access initial setup pages even after the setup process was completed.
Source: https://www.securityweek.com/critical-triofox-vulnerability-exploited-in-the-wild/
Related breach coverage
- Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability2026-03-23
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
- Critical Langflow Vulnerability Exploited Hours After Public Disclosure2026-03-20
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
- Zyxel Patches Critical Vulnerability in Many Device Models2026-02-26
The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution. The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek.
- Ivanti EPM Update Patches Critical Remote Code Execution Flaw2025-12-10
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.