Hackers abuse Triofox antivirus feature to deploy remote access tools www.bleepingcomputer.com/news/secu…
Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet’s Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges.
The security issue leveraged in the attack is CVE-2025-12480 and can be used to bypass authentication and obtain access to the application’s setup pages.
Security researchers at Google Threat Intelligence Group (GTIG) discovered the malicious activity on August 24, after a threat cluster tracked internally as UNC6485 targeted a Triofox server running version 16.4.10317.56372, released on April 3.
