Threat Intelligence Report

Unveiling the Weaponized Web Shell EncystPHP | FortiGuard Labs

📅 January 29, 2026 📰 feeds.fortinet.com 🔍 1 CVE(s) referenced

A newly discovered, highly persistent web shell dubbed EncystPHP is being actively deployed by the INJ3CTOR3 threat group via a FreePBX vulnerability (CVE-2025-64328), enabling remote attackers to achieve long-term administrative control and evade detection on unpatched PBX systems.

vendor

CVE-2025-64328

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle