Massive FreePBX Exploitation Campaign Deploys JOMANGY Webshell

**Cyble Research & Intelligence Labs uncovered an active INJ3CTOR3 campaign exploiting FreePBX vulnerabilities (CVE-2025-64328, CVE-2025-57819) to deploy a newly documented PHP webshell dubbed JOMANGY that performs VoIP toll fraud, implements double-layer obfuscation, enforces competitor eviction, and maintains access via six independent persistence channels (cron, profile insertion, watchdogs, multiple filesystem locations and immutable attributes), making full eradication difficult and often requiring complete system rebuilds.**