This article details a vulnerability in Triofox that allowed unauthenticated remote access, enabling attackers to bypass authentication and execute arbitrary code. Mandiant discovered that this flaw was exploited by a threat group, allowing them to create admin accounts and run malicious scripts. The issue has been patched in newer versions of the software.

Hackers exploited a zero-day vulnerability in Triofox, a file-sharing platform, to bypass authentication and deploy malicious payloads. They manipulated HTTP host headers to gain access and configured the system's anti-virus feature to run their own scripts, allowing further exploitation.