@Pete-S said in 3CX Desktop VoIP Client Hit with Supply Chain Attack:
But if I understand correctly it was only there it had been compromised, not upstream.
That's what it seems like from all of the reports. Otherwise there should have been a HUGE report of an open source ecosystem hit. Closed source vendors would have been all over that.