SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch (#)

SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242 FreePBX Vulnerability An upatched vulnerability in FreePBX is currently being exploited. FreePBX offers mitigation advice and has also just released a "beta" patch. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 Passwordstate Vulnerability Clickstudios patched an authentication bypass vulnerability in its password manager, Passwordstate. The vulnerability can be used to access the emergency password page. https://www.clickstudios.com.au/passwordstate-changelog.aspx keywords: clickstudio; passwordstate; freepbx; zip;