Tag: Sangoma
-
Ask Master: The “EncystPHP” Web Shell is Silently Annexing Global FreePBX Telephony Servers
A mundane telephony vulnerability has metamorphosed into a comprehensive server capitulation. Cybersecurity specialists have unearthed a pernicious web shell, christened EncystPHP, which entrenches itself within FreePBX, granting malefactors perpetual administrative dominion over the compromised system. This onslaught commenced in early December of the preceding year. The assailants weaponized vulnerability CVE-2025-64328, nested within the Endpoint Manager…
-
Sangoma Issues Warning: Zero-Day Vulnerability Actively Exploited in FreePBX
Sangoma has issued an urgent alert regarding an actively exploited zero-day vulnerability in FreePBX installations where the Administrator Control Panel (ACP) is exposed to the internet. FreePBX, an open-source IP-PBX built on Asterisk, is widely used by enterprises, call centers, and service providers to manage internal communications, SIP trunks, and call routing. According to the…