Latest coverage for VoIP

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber ProtectionsA report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FCC staffers via the VoIP telco.…

The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. [...]

No Patch Yet Available for Second Zero Day to Be Recently Found in VoIP SoftwareSecurity researchers warn of a newly discovered zero-day vulnerability in widely used VoIP telephony software, a discovery that comes as the United States struggles to evict Chinese nation-state hackers from telecom networks. The software is the MiCollab software suite from Canada-based Mitel.

VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down.

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [...]

The Commission's breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.

California-based XCast Labs says it will settle FTC charges of facilitating illegal robocalls

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR)

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. [...]

The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]

The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...]

Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...]

XCast knew it was breaking the law and didn't hold back, watchdog says A VoIP provider was at the heart of billions of robocalls made over the past five years that broke a slew of US regulations, from enabling telemarketing scams to calling numbers on the National Do Not Call Registry, it is claimed.…

DoJ and FTC take action against XCast Labs

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.