Security news aggregator

Latest coverage for VoIP

VoIP is voice communication over IP networks, where exposed services and flawed configurations can enable interception, fraud, or service disruption.

45 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Voice over Internet Protocol (VoIP) carries voice and related communications as IP network traffic, typically separating call signaling—often SIP—from audio or video media—often RTP. It includes internet calling services and enterprise phone systems such as IP-PBXs, session border controllers, handsets, and management portals.

Its security depends on both the VoIP applications and the networks they use. Internet-exposed SIP services and weakly protected accounts can enable unauthorized calling (toll fraud), call-routing changes, or denial-of-service; unencrypted or misconfigured media can expose conversations. Practitioners should restrict and authenticate signaling and administration, patch PBX and session-border software, use TLS and SRTP where supported, segment voice systems, and monitor registrations, call records, and unusual destinations. Vulnerability management must cover phones, servers, web interfaces, and integrations, while logs and call-routing data require appropriate privacy controls.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 45

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 should get serious attention from anyone running HP Poly VoIP phones in an enterprise setting. It’s a critical unauthenticated stack-based buffer overflow that can give a remote […]

Bank Info Security 1 year, 1 month ago

Report: Next-Gen 911 Systems are Outpacing Cyber Defenses

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber ProtectionsA report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FCC staffers via the VoIP telco.…

The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. [...]

Bank Info Security 1 year, 7 months ago

Mitel MiCollab VoIP Software: Zero-Day Vulnerability Alert

No Patch Yet Available for Second Zero Day to Be Recently Found in VoIP SoftwareSecurity researchers warn of a newly discovered zero-day vulnerability in widely used VoIP telephony software, a discovery that comes as the United States struggles to evict Chinese nation-state hackers from telecom networks. The software is the MiCollab software suite from Canada-based Mitel.

Krebs on Security 3 years, 2 months ago

3CX Breach Was a Double Supply Chain Compromise

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Loading more headlines...