The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...
SecurityWeek

Critical Grandstream Phone Vulnerability Exposes Calls to Interception

A critical vulnerability affecting Grandstream’s GXP1600 series phones could allow threat actors to intercept calls.
Computer Weekly

Flaws in Google, Microsoft products added to Cisa catalogue

Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell ...

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...

Flaw in Grandstream VoIP phones allows stealthy eavesdropping

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

Android gets patches for Qualcomm zero-day exploited in attacks

Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.
The Hacker News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA adds four actively exploited vulnerabilities to its KEV catalog, including Chrome RCE, Zimbra SSRF, Windows ActiveX, and ...
heise online

OpenSSL: 12 security gaps, one allows malicious code execution and is critical

12 security vulnerabilities have been discovered in OpenSSL – using AI tools. One of them is considered critical. Updated software is available. The remaining ten vulnerabilities were classified as ...