A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is a notification to FECB agencies of those vulnerabilities that are both ...

Chinese hackers compromised Notepad++ updates for six months, deploying a backdoor to selectively target users in government and critical infrastructure sectors..

Many times when performing penetration tests, there is no lack of tools for conducting penetration testing, but rather the issue relates to performing penetration testing in a fractured way.

Truebit lost $26 million after a smart-contract overflow bug let an attacker mint tokens at near-zero cost, sending the TRU price down 99%. A $26 million exploit of the offline computation protocol ...

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...

A torrent of proof-of-concept (PoC) exploits for React2Shell has hit the internet following the vulnerability's disclosure last week, and while security researchers say most are fake, ineffective and ...

Commercial AI models were able to autonomously generate real-world smart contract exploits worth millions; the costs of such attacks are falling rapidly. Recent research by major artificial ...

Zero-day attacks have become a significant concern in the realm of cybersecurity, posing a formidable challenge to individuals and organizations alike. These attacks exploit vulnerabilities that are ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Admit it: the first thing you think of when ransomware is ...