Voip

HP released a security advisory addressing a critical vulnerability in Poly VVX, Trio 8300, Trio 8500, and Trio 8800 devices, potentially allowing remote control.

A critical vulnerability, CVE-2026-46376, exists in FreePBX due to the use of hard-coded credentials in the User Control Panel (UCP) generic template setup process, allowing an unauthenticated, remote attacker to gain unauthorized access to user accounts and manipulate user settings if default template credentials are not immediately changed by the administrator after enabling UCP.

FreePBX Security-Reporting userman versions 16.0.45 and prior (FreePBX 16) and 17.0.7 and prior (FreePBX 17) contain a critical vulnerability due to unauthenticated use of hard-coded credentials in the UCP interface, potentially allowing unauthorized access.

A remote, authenticated attacker can exploit multiple vulnerabilities in Asterisk's pjproject to cause denial-of-service or memory corruption, potentially leading to code execution or security bypass.

Talos has begun tracking phone numbers in emails as indicators of compromise, revealing insights into their reuse in scam campaigns where attackers use API-driven VoIP services for cost-effective operations, rotating phone number blocks to evade security filters, and maximizing reach by recycling numbers across diverse lures.

Multiple vulnerabilities in Asterisk versions 20.18.x before 20.19.0, 21.12.x before 21.12.2, 22.8.x before 22.9.0, 23.2.x before 23.3.0, certified-asterisk 20.x before 20.7-cert10, and certified-asterisk 22.x before 22.8-cert2 allow a remote attacker to cause a denial of service.

An authenticated remote attacker can exploit vulnerabilities in Asterisk and Digium Certified Asterisk to achieve arbitrary code execution, denial of service, or information disclosure.