CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

EUVD-2024-18160

Malicious code in bioql PyPI...

CVE-2024-20445

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive...

CVE-2024-20445

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive...

CVE-2024-20445 Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive...

PT-2024-7957

Name of the Vulnerable Software and Affected Versions Cisco Desk Phone 9800 Series versions prior to the fixed version Cisco IP Phone 7800 Series versions prior to the fixed version Cisco IP Phone 8800 Series versions prior to the fixed version Cisco Video Phone 8875 versions prior to 14.21SR3...

Customer’s Use of Flawed 3rd-Party Tool Exposes 12K Twilio Call Records, Recordings

A hacker has leaked 12,000 alleged Twilio call records, including phone numbers and audio recordings. The breach exposes…...

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators MVNOs using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on ...

The Sweeping Danger of the AT&T Phone Records Breach

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security...

AT&T Data Breach: Hackers Steal Call and Text Records for “Nearly All” Customers

AT&T confirms a data breach exposing call and text records for "Nearly All" customers from May 2022 to…...

Secret White House Warrantless Surveillance Program

There seems to be no end to warrantless surveillance: According to the letter, a surveillance program now known as Data Analytical Services DAS has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone record...

T-Mobile confirms another data breach exposing user call records, phone numbers

By Deeba Ahmed T-Mobile revealed attackers accessed its Customer proprietary network information CPNI, putting the private data of hundreds of thousands of customers at risk. This is a post from HackRead.com Read the original post: T-Mobile confirms another data breach exposing user call records,...

CDRThief malware targets Linux VoIP softwitches to steal call records

By Deeba Ahmed ESET researchers have identified a new malware called CDRThief strain targeting a specific VoIP platform that two Chinese softswitches use. This is a post from HackRead.com Read the original post: CDRThief malware targets Linux VoIP softwitches to steal call records...

Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and...

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

In one case, they stole the location and call record data of 20 specific individuals...

BEWARD Intercom 2.3.1 Credential Disclosure

!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...

BEWARD Intercom 2.3.1 - Credentials Disclosure

!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...

NSA Metadata Program Likely Not Cost-Effective, Researchers Say

While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost...

CVE-2011-4698

The AndroidAppTools Easy Filter com.phoneblocker.android application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application...