Critical Grandstream Phone Vulnerability Exposes Calls to Interception The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges.

A critical Grandstream phone flaw (CVE-2026-2329) can reportedly be exploited without auth for remote code execution with root privileges. If you run these devices, prioritize patching now, isolate voice management interfaces, and audit internet exposure today. #CyberSecurity #VulnMgmt

CISA orders feds to patch actively exploited Dell flaw within 3 days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024.

BleepingComputer reports cISA orders feds to patch actively exploited Dell flaw within 3 days. Follow on vendor advisories and patch guidance in the next day. www.bleepingcomputer.com/news/security/cisa-order... #Cybersecurity #VulnMgmt

Flaw in Grandstream VoIP phones allows stealthy eavesdropping A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

New reporting from BleepingComputer says flaw in Grandstream VoIP phones allows stealthy eavesdropping. Check for a critical vulnerability in Grandstream GXP1600. www.bleepingcomputer.com/news/security/flaw-in-gr... #Cybersecurity #VulnMgmt

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.

BleepingComputer flagged critical infra Honeywell CCTVs vulnerable to auth bypass flaw. Follow on vendor advisories and patch guidance in the next day. www.bleepingcomputer.com/news/security/critical-i... #Cybersecurity #VulnMgmt

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

Dark Reading flagged critical Grandstream VoIP Bug Highlights SMB Security Blind Spot. Monitor cVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so. www.darkreading.com/threat-intelligence/gran... #Cybersecurity #VulnMgmt

London bound next week (Dec 7–15)! 🇬🇧

I’ll be at #BlackHatEU giving my talk on the "Post-NVD Era" (Thurs Dec 11 @ 2:30 PM) and then hitting up #BSidesLDN for the weekend.

#Infosec #VulnMgmt #CVE

Time-to-Patch Metrics via Survival Analysis

~Elastic~
Elastic Security Labs details using survival analysis for more accurate vulnerability time-to-patch metrics over traditional MTTR.
-
IOCs: (None identified)
-
#Metrics #ThreatIntel #VulnMgmt

EUVD European Vulnerability Database

ENISA just dropped the EU Vulnerability Database (EUVD), a central hub for vuln data, mandated by NIS2. Open access, actionable info, and support for open-source tools like Vulnerability-Lookup. Big move for EU cyber resilience.

Check it here: euvd.enisa.europa.eu

#CyberThreatIntel #EUVD #VulnMgmt

‼️ On Monday, March 17th 2025, EPSS v4 will be released and replace the current version (v3).

❓ What does this mean?

The model is being updated and expanded to include more data sources and is more accurate than v3. The Coverage/Efficiency Curve […]

[Original post on infosec.exchange]