Unauthenticated Root RCE Enables Call Interception and Network Compromise

Weekly insights on threats, vulnerabilities, and security best practices.

CVE-2026-2329 allows attackers to achieve remote code execution on Grandstream VoIP phones without authentication, leading to complete device compromise and call surveillance capabilities.

CVE-2026-2329 stack-based buffer overflow in Grandstream GXP1600 VoIP phones allows unauthenticated remote code execution with CVSS 9.3 scoring, enabling network pivoting.

ClawJacked vulnerability enables malicious websites to hijack local OpenClaw AI agents via WebSocket connection abuse, allowing remote command execution on victim systems.