Telecommunications

June 1, 2026

Rapid7 Senior Principal Security Researcher Stephen Fewer discovered CVE-2026-0826, a critical unauthenticated stack-based buffer overflow vulnerability affecting multiple HP Poly VoIP devices. If you’ve been around vulnerability research long enough, the bug class here is going to feel very familiar. And interestingly enough, that’s exactly why it deserves attention. These older exploitation primitives never really went ...

May 7, 2026

Police have arrested and brought 44 charges against three men for allegedly operating an SMS blaster in downtown Toronto. The scheme, which began in November 2025, is the “first known instance” of an SMS blaster operating in Canada, according to the police report. In a statement, the Toronto Police Service said it believes tens of thousands of ...

May 1, 2026

Authorities in Canada have disclosed details of a mobile cyber operation that relied on SMS blasters mounted inside vehicles moving through urban areas. Three suspects drove around downtown Toronto with these hidden devices running in their cars, impersonating cell towers. The Toronto Police Service confirmed that this marked the first operation of its kind ever recorded ...

April 24, 2026

Security researchers have just unveiled details of two covert surveillance campaigns that exploit weaknesses in the global telecom infrastructure. In a report published on Thursday, Citizen Lab explains that attackers abuse the signalling systems mobile operators use to support roaming, route messages, and locate devices on the network. The weaknesses were used to track certain subscribers ...

April 13, 2026

With just days until a powerful surveillance law lapses, US national security officials are scrambling to prepare for potential blind spots in intelligence collection amid the US’ delicate ceasefire with Iran, current and former officials told CNN. Some communications carriers that manage data for the surveillance program have privately warned the Trump administration they will cease ...

March 25, 2026

What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy ...

March 12, 2026

Canadian telecommunications and business services firm Telus is investigating a cybersecurity incident involving unauthorized access to some ‌of its systems, a company spokesperson said on Thursday. The ShinyHunters hacking group told Reuters in a message it stole at least 700 terabytes ​of data from Telus. All business ​operations within the company “remain fully operational, and there ...

March 9, 2026

Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials. The hacking group, attributed to China, is part of a wider cluster of hackers with the collective aim of helping China ...

March 2, 2026

The Federal Security Service (FSB), the Interior Ministry, and the Investigative Committee of Russia have uncovered and disrupted 100 illegal communication channels used by Ukrainian intelligence services to involve Russians in sabotage and terrorism since September 1, 2025, with over 200 people involved in running SIM boxes detained across 43 Russian regions. “As a result <…> ...

February 25, 2026

Adelaide University researchers have initiated the development of a world-first cybersecurity system designed to protect drones from increasingly sophisticated cyber threats. A new study led by the Industrial AI Research Centre and published in the international journal Computers and Industrial Engineering, paves the way for safer and more resilient unmanned aerial systems (UAS) that are less ...

February 13, 2026

Dutch telecommunications company Odido has confirmed suffering a cyberattack and losing sensitive data on millions of people. In a notice published on its website, the company says it “deeply regrets” the situation and is “fully committed” to limiting its impact. “Based on investigation, the incident concerns personal data from a customer contact system used by Odido,” ...

February 10, 2026

Singapore’s government has blamed a known Chinese cyber-espionage group for targeting four of its top telecommunication companies as part of a months-long attack. In a statement Monday, Singapore confirmed for the first time that the hackers, known as UNC3886, targeted the country’s telecoms infrastructure, including its largest companies: Singtel, StarHub, M1, and Simba Telecom. While the ...

February 9, 2026

Brussels is digging into a cyber break-in that targeted the European Commission’s mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff. Identified by CERT-EU, the bloc’s computer emergency response team responsible for defending EU institutions, the intrusion was detected on January 30 and affected infrastructure associated with centrally ...

February 3, 2026

Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it. Apple just changed this in iOS ...

February 2, 2026

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors. Rapid7 investigation ...

January 8, 2026

Internet connectivity collapsed across Iran on Thursday amid nationwide protests, according to web monitoring firms. “I think we’re at a near-total disconnection from the outside world now,” Amir Rashidi, an Iranian cybersecurity researcher who works for the nonprofit Miaan Group, told TechCrunch. Doug Madory, the director of internet analysis at Kentik, a company that monitors internet ...

January 7, 2026

US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information (PII), as well as account and billing details. Brightspeed is one of the largest fiber broadband providers in the US and serves customers across ...

December 19, 2025

Korea will make it mandatory for people to undergo facial recognition when opening a new mobile phone number, as part of efforts to root out illegally registered handsets used for scams, the science ministry said Friday. Under the plan, Korea will require the country’s three mobile carriers, SK Telecom Co., KT Corp. and LG Uplus Inc., ...

December 19, 2025

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...

December 4, 2025

Canadian telecommunications provider Freedom Mobile suffered a supply-chain attack recently, in which it lost sensitive data on a yet undisclosed number of customers. In a data breach notification letter posted on its website earlier this week, Freedom said hackers broke into an account of a subcontractor, through which they accessed personal information “of a limited number” ...