News

Critical CVE-2026-2329 Flaw in Grandstream GXP1600 VoIP Phones Allows RCE

Luciano Ferrari

19 Feb 2026 — 2 min read

Thursday, February 19, 2026

Top 5 Cybersecurity Stories You Should Know

Critical CVE-2026-2329 Flaw in Grandstream GXP1600 VoIP Phones Allows RCE — tl;dr: A critical security vulnerability, tracked as CVE-2026-2329, has been discovered in the Grandstream GXP1600 series of VoIP phones, allowing unauthenticated remote code execution with root privileges. This flaw, rated 9.3 on the CVSS scale, stems from a stack-based buffer overflow in the device's web-based API service, which is accessible without authentication in default configurations. Organizations using these devices are urged to apply security patches immediately to mitigate potential exploitation risks, as attackers could gain full control over the affected systems.
↪ https://thehackernews.com/
Google Patches Chrome 0-Day CVE-2026-2441 Exploited in the Wild — tl;dr: Google has released an urgent patch for a high-severity zero-day vulnerability in Chrome, tracked as CVE-2026-2441, which is actively being exploited by attackers. This use-after-free bug in the browser's CSS handling could allow remote code execution on Windows, macOS, and Linux systems. Users are strongly advised to update their browsers immediately to the latest versions (145.0.7632.75/.76 for Windows and macOS, 144.0.7559.75 for Linux) to mitigate risks. Organizations should prioritize patching and monitor for indicators of compromise, as threat actors may exploit this vulnerability through phishing or compromised websites.
↪ https://cybersecuritynews.com/chrome-0-day-vulnerability-exploited-wild-2/
Ivanti EPMM RCE Zero-Days CVE-2026-1281 & CVE-2026-1340 Exploited — tl;dr: Ivanti Endpoint Manager Mobile (EPMM) is facing critical remote code execution vulnerabilities, CVE-2026-1281 and CVE-2026-1340, with a CVSS score of 9.8. These vulnerabilities allow unauthenticated attackers to execute arbitrary code via specially crafted HTTP requests, leading to potential full system compromise and unauthorized access to sensitive enterprise data. Organizations using affected EPMM versions should immediately apply the latest RPM updates and conduct thorough security assessments. Ivanti has provided detection guidance to monitor for suspicious activity, emphasizing the need for urgent remediation.
↪ https://horizon3.ai/attack-research/vulnerabilities/cve-2026-1281-cve-2026-1340/
Instagram Data Leak Exposes 17.5 Million Accounts, No Core Breach Detected — tl;dr: A significant data leak involving approximately 17.5 million Instagram accounts has been reported, with exposed information including usernames, emails, and phone numbers. While Instagram confirmed that its core systems were not breached, the leaked data is being exploited for phishing and social engineering attacks. Users are advised to enable two-factor authentication (2FA), use unique passwords, and be cautious of unsolicited password reset emails. This incident highlights the importance of cybersecurity awareness and proactive measures to protect personal information online.
↪ https://www.linkedin.com/posts/joe-abi-khalil-a2a696b3_cybersecurity-infosec-databreach-activity-7415875870025920512-S4xQ
CVE-2023-38146: Exploiting ThemeBleed Vulnerability in Windows and Office — tl;dr: CVE-2023-38146 is a critical zero-day vulnerability affecting Windows 11 and Microsoft Office that allows remote code execution via malicious '.theme' files. Attackers can exploit this flaw to gain unauthorized access, leading to data theft, system disruption, and potential ransomware deployment. Affected versions include Windows 11 Version 22H2 and 21H2. To mitigate risks, users should update their security intelligence and apply the latest Windows patches. Additionally, ThreatLocker offers solutions like Allowlisting and Ringfencing™ to enhance endpoint security against such exploits.
↪ https://www.threatlocker.com/blog/cybersecurity-in-the-news-themebleed-poc-video