#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

VoIP | Breaking Cybersecurity News | The Hacker News

Category — VoIP
FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

Aug 29, 2025 Zero-Day / Vulnerability
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It's built on top of Asterisk , an open-source communication server. The vulnerability, assigned the CVE identifier CVE-2025-57819 , carries a CVSS score of 10.0, indicating maximum severity. "Insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator, leading to arbitrary database manipulation and remote code execution," the project maintainers said in an advisory. The issue impacts the following versions - FreePBX 15 prior to 15.0.66 FreePBX 16 prior to 16.0.89, and FreePBX 17 prior to 17.0.3 Sangoma said an unauthorized user began accessing mult...
CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

Jul 14, 2025 Cybercrime / Law Enforcement
India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone. The law enforcement effort, which was carried out on July 7, 2025, as part of Operation Chakra V , involved searches at three locations in Noida, one of which was a fully functional fraudulent call center operating from the Noida Special Economic Zone. Evidence gathered by the CBI revealed that the call center, named FirstIdea, made use of advanced calling infrastructure and malicious scripts to facilitate cross-border anonymity and victim targeting at scale. A total of two arrests have been made, including a key operative partner of FirstIdea. "The operation was meticulously timed with ...
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Jul 02, 2025 Vulnerability / Cybercrime
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing," Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News. An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments. The activity is part of wider phishing attacks that attempt to leverage the trust people have with popular brands to initiate malicious actions. These messages typically incorporate PDF attachments...
cyber security

Discover How to Make CTEM a Reality in 2025: Download Your Guide Now!

websiteXM CyberContinuous Threat Exposure Management
Ensure CTEM success! Download our ebook for practical tips on using XM Cyber to implement your exposure management strategy.
cyber security

Weaponized GenAI + Extortion-First Strategies Fueling a New Age of Ransomware

websiteZscalerRansomware / Enterprise Security
Trends and insights based on expert analysis of public leak sites, ransomware samples and attack data.
Expert Insights Articles Videos
Cybersecurity Resources
//]]>