Vulnerabilities Expose Businesses to Cyber Threats

A series of critical vulnerabilities has been discovered in various systems and software, leaving businesses vulnerable to cyber threats. These vulnerabilities, if exploited, could allow attackers to gain unauthenticated access, scrape sensitive data, and deploy malware, highlighting the need for companies to reassess their security measures.

One of the vulnerabilities, CVE-2026-2329, affects Grandstream VoIP systems, allowing attackers to gain root-level access to small and medium-sized business (SMB) phone infrastructure. This could enable them to intercept calls, commit toll fraud, and impersonate users. The vulnerability is particularly concerning, as it highlights a security blind spot in SMBs, which often have limited resources to devote to cybersecurity.

Another critical flaw was discovered in Dell software, which has been exploited by a China-related attacker since mid-2024. The vendor flaw allows the attacker to move laterally, maintain persistent access, and deploy malware. This vulnerability is particularly worrying, as it has been actively exploited for an extended period, potentially allowing the attacker to gain a significant foothold in affected systems.

In addition to these vulnerabilities, a security researcher has discovered 287 Chrome extensions that exfiltrate browser history. The extensions, which have been installed millions of times, could potentially enable corporate espionage by revealing internal company URLs accessed by employees. In some cases, the extensions may also collect cookies, making it easier for attackers to gather login credentials.

Furthermore, critical and high-severity vulnerabilities have been found in four popular Visual Studio Code extensions, with a combined 128 million downloads. These vulnerabilities could expose developers to file theft, remote code execution, and local network reconnaissance. The flaws were discovered by application security company OX Security, which began notifying vendors in June 2025 but received no response from three of the four maintainers.

These vulnerabilities highlight the need for companies to prioritize cybersecurity and ensure that their systems and software are up to date. It is essential for businesses to have a strategic approach to governing scraping risks, balancing security with business growth, and safeguarding intellectual capital from automated data harvesting.

In light of these discoveries, Chief Information Security Officers (CISOs) must reassess their security measures and consider implementing a playbook for defending data assets against AI scraping. This includes identifying and mitigating potential risks, implementing robust security controls, and ensuring that employees are aware of the potential threats.

As the threat landscape continues to evolve, it is crucial for companies to stay vigilant and proactive in their approach to cybersecurity. By prioritizing security and staying informed about potential vulnerabilities, businesses can reduce the risk of cyber threats and protect their sensitive data.

Sources:
- Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
- Dell's Hard-Coded Flaw: A Nation-State Goldmine
- A CISO's Playbook for Defending Data Assets Against AI Scraping
- Millionen Chrome-Erweiterungen geben Browserverlauf preis
- Flaws in four popular VS Code extensions left 128 million installs open to attack