CISA Warns of Exploited Twilio Authy Vulnerability

The U.S. CISA has issued a cybersecurity alert regarding a critical vulnerability in Twilio’s Authy service (CVE-2024-39891), which is being actively exploited. This information disclosure issue affects Authy app versions on Android and iOS, allowing unauthorized access to sensitive phone numbers. Twilio urges users to update their apps immediately to prevent potential phishing attacks. Organizations are advised to take these warnings seriously and enhance their security measures to protect sensitive data.