The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

A critical zero-click vulnerability (ZDI-CAN-30207) in Telegram Messenger has been disclosed by Trend Micro's Zero Day Initiative with a 9.8 CVSS score, but full details are withheld until July 26. The flaw allegedly uses corrupted animated stickers as an attack vector on Android and Linux versions, enabling remote code execution, data theft, and surveillance without any user interaction. Telegram denies the vulnerability exists, claiming its servers validate all stickers before delivery. Italy's National Cybersecurity Agency issued an alert, and security researchers recommend users apply updates promptly, restrict message reception to trusted contacts, or temporarily switch to the browser-based Telegram client for better sandboxing.

Storm Brews Over Critical, No-Click Telegram Flaw