The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
https://threatpost.com/zoom-patches-zero-click-rce-bug/179727/
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
-
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/