Bookmark Secunia.
They publish technical security vulnerability alerts every day.
The following is an excerpt from an alert earlier today...
Secunia Advisory: SA27234
Release Date: 2007-10-18
Description:
Some vulnerabilities have been reported in various Nortel products, which can be exploited by malicious people to cause a DoS (Denial of Service) and to eavesdrop with affected devices.
...it is possible to send spoofed "Open Audio Stream" messages to an IP phone. This can be exploited to open an audio channel and eavesdrop with the IP phone. (more)