From thehackernews.com
The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram, has been found leaking both users’ private and public IP addresses by default during voice calls.
With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet.
Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users’ IP addresses by default during voice calls due to its peer-to-peer (P2P) framework.
Read more here