Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Find, secure, or erase a lost Android device - Google Account Help

Trust: 3.0

Fetched: Jan. 20, 2026, 9:06 a.m., Published: Jan. 2, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

2025: The Year of Network Device Exploitation Adds Three More - Malware News - Malware Analysis, News and Indicators

Trust: 4.25

Fetched: Jan. 18, 2026, 10:07 a.m., Published: Dec. 23, 2025, 5:30 p.m.
 Vulnerabilities: code execution, command injection, authentication bypass...
Affected productsExternal IDs
vendor: sonicwall model: sma1000
vendor: cisco model: routers
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2025-23006, CVE-2025-40602, CVE-2025-59719, CVE-2025-37164, CVE-2025-59718

IT Vulnerabilities Surge As ICS Flaws Push Weekly Record

Related entries in the VARIoT vulnerabilities database: VAR-202510-3116

Trust: 5.5

Fetched: Jan. 18, 2026, 10:06 a.m., Published: Dec. 23, 2025, 12:45 p.m.
 Vulnerabilities: code execution, authentication bypass, improper access control...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2025-64537, CVE-2025-62221, CVE-2024-3596, CVE-2025-13970, CVE-2025-66430, CVE-2025-59719, CVE-2025-55182, CVE-2025-14174, CVE-2025-59385, CVE-2025-59287, CVE-2025-43529, CVE-2025-59718, CVE-2025-55315

CISA warns of active attacks on HPE OneView and legacy PowerPoint | Malwarebytes

Trust: 4.75

Fetched: Jan. 18, 2026, 10:06 a.m., Published: Jan. 8, 2026, 2:29 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2009-0556, CVE-2025-37164

MS09-063: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) | ManageEngine Desktop Central

Trust: 4.25

Fetched: Jan. 18, 2026, 10 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs

Apple patches two actively exploited zero-day vulnerabilities in WebKit | Technobezz

Trust: 4.75

Fetched: Jan. 18, 2026, 9:59 a.m., Published: Jan. 2, 2026, 8:02 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: software update
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: google model: chrome
db: NVD ids: CVE-2025-43529, CVE-2025-14174

Apple iPhone Attacks Confirmed - Experts Warn 'Update Now or Stay Exposed' | IBTimes

Trust: 3.5

Fetched: Jan. 18, 2026, 9:56 a.m., Published: Jan. 15, 2026, 12:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: iphone
db: NVD ids: CVE-2025-43529, CVE-2025-14174

Multiple Hikvision Flaws Allow Device Disruption via Crafted Network Packets

Trust: 5.75

Fetched: Jan. 18, 2026, 9:56 a.m., Published: Jan. 13, 2026, 8:16 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco model: series
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66177, CVE-2025-66176

Update Canonical Ubuntu Desktop: USN-7965-1: SimGear vulnerability

Trust: 3.25

Fetched: Jan. 18, 2026, 9:55 a.m., Published: Jan. 18, 7965, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Asus Router Vulnerability: Thousands of Devices Hacked in Stealthy Cyberattack - Bridge Computer Services

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729, VAR-202504-1580

Trust: 5.5

Fetched: Jan. 18, 2026, 9:55 a.m., Published: Jan. 16, 2026, 9:02 a.m.
 Vulnerabilities: command injection, os command injection, command execution...
Affected productsExternal IDs
vendor: asus model: gt-ac5300
vendor: asus model: router
vendor: asus model: dsl-ac68u
vendor: asus model: routers
vendor: asus model: rt-ac1300gplus
vendor: asus model: rt-ac1200hp
vendor: asus model: gt-ax11000
vendor: asus model: asus
vendor: asus model: 4g-ac55u
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2023-39780, CVE-2025-2492, CVE-2023-41346, CVE-2024-12912, CVE-2023-41345, CVE-2023-41347, CVE-2023-41348

Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices

Trust: 5.5

Fetched: Jan. 18, 2026, 9:54 a.m., Published: Jan. 16, 2026, 9:15 a.m.
 Vulnerabilities: code execution, buffer overrun, integer overflow...
Affected productsExternal IDs
vendor: samsung model: android
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36934, CVE-2025-49415, CVE-2025-54957

Google Project Zero Reveals Sophisticated Zero-Click Exploit Chain Targeting Pixel 9

Trust: 5.5

Fetched: Jan. 18, 2026, 9:52 a.m., Published: Jan. 16, 2026, 12:22 p.m.
 Vulnerabilities: code execution, integer overflow, privilege escalation
Affected productsExternal IDs
vendor: samsung model: android
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36934, CVE-2025-54957

Google Fast Pair Flaw: Earbuds, And Headphones At Risk Of Hacking And Tracking; Here's How To Stay Protected | Technology News | Zee News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Jan. 17, 2026, 12:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

HPE Aruba Vulnerabilities Enables Unauthorized Access To Sensitive Information

Trust: 4.75

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Jan. 15, 2026, 1:41 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: blueman model: blueman
vendor: aruba model: aruba instant
vendor: aruba model: instant
db: NVD ids: CVE-2025-37165, CVE-2023-52340, CVE-2025-37166, CVE-2022-48839

CVE-2018-25140 : Unauthenticated Device Manipulation Vulnerability in FLIR Thermal Traffic Cameras

Trust: 3.25

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Dec. 24, 2025, 7:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2018-25140

Surface Laptop Studio gets new (January 15, 2026) firmware updates

Trust: 4.75

Fetched: Jan. 18, 2026, 9:48 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-23281, CVE-2025-23309, CVE-2022-36392, CVE-2025-23347, CVE-2025-23286, CVE-2022-38102, CVE-2025-23288, CVE-2025-23276, CVE-2025-23345

Microsoft rolled out new firmware updates (January 15, 2026) for Surface Go 3

Trust: 3.75

Fetched: Jan. 18, 2026, 9:47 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-36392, CVE-2024-44074

CVE-2025-66177 Hikvision DS-96xxxNI-Hx, DS-96xxxNI-Ix, DS-... CVETodo

Trust: 6.5

Fetched: Jan. 18, 2026, 9:46 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: code execution, denial of service, service disruption...
Affected productsExternal IDs
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-661771, CVE-2025-66177

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Critical 'WhisperPair' Flaw in Google's Fast Pair Protocol Exposes Millions of Headphones to Hacking and Eavesdropping - BigGo News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome os
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911