Sign-up

VARIoT news about IoT security

Telegram Vulnerability Exposed: Authentication Flaw Exploited | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 5.0

Fetched: Jan. 23, 2026, 9:41 a.m., Published: -
 Vulnerabilities: authentication flaw
Affected productsExternal IDs
vendor: wireshark model: wireshark

Real Time Threat Detection: Hexnode UEM + XDR

Trust: 3.5

Fetched: Jan. 23, 2026, 9:41 a.m., Published: Jan. 13, 2026, 8:28 a.m.
 Vulnerabilities: brute force attack, buffer overflow
Affected productsExternal IDs
vendor: tableau model: server

Can an Indirect Vulnerability Still Be High Risk? | C2A Security - The Only Risk-Driven DevSecOps Platform

Trust: 5.75

Fetched: Jan. 23, 2026, 9:40 a.m., Published: Jan. 22, 2026, 3:33 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: cisco model: unity connection
vendor: cisco model: webex
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: cisco webex
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: cisco unity
vendor: cisco model: unity
vendor: cisco model: cisco unity connection
vendor: cisco model: cisco unified communications manager
db: NVD ids: CVE-2026-20045

Zoom Security Alert: Critical Vulnerability in Node MMR Devices

Trust: 5.0

Fetched: Jan. 23, 2026, 9:40 a.m., Published: Jan. 22, 2026, 2:33 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-22844

WPair - Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair

Trust: 4.75

Fetched: Jan. 23, 2026, 9:39 a.m., Published: Jan. 21, 2026, 10:27 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

Trivial Telnet authentication bypass exposes devices to complete takeover | CSO Online

Trust: 3.75

Fetched: Jan. 23, 2026, 9:38 a.m., Published: Jan. 22, 2026, midnight
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs

How to protect yourself from Bluetooth-headset tracking and the WhisperPair attack | Kaspersky official blog

Trust: 3.5

Fetched: Jan. 23, 2026, 9:37 a.m., Published: Jan. 23, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: oneplus model: oneplus
vendor: oneplus model: one
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2025-36911

Fortinet SSO Flaw Actively Exploited to Compromise Firewalls and Gain Admin Access

Trust: 4.0

Fetched: Jan. 23, 2026, 9:37 a.m., Published: Jan. 22, 2026, 7:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718

A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution

Trust: 5.0

Fetched: Jan. 23, 2026, 9:36 a.m., Published: Jan. 21, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unified communications

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Trust: 4.25

Fetched: Jan. 23, 2026, 9:36 a.m., Published: Jan. 22, 2026, 5:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59718, CVE-2025-59719

2026 Device Vulnerabilities Surge: AI Exploits Threaten IoT and Infrastructure

Trust: 4.5

Fetched: Jan. 23, 2026, 9:35 a.m., Published: Jan. 22, 2026, 6:31 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2026-22920, CVE-2026-22910

WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol

Trust: 5.0

Fetched: Jan. 23, 2026, 9:30 a.m., Published: Jan. 20, 2026, 9:49 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent - Millions Affected

Trust: 3.75

Fetched: Jan. 23, 2026, 9:29 a.m., Published: Jan. 20, 2026, 7:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911

Cisco Unified Communications Products Remote Code Execution Vulnerability

Trust: 3.5

Fetched: Jan. 23, 2026, 9:29 a.m., Published: Jan. 21, 2026, 3:54 p.m.
 Vulnerabilities: code execution, improper validation
Affected productsExternal IDs
vendor: cisco model: unity connection
vendor: cisco model: webex
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: cisco webex
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: cisco unity
vendor: cisco model: unity
vendor: cisco model: cisco unity connection
vendor: cisco model: cisco unified communications manager

CISA issues multiple ICS advisories, details DoS vulnerability risk in Rockwell devices used in critical manufacturing - Industrial Cyber

Trust: 5.5

Fetched: Jan. 21, 2026, 10:15 a.m., Published: Jan. 14, 2026, 1:26 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation factorytalk
vendor: rockwell model: factorytalk
vendor: rockwell model: automation factorytalk
db: NVD ids: CVE-2025-59448, CVE-2025-59449, CVE-2025-59451, CVE-2025-9368, CVE-2025-59452, CVE-2025-12807

TP-Link Router Vulnerabilities Actively Exploited by Hackers, CISA Urges Immediate Disconnection - Security Spotlight

Trust: 5.5

Fetched: Jan. 21, 2026, 10:11 a.m., Published: June 18, 2025, 3:56 p.m.
 Vulnerabilities: command injection, improper validation
Affected productsExternal IDs
vendor: tp-link model: wr841n
vendor: tp-link model: routers
vendor: tp-link model: wr940n
vendor: tp-link model: tl-wr940n
vendor: tp-link model: tl-wr740n
vendor: tp-link model: tl-wr841n
vendor: tp-link model: wr740n

Pixel Update Bulletin-January 2026 | Android Open Source Project

Trust: 4.25

Fetched: Jan. 21, 2026, 10:09 a.m., Published: Jan. 21, 2026, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-36911, CVE-2025-48647

Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks - Application Security

Trust: 4.75

Fetched: Jan. 21, 2026, 10:08 a.m., Published: Aug. 28, 2025, 9:47 a.m.
 Vulnerabilities: code execution, buffer overflow, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-53783

CISA 2025 ICS Vulnerabilities: Critical Flaws in Advantech, ABB, Hitachi Energy, Ubia

Trust: 3.0

Fetched: Jan. 21, 2026, 10:08 a.m., Published: Jan. 21, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Net-SNMP Vulnerability Allows Buffer Overflow, Leading to Daemon Crash

Trust: 5.75

Fetched: Jan. 21, 2026, 10:08 a.m., Published: Dec. 24, 2025, 7:54 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: net-snmp model: net-snmp
db: NVD ids: CVE-2025-68615