Sign-up

VARIoT news about IoT security

CVE-2025-66177 Hikvision DS-96xxxNI-Hx, DS-96xxxNI-Ix, DS-... CVETodo

Trust: 6.5

Fetched: Jan. 18, 2026, 9:46 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: code execution, denial of service, service disruption...
Affected productsExternal IDs
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-661771, CVE-2025-66177

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Critical 'WhisperPair' Flaw in Google's Fast Pair Protocol Exposes Millions of Headphones to Hacking and Eavesdropping - BigGo News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome os
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911

Bluetooth Audio Vulnerability Allows Tracking And Eavesdropping | The Review Hive

Trust: 3.5

Fetched: Jan. 18, 2026, 9:44 a.m., Published: Jan. 16, 2026, 9:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: essential model: phone
db: NVD ids: CVE-2025-36911

Microsoft rolled out January 2026 firmware updates for Surface Laptop 4 with AMD

Trust: 3.75

Fetched: Jan. 18, 2026, 9:43 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315, CVE-2024-36352, CVE-2024-44074

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:35 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Apple 2025 Vulnerability Patches: iOS, macOS, and Device Security Risks

Trust: 4.0

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43304, CVE-2025-43298

CISA Flags Samsung Mobile Out-of-Bounds Write Vulnerability (CVE-2025-21042)

Trust: 3.75

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2025-21042

Akira Ransomware 2025: Critical Infrastructure Compromised via Edge Exploits

Trust: 4.25

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

WatchGuard Firebox Zero-Day Breach (2024): Edge Device Vulnerability Exploited

Trust: 3.0

Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox

WatchGuard 2025 VPN Vulnerability Enables Critical Remote Code Execution

Trust: 5.75

Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: watchguard fireware
vendor: watchguard model: fireware
db: NVD ids: CVE-2025-9242

Siemens 2026 OT Edge Device Vulnerability: Critical Authorization Bypass

Trust: 3.0

Fetched: Jan. 18, 2026, 9:30 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: comfort panel
vendor: siemens model: simatic ipc847e
vendor: siemens model: simatic
vendor: siemens model: simatic ipc227e
vendor: siemens model: simatic ipc127e
vendor: siemens model: simatic ipc427e
vendor: siemens model: scalance
vendor: siemens model: simatic hmi

A new earbud security flaw may expose you to remote eavesdropping - here's how to fix it | ZDNET

Trust: 3.75

Fetched: Jan. 18, 2026, 9:22 a.m., Published: May 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

Trust: 5.25

Fetched: Jan. 16, 2026, 10:10 a.m., Published: Dec. 23, 2025, 8:43 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-52163

macOS Flaw Enables Silent Bypass of Apple Privacy Controls | eSecurity Planet

Trust: 5.75

Fetched: Jan. 16, 2026, 10:10 a.m., Published: Jan. 6, 2026, 3:31 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43530

8 Attack Surface Management Vendors in 2026 | SentinelOne

Trust: 3.75

Fetched: Jan. 16, 2026, 10:08 a.m., Published: Jan. 8, 2026, 1:46 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Jan. 16, 2026, 10:08 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352

Trust: 4.75

Fetched: Jan. 16, 2026, 9:52 a.m., Published: Jan. 7, 2026, 2:09 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-38352

WhatsApp vulnerabilities expose user metadata, including device OS details - InfoSecBulletin

Trust: 4.75

Fetched: Jan. 16, 2026, 9:51 a.m., Published: Jan. 6, 2026, 9:32 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2025-8110, CVE-2026-0227

React2Shell exploitation continues to escalate, posing 'significant risk' | TechRadar

Trust: 3.75

Fetched: Jan. 16, 2026, 9:51 a.m., Published: Dec. 19, 2025, 8:50 p.m.
 Vulnerabilities: authentication bug
Affected productsExternal IDs
db: NVD ids: CVE-2025-55182