Sign-up

VARIoT news about IoT security

CVE-2025-13455 Lenovo ThinkPlus FU100, ThinkPlus FU200, Th... CVETodo

Trust: 5.25

Fetched: Jan. 16, 2026, 9:26 a.m., Published: Jan. 14, 2026, 11:15 p.m.
 Vulnerabilities: improper validation, authentication bypass
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2025-134551, CVE-2025-13455

HPE Aruba Vulnerabilities Enables Unauthorized Access to Sensitive

Trust: 4.5

Fetched: Jan. 16, 2026, 9:25 a.m., Published: Jan. 16, 2026, 11:01 a.m.
 Vulnerabilities: information disclosure, service disruption, code execution
Affected productsExternal IDs
vendor: aruba model: instant
vendor: aruba model: aruba instant
vendor: hewlett packard model: integrity
vendor: wireshark model: wireshark
vendor: hewlett packard enterprise model: integrity
db: NVD ids: CVE-2023-52340, CVE-2025-37166, CVE-2022-48839, CVE-2025-37165

Critical Dolby Codec Vulnerability Exposes Android Devices to Code Execution Attacks

Trust: 5.75

Fetched: Jan. 16, 2026, 9:25 a.m., Published: Jan. 6, 2026, 3:29 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-54957

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets

Trust: 3.75

Fetched: Jan. 16, 2026, 9:23 a.m., Published: Jan. 13, 2026, 6:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66176, CVE-2025-66177

SSA-827968

Trust: 3.75

Fetched: Jan. 16, 2026, 9:23 a.m., Published: Jan. 1, 2026, midnight
 Vulnerabilities: path traversal, improper validation, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2025-40891, CVE-2025-40898, CVE-2025-40893, CVE-2025-40892

CVE-2025-66177 - Hikvision NVR/DVR/CVR/IPC Stack Overflow Denial of Service

Trust: 6.0

Fetched: Jan. 16, 2026, 9:21 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66177

Microsoft rolled out new firmware updates (January 15, 2026) for Surface Pro 7 Plus

Trust: 4.75

Fetched: Jan. 16, 2026, 9:21 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-36392, CVE-2022-38102

Apple iPhone Attacks Confirmed - Experts Warn 'Update Now or Stay Exposed' | IBTimes UK

Trust: 3.5

Fetched: Jan. 16, 2026, 9:20 a.m., Published: Jan. 15, 2026, 9:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: webkit
db: NVD ids: CVE-2025-14174, CVE-2025-43529

Surface Pro 8 recieves new (January 15, 2026) firmware updates

Trust: 4.75

Fetched: Jan. 16, 2026, 9:20 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: authentication bypass, information disclosure, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074

Android users, government has a ‘critical’ warning for you: New flaw may allow attackers to take control of your device - The Times of India

Trust: 5.0

Fetched: Jan. 16, 2026, 9:19 a.m., Published: May 16, 2026, midnight
 Vulnerabilities: buffer overflow, code execution, memory corruption
Affected productsExternal IDs
vendor: google model: android

HPESBNW04988 rev.1 - HPE Networking Instant On, Multiple Vulnerabilities

Trust: 4.5

Fetched: Jan. 16, 2026, 9:18 a.m., Published: -
 Vulnerabilities: memory corruption, information disclosure, denial of service
Affected productsExternal IDs
vendor: aruba model: instant access point
vendor: aruba model: instant
vendor: aruba model: aruba instant
vendor: hewlett packard model: integrity
vendor: hewlett packard model: switch series
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard enterprise model: switch series
vendor: blueman model: blueman
db: NVD ids: CVE-2023-52340, CVE-2025-37166, CVE-2022-48839, CVE-2025-37165

Your Bluetooth headphones may be at risk of being hacked - here's how to stay protected | ZDNET

Trust: 3.75

Fetched: Jan. 16, 2026, 9:16 a.m., Published: May 16, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones

Trust: 3.0

Fetched: Jan. 16, 2026, 9:13 a.m., Published: Dec. 29, 2025, 10:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20700, CVE-2025-20701, CVE-2025-20702

'Hundreds of millions' of Bluetooth earbuds, headphones, and speakers vulnerable to tracking and eavesdropping - what to do right now | Tom's Guide

Trust: 3.5

Fetched: Jan. 16, 2026, 9:13 a.m., Published: Jan. 15, 2026, 6:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36911

Your Bluetooth headphones may be at risk of being hacked - here's how to stay protected | ZDNET

Trust: 3.75

Fetched: Jan. 16, 2026, 9:12 a.m., Published: May 16, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

Get started with Family Link - Google For Families Help

Trust: 3.0

Fetched: Jan. 16, 2026, 9:11 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

WhatsApp Vulnerabilities Leaks User’s Metadata Including Device’s Operating System

Trust: 3.0

Fetched: Jan. 14, 2026, 9:31 a.m., Published: Jan. 5, 2026, 5:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

10 Best Automated Penetration Testing Tools in 2026

Trust: 3.5

Fetched: Jan. 14, 2026, 9:31 a.m., Published: Jan. 12, 2026, 10:58 a.m.
 Vulnerabilities: cross-site scripting, session hijacking, sql injection
Affected productsExternal IDs
vendor: wireshark model: wireshark

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild - Cyber Security Review

Trust: 4.0

Fetched: Jan. 14, 2026, 9:30 a.m., Published: Dec. 18, 2025, 7:14 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: broadcom model: messaging
db: NVD ids: CVE-2025-59718, CVE-2025-59719

CVE-2025-71071 - iommu/mediatek: fix use-after-free on probe deferral - SecAlerts

Trust: 3.0

Fetched: Jan. 14, 2026, 9:30 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-71071