Sign-up

VARIoT news about IoT security

A WhatsApp bug lets malicious media files spread through group chats | Malwarebytes

Trust: 3.0

Fetched: Feb. 24, 2026, 9:24 a.m., Published: Jan. 27, 2026, 11:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CERT-EU - Critical vulnerabilities in Ivanti EPMM

Trust: 4.0

Fetched: Feb. 24, 2026, 9:23 a.m., Published: -
 Vulnerabilities: code execution, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-1340, CVE-2026-1281

Ivanti Endpoint Manager Mobile (EPMM) [CVE-2026-1281 & CVE-2026-1340]: Overview & Takeaways - NetSPI

Trust: 3.75

Fetched: Feb. 24, 2026, 9:23 a.m., Published: Jan. 30, 2026, 11:22 p.m.
 Vulnerabilities: authentication bypass, code execution, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-1340, CVE-2026-1281

Fortinet Warns of Actively Exploited FortiCloud SSO Flaw (CVE-2026-24858)

Trust: 5.0

Fetched: Feb. 24, 2026, 9:23 a.m., Published: Jan. 28, 2026, 12:26 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-24858

$10K+ Bounty Offered to Hacker Who Can Disconnect Ring Video Doorbells from

Trust: 3.5

Fetched: Feb. 24, 2026, 9:22 a.m., Published: Feb. 24, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ring model: video doorbells
vendor: wireshark model: wireshark

Update Canonical Ubuntu Server: USN-8050-1: Apache Traffic Server vulnerability

Trust: 4.25

Fetched: Feb. 24, 2026, 9:21 a.m., Published: Jan. 24, 8050, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Zyxel security advisory for null pointer dereference and command injection vulnerabilities in certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders | Zyxel Networks

Trust: 3.5

Fetched: Feb. 24, 2026, 9:20 a.m., Published: Feb. 7, 2026, midnight
 Vulnerabilities: pointer dereference vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-1459, CVE-2025-11848, CVE-2025-11845, CVE-2025-13942, CVE-2025-13943, CVE-2025-11846, CVE-2025-11847

Update Canonical Ubuntu Desktop: USN-8050-1: Apache Traffic Server vulnerability

Trust: 4.25

Fetched: Feb. 24, 2026, 9:20 a.m., Published: Jan. 24, 8050, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2025-13943 Zyxel EX3301-T0 firmware High CVETodo

Trust: 4.75

Fetched: Feb. 24, 2026, 9:19 a.m., Published: Feb. 24, 2026, 3:16 a.m.
 Vulnerabilities: command execution, command injection, arbitrary command execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-13943

Critical VoIP Security Alert: Grandstream GXP1600 Phones Exposed to Remote Code Execution Risk

Trust: 5.0

Fetched: Feb. 24, 2026, 9:18 a.m., Published: Feb. 3, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: grandstream model: gxp1600

CVE-2025-5927: Arbitrary File Deletion Vulnerability in Everest Forms (Pro) Plugin for WordPress - Ameeba Exploit Tracker

Trust: 4.25

Fetched: Feb. 24, 2026, 9:18 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-5927

IIoT Security for Steel Plants: Secure Your Connected Devices

Trust: 4.25

Fetched: Feb. 24, 2026, 9:17 a.m., Published: Feb. 24, 2026, 2:14 a.m.
 Vulnerabilities: command injection, default credentials
Affected productsExternal IDs
vendor: rapid model: scada

CVE-2026-1459 Zyxel VMG3625-T50B firmware High CVETodo

Trust: 4.75

Fetched: Feb. 24, 2026, 9:17 a.m., Published: Feb. 24, 2026, 3:16 a.m.
 Vulnerabilities: service disruption, command execution, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2026-1459

Exploited Ivanti EPMM Vulnerabilities Threaten Enterprise Se

Trust: 4.5

Fetched: Feb. 24, 2026, 9:16 a.m., Published: Feb. 23, 2026, 10:32 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: mobileiron model: sentry
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: trend model: security
db: NVD ids: CVE-2026-1340, CVE-2026-1281

CVE-2025-13942 Zyxel EX3510-B0 firmware Critical CVETodo

Trust: 4.5

Fetched: Feb. 24, 2026, 9:16 a.m., Published: Feb. 24, 2026, 3:16 a.m.
 Vulnerabilities: remote command injection, command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942, CVE-2025-139421

CVE-2025-13942 - Zyxel EX3510-B0 UPnP Command Injection

Trust: 5.0

Fetched: Feb. 24, 2026, 9:15 a.m., Published: Feb. 24, 2026, 3:16 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942

Why Internet of Things (IoT) devices remain easy targets for hackers

Trust: 3.5

Fetched: Feb. 24, 2026, 9:15 a.m., Published: Feb. 23, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: google model: android
vendor: google model: home
vendor: google model: pixel
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: samsung model: android
vendor: samsung model: note
vendor: samsung model: printers
vendor: samsung model: samsung

CVE-2025-49152: Unexpiring JSON Web Tokens Vulnerability in MICROSENS NMP Web+ - Ameeba Exploit Tracker

Trust: 3.25

Fetched: Feb. 24, 2026, 9:15 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-49152

CVE-2025-45332: Null Pointer Dereference Vulnerability in vkoskiv c-ray 1.1 - Ameeba Exploit Tracker

Trust: 4.25

Fetched: Feb. 24, 2026, 9:13 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: pointer dereference vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-45332

Grandstream Phone Flaw: Unauthenticated Hack Lets Attackers Spy on Calls

Trust: 4.0

Fetched: Feb. 24, 2026, 9:13 a.m., Published: Feb. 19, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: grandstream model: gxp1600