VARIoT latest news about IoT security

Microsoft rolled out January 2026 firmware updates for Surface Laptop 4 with AMD Trust: 3.75 Fetched: Jan. 18, 2026, 9:43 a.m., Published: Jan. 15, 2026, 5 a.m.	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-31315, CVE-2024-36352, CVE-2024-44074

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent. Trust: 3.25 Fetched: Jan. 18, 2026, 9:35 a.m., Published: Jan. 6, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-36911

Apple 2025 Vulnerability Patches: iOS, macOS, and Device Security Risks Trust: 4.0 Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-43304, CVE-2025-43298

CISA Flags Samsung Mobile Out-of-Bounds Write Vulnerability (CVE-2025-21042) Trust: 3.75 Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile devices

db:

NVD

ids:

CVE-2025-21042

Akira Ransomware 2025: Critical Infrastructure Compromised via Edge Exploits Trust: 4.25 Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight	Vulnerabilities: authentication bypass

Affected products	External IDs

WatchGuard Firebox Zero-Day Breach (2024): Edge Device Vulnerability Exploited Trust: 3.0 Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

watchguard

model:

firebox

WatchGuard 2025 VPN Vulnerability Enables Critical Remote Code Execution Trust: 5.75 Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	watchguard	model:	watchguard fireware
vendor:	watchguard	model:	fireware

db:

NVD

ids:

CVE-2025-9242

Siemens 2026 OT Edge Device Vulnerability: Critical Authorization Bypass Trust: 3.0 Fetched: Jan. 18, 2026, 9:30 a.m., Published: Jan. 18, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	comfort panel
vendor:	siemens	model:	simatic ipc847e
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic ipc227e
vendor:	siemens	model:	simatic ipc127e
vendor:	siemens	model:	simatic ipc427e
vendor:	siemens	model:	scalance
vendor:	siemens	model:	simatic hmi

A new earbud security flaw may expose you to remote eavesdropping - here's how to fix it \| ZDNET Trust: 3.75 Fetched: Jan. 18, 2026, 9:22 a.m., Published: May 18, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-36911

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog Trust: 5.25 Fetched: Jan. 16, 2026, 10:10 a.m., Published: Dec. 23, 2025, 8:43 a.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-52163

macOS Flaw Enables Silent Bypass of Apple Privacy Controls \| eSecurity Planet Trust: 5.75 Fetched: Jan. 16, 2026, 10:10 a.m., Published: Jan. 6, 2026, 3:31 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-43530

8 Attack Surface Management Vendors in 2026 \| SentinelOne Trust: 3.75 Fetched: Jan. 16, 2026, 10:08 a.m., Published: Jan. 8, 2026, 1:46 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Jan. 16, 2026, 10:08 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352 Trust: 4.75 Fetched: Jan. 16, 2026, 9:52 a.m., Published: Jan. 7, 2026, 2:09 p.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-38352

WhatsApp vulnerabilities expose user metadata, including device OS details - InfoSecBulletin Trust: 4.75 Fetched: Jan. 16, 2026, 9:51 a.m., Published: Jan. 6, 2026, 9:32 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	node.js	model:	node.js
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	google	model:	android
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2025-8110, CVE-2026-0227

React2Shell exploitation continues to escalate, posing 'significant risk' \| TechRadar Trust: 3.75 Fetched: Jan. 16, 2026, 9:51 a.m., Published: Dec. 19, 2025, 8:50 p.m.	Vulnerabilities: authentication bug

Affected products

External IDs

db:

NVD

ids:

CVE-2025-55182

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution Trust: 5.5 Fetched: Jan. 16, 2026, 9:50 a.m., Published: Dec. 30, 2025, 4:28 p.m.	Vulnerabilities: path traversal, code execution

Affected products

External IDs

vendor:

clamav

model:

clamav

db:

NVD

ids:

CVE-2025-52691

Security Now \| A Podcast Covering Hot Topics in Tech Security \| TWiT Trust: 3.75 Fetched: Jan. 16, 2026, 9:50 a.m., Published: Jan. 20, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	chrome
vendor:	google	model:	wifi
vendor:	apple	model:	safari

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Trust: 4.5 Fetched: Jan. 16, 2026, 9:49 a.m., Published: Jan. 13, 2026, 12:51 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	hikvision	model:	hikvision
vendor:	wireshark	model:	wireshark

db:

NVD

ids:

CVE-2025-66176, CVE-2025-66177

Critical-rated WatchGuard Firebox flaw under active attack • The Register Trust: 4.75 Fetched: Jan. 16, 2026, 9:49 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	watchguard	model:	fireware
vendor:	watchguard	model:	watchguard fireware
vendor:	watchguard	model:	firebox

db:

NVD

ids:

CVE-2025-32978, CVE-2025-9242, CVE-2022-26318

VARIoT news about IoT security