Sign-up

VARIoT news about IoT security

Bluetooth Devices and Your Privacy: What You Need to Know

Trust: 3.5

Fetched: Feb. 17, 2026, 9:19 a.m., Published: Feb. 16, 2026, 2:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: google model: home
vendor: trend model: security
db: NVD ids: CVE-2025-36911

Critical Memory Dereference Vulnerability in Linux Kernel: CVE-2026-23009

Trust: 3.0

Fetched: Feb. 17, 2026, 9:17 a.m., Published: Jan. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-23009

CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature

Trust: 4.75

Fetched: Feb. 17, 2026, 9:17 a.m., Published: Feb. 11, 2026, 5 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo_alto_networks model: firewall
vendor: palo_alto_networks model: networks
vendor: palo_alto_networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2026-0229

CVE-2026-20841 - Command Injection Vulnerability in Windows Notepad App - How Attackers Can Exploit It

Trust: 4.75

Fetched: Feb. 17, 2026, 9:16 a.m., Published: Feb. 10, 2026, 5:51 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-20841

CISA Warns: ZLAN ICS Device Flaws Enable Full Takeover

Trust: 3.0

Fetched: Feb. 17, 2026, 9:16 a.m., Published: Feb. 16, 2026, 7:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-247899, CVE-2026-24789, CVE-2026-250849, CVE-2026-25084

LangChain: Langchain Community SSRF Bypass Vulnerability Exposes Internal Services to Unauthorized Access

Trust: 5.0

Fetched: Feb. 17, 2026, 9:15 a.m., Published: Feb. 17, 2026, midnight
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2026-26019

Microsoft rolled out February 2026 firmware updates for Surface Pro 9

Trust: 4.75

Fetched: Feb. 17, 2026, 9:14 a.m., Published: Feb. 12, 2026, midnight
 Vulnerabilities: information disclosure, authentication bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074, CVE-2025-47367, CVE-2022-36392, CVE-2025-47355, CVE-2022-38102, CVE-2025-27075

An Experiment on Exploiting the Device Cloning Cyber-Physical Vulnerability in IoT Systems | Springer Nature Link

Trust: 3.75

Fetched: Feb. 17, 2026, 9:14 a.m., Published: Feb. 17, 2026, midnight
 Vulnerabilities: -

ZLAN Information Technology Co.: CISA Alerts on Critical ZLAN ICS Flaws Enabling Full Device Takeover

Trust: 4.0

Fetched: Feb. 17, 2026, 9:13 a.m., Published: Feb. 16, 2026, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-24789, CVE-2026-25084

CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover

Trust: 5.0

Fetched: Feb. 17, 2026, 9:13 a.m., Published: Feb. 16, 2026, 6:29 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-247899, CVE-2026-250849

Find, secure, or erase a lost Android device - Google Account Help

Trust: 3.0

Fetched: Feb. 17, 2026, 9:11 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CVE-2026-23173 - net/mlx5e: TC, delete flows only for existing peers

Trust: 3.0

Fetched: Feb. 15, 2026, 9:45 a.m., Published: Feb. 14, 2026, 4:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-23173

HPE Aruba Flaw Exposes Networking Devices to Privilege Escalation and DoS Attacks

Trust: 5.0

Fetched: Feb. 15, 2026, 9:42 a.m., Published: Feb. 3, 2026, midnight
 Vulnerabilities: privilege escalation, improper access control, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-23595, CVE-2026-23597, CVE-2026-23598, CVE-2026-23596

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

Trust: 3.5

Fetched: Feb. 15, 2026, 9:36 a.m., Published: Feb. 10, 2026, 10:24 a.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2026-23760, CVE-2025-52691, CVE-2026-24423

Apple iOS 26.3 for iPhone: 39 security issues fixed-Should you update?

Trust: 4.5

Fetched: Feb. 15, 2026, 9:35 a.m., Published: Feb. 26, 2026, midnight
 Vulnerabilities: traffic interception, memory corruption
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari

Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to

Trust: 4.75

Fetched: Feb. 15, 2026, 9:35 a.m., Published: Feb. 12, 2026, 10:07 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2026-20700

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

Trust: 4.0

Fetched: Feb. 15, 2026, 9:33 a.m., Published: Feb. 14, 2026, 1:29 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-1731

Security Breach in DJI Romo Robovac

Trust: 3.5

Fetched: Feb. 15, 2026, 9:32 a.m., Published: Feb. 16, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: password manager
vendor: trend model: security

CVE-2026-23162 - drm/xe/nvm: Fix double-free on aux add failure

Trust: 3.0

Fetched: Feb. 15, 2026, 9:31 a.m., Published: Feb. 14, 2026, 4:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-23162

BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution

Trust: 4.75

Fetched: Feb. 15, 2026, 9:30 a.m., Published: Feb. 9, 2026, 9:39 a.m.
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2026-1731