Sign-up

VARIoT news about IoT security

Multiple Hikvision Flaws Allow Device Disruption via Crafted Network Packets

Trust: 5.75

Fetched: Jan. 18, 2026, 9:56 a.m., Published: Jan. 13, 2026, 8:16 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco model: series
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-66177, CVE-2025-66176

Update Canonical Ubuntu Desktop: USN-7965-1: SimGear vulnerability

Trust: 3.25

Fetched: Jan. 18, 2026, 9:55 a.m., Published: Jan. 18, 7965, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Asus Router Vulnerability: Thousands of Devices Hacked in Stealthy Cyberattack - Bridge Computer Services

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729, VAR-202504-1580

Trust: 5.5

Fetched: Jan. 18, 2026, 9:55 a.m., Published: Jan. 16, 2026, 9:02 a.m.
 Vulnerabilities: command injection, os command injection, command execution...
Affected productsExternal IDs
vendor: asus model: gt-ac5300
vendor: asus model: router
vendor: asus model: dsl-ac68u
vendor: asus model: routers
vendor: asus model: rt-ac1300gplus
vendor: asus model: rt-ac1200hp
vendor: asus model: gt-ax11000
vendor: asus model: asus
vendor: asus model: 4g-ac55u
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2023-39780, CVE-2025-2492, CVE-2023-41346, CVE-2024-12912, CVE-2023-41345, CVE-2023-41347, CVE-2023-41348

Zero-Click Exploit Chain Discovered Targeting Google Pixel 9 Devices

Trust: 5.5

Fetched: Jan. 18, 2026, 9:54 a.m., Published: Jan. 16, 2026, 9:15 a.m.
 Vulnerabilities: code execution, buffer overrun, integer overflow...
Affected productsExternal IDs
vendor: samsung model: android
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36934, CVE-2025-49415, CVE-2025-54957

Google Project Zero Reveals Sophisticated Zero-Click Exploit Chain Targeting Pixel 9

Trust: 5.5

Fetched: Jan. 18, 2026, 9:52 a.m., Published: Jan. 16, 2026, 12:22 p.m.
 Vulnerabilities: code execution, integer overflow, privilege escalation
Affected productsExternal IDs
vendor: samsung model: android
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-36934, CVE-2025-54957

Google Fast Pair Flaw: Earbuds, And Headphones At Risk Of Hacking And Tracking; Here's How To Stay Protected | Technology News | Zee News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Jan. 17, 2026, 12:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

HPE Aruba Vulnerabilities Enables Unauthorized Access To Sensitive Information

Trust: 4.75

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Jan. 15, 2026, 1:41 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: blueman model: blueman
vendor: aruba model: aruba instant
vendor: aruba model: instant
db: NVD ids: CVE-2025-37165, CVE-2023-52340, CVE-2025-37166, CVE-2022-48839

CVE-2018-25140 : Unauthenticated Device Manipulation Vulnerability in FLIR Thermal Traffic Cameras

Trust: 3.25

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Dec. 24, 2025, 7:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2018-25140

Surface Laptop Studio gets new (January 15, 2026) firmware updates

Trust: 4.75

Fetched: Jan. 18, 2026, 9:48 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-23281, CVE-2025-23309, CVE-2022-36392, CVE-2025-23347, CVE-2025-23286, CVE-2022-38102, CVE-2025-23288, CVE-2025-23276, CVE-2025-23345

Microsoft rolled out new firmware updates (January 15, 2026) for Surface Go 3

Trust: 3.75

Fetched: Jan. 18, 2026, 9:47 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-36392, CVE-2024-44074

CVE-2025-66177 Hikvision DS-96xxxNI-Hx, DS-96xxxNI-Ix, DS-... CVETodo

Trust: 6.5

Fetched: Jan. 18, 2026, 9:46 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: code execution, denial of service, service disruption...
Affected productsExternal IDs
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-661771, CVE-2025-66177

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Critical 'WhisperPair' Flaw in Google's Fast Pair Protocol Exposes Millions of Headphones to Hacking and Eavesdropping - BigGo News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome os
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911

Bluetooth Audio Vulnerability Allows Tracking And Eavesdropping | The Review Hive

Trust: 3.5

Fetched: Jan. 18, 2026, 9:44 a.m., Published: Jan. 16, 2026, 9:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: essential model: phone
db: NVD ids: CVE-2025-36911

Microsoft rolled out January 2026 firmware updates for Surface Laptop 4 with AMD

Trust: 3.75

Fetched: Jan. 18, 2026, 9:43 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315, CVE-2024-36352, CVE-2024-44074

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:35 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Apple 2025 Vulnerability Patches: iOS, macOS, and Device Security Risks

Trust: 4.0

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43304, CVE-2025-43298

CISA Flags Samsung Mobile Out-of-Bounds Write Vulnerability (CVE-2025-21042)

Trust: 3.75

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2025-21042

Akira Ransomware 2025: Critical Infrastructure Compromised via Edge Exploits

Trust: 4.25

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

WatchGuard Firebox Zero-Day Breach (2024): Edge Device Vulnerability Exploited

Trust: 3.0

Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox