Sign-up

VARIoT news about IoT security

What is the Pixnapping vulnerability, and how to protect your Android smartphone? | Kaspersky official blog

Trust: 3.5

Fetched: Nov. 12, 2025, 9:20 a.m., Published: Jan. 12, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-48561

CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV - Infosecurity Magazine

Trust: 4.75

Fetched: Nov. 12, 2025, 9:18 a.m., Published: Nov. 11, 2025, 10:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042, CVE-2025-21043

Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Trust: 3.5

Fetched: Nov. 12, 2025, 9:17 a.m., Published: Nov. 7, 2025, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: apple model: iphone
vendor: apple model: macos
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-43300, CVE-2025-21042, CVE-2025-21043, CVE-2025-55177

Patch now: Samsung zero-day lets attackers take over your phone | Malwarebytes

Trust: 5.5

Fetched: Nov. 12, 2025, 9:17 a.m., Published: Nov. 11, 2025, 2:28 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: trend model: security
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
db: NVD ids: CVE-2025-21042, CVE-2025-21043

CVE-2025-58432: Unauthorized File Upload Vulnerability in ZimaOS - Ameeba Exploit Tracker

Trust: 5.0

Fetched: Nov. 11, 2025, 9:36 a.m., Published: Nov. 9, 2025, 3:08 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-58432

Samsung Flaw Used To Install Landfall - CyberMaterial

Trust: 3.75

Fetched: Nov. 11, 2025, 9:36 a.m., Published: Nov. 10, 2025, 2:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21043, CVE-2025-21042

RondoDox: From Pwn2Own Vulnerabilities to Global Exploitation | eSecurity Planet

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Nov. 11, 2025, 9:35 a.m., Published: Oct. 14, 2025, 4:06 p.m.
 Vulnerabilities: default credentials, command execution, authentication bypass...
Affected productsExternal IDs
vendor: four-faith model: four-faith
vendor: trend model: security
vendor: tp-link model: routers
vendor: trend micro model: security
db: NVD ids: CVE-2024-12856, CVE-2024-3721, CVE-2023-1389

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

Trust: 3.75

Fetched: Nov. 11, 2025, 9:34 a.m., Published: Oct. 22, 2025, 7:56 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-9133, CVE-2025-8078

Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched

Trust: 5.5

Fetched: Nov. 11, 2025, 9:33 a.m., Published: Nov. 10, 2025, 11 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-62847, CVE-2025-62848, CVE-2025-62849

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Trust: 3.5

Fetched: Nov. 11, 2025, 9:32 a.m., Published: Nov. 11, 2025, 8:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: mobile devices
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21043, CVE-2025-21042

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

Trust: 5.75

Fetched: Nov. 11, 2025, 9:30 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: cross-site scripting, information disclosure
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-20304, CVE-2025-20303, CVE-2025-20289, CVE-2025-20305

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 4.0

Fetched: Nov. 11, 2025, 9:30 a.m., Published: Nov. 10, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Samsung Zero-Day Vulnerability Exploited via WhatsApp | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.75

Fetched: Nov. 11, 2025, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: samsung
db: NVD ids: CVE-2024-4944

Access Denied

Trust: 3.0

Fetched: Nov. 11, 2025, 9:29 a.m., Published: Nov. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung

TP-Link Omada Vulnerabilities Put Business Networks at Severe Risk - Read.pk

Trust: 3.75

Fetched: Nov. 11, 2025, 9:29 a.m., Published: Nov. 10, 2025, 5:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: gateway
db: NVD ids: CVE-2025-7851, CVE-2025-6541, CVE-2025-6542, CVE-2025-7850

Multiple Cisco Contact Center Products Vulnerabilities

Trust: 5.5

Fetched: Nov. 11, 2025, 9:28 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: code execution, directory traversal, improper validation...
Affected productsExternal IDs
vendor: cisco model: unified ccx
vendor: cisco model: cisco unified intelligence center
vendor: cisco model: unified intelligence center
db: NVD ids: CVE-2025-20377, CVE-2025-20375, CVE-2025-20376, CVE-2025-20374

LANDFALL: Unveiling the Hidden Android Spyware Targeting Samsung Devices

Trust: 3.75

Fetched: Nov. 11, 2025, 9:28 a.m., Published: Nov. 11, 2025, 4:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: mobile devices
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042

CVE-2025-21042 - Samsung Mobile Devices Out-of-Bounds Write Vulnerability | ScyScan

Trust: 3.5

Fetched: Nov. 11, 2025, 9:26 a.m., Published: Nov. 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2025-21042

Rebooting the government, one cyber law at a time.

Trust: 4.5

Fetched: Nov. 11, 2025, 9:26 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: google model: android
vendor: google model: nexus
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: notes
vendor: samsung model: note
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-34299, CVE-2025-21042

CVE-2025-37147 - Secure Boot Bypass allows for Compromise of Hardware Root of Trust

Trust: 3.0

Fetched: Nov. 11, 2025, 9:24 a.m., Published: Oct. 14, 2025, 5:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37147