Sign-up

VARIoT news about IoT security

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) - Help Net Security

Trust: 5.25

Fetched: Nov. 9, 2025, 11:35 a.m., Published: Oct. 20, 2025, 4:23 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-6894, CVE-2025-6950, CVE-2025-6892, CVE-2025-6949, CVE-2025-6893

The Most Common DNS Security Risks in 2025 (And How to Mitigate Them)

Trust: 3.75

Fetched: Nov. 9, 2025, 11:34 a.m., Published: Jan. 14, 2024, 12:07 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: rising model: antivirus

Apple Issues Emergency Security Update For Multiple Critical Vulnerabilities Across Devices

Trust: 4.5

Fetched: Nov. 9, 2025, 11:33 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: system crash, information leak
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: iphone
db: NVD ids: CVE-2025-43407, CVE-2025-43379, CVE-2025-43421, CVE-2025-43433, CVE-2025-43438, CVE-2025-43455, CVE-2025-43460, CVE-2025-43447, CVE-2025-43462, CVE-2025-43350

Google Releases Emergency Chrome Update to Patch Multiple RCE Vulnerabilities

Trust: 4.5

Fetched: Nov. 9, 2025, 11:33 a.m., Published: Nov. 6, 2025, 7:06 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2025-12726, CVE-2025-12725, CVE-2025-12729, CVE-2025-12728, CVE-2025-12727

CERT-EU - Critical Vulnerability in FortiWeb

Trust: 3.0

Fetched: Nov. 9, 2025, 11:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-25257

Finding Open Redirects and How to Fix Them| GRSee

Trust: 3.75

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 2, 2025, midnight
 Vulnerabilities: open redirect vulnerability, request forgery
Affected productsExternal IDs

CVE-2025-43372: Critical Media File Processing Vulnerability in Multiple Apple Operating Systems - Ameeba Exploit Tracker

Trust: 5.5

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: improper validation, memory corruption
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: tvos
db: NVD ids: CVE-2025-43372

CVE-2025-43424 - Apple iOS/ iPadOS HID Device Crash Vulnerability

Trust: 4.75

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 4, 2025, 2:15 a.m.
 Vulnerabilities: process crash
Affected productsExternal IDs
vendor: apple model: ios
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43424

CVE-2025-40108 - serial: qcom-geni: Fix blocked task - SecAlerts

Trust: 3.0

Fetched: Nov. 9, 2025, 11:30 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-40108

Samsung monthly updates: November 2025 security patch details - SamMobile

Trust: 3.0

Fetched: Nov. 9, 2025, 11:28 a.m., Published: Nov. 4, 2025, 12:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: exynos

WatchGuard RCE Vulnerability: Update Now | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 5.75

Fetched: Nov. 9, 2025, 11:28 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
db: NVD ids: CVE-2024-4060

WatchGuard RCE Vulnerability: Update Now | Enigma Security posted on the topic | LinkedIn

Trust: 5.75

Fetched: Nov. 9, 2025, 11:27 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
db: NVD ids: CVE-2024-4060

HPESBNW04957 rev.1 - HPE Aruba Networking AOS-10 and AOS-8 Mobility Conductor, Controllers, and Gateways, Multiple Vulnerabilities

Trust: 3.5

Fetched: Nov. 9, 2025, 11:27 a.m., Published: -
 Vulnerabilities: command injection, denial of service, file download vulnerability...
Affected productsExternal IDs
db: NVD ids: CVE-2025-37134, CVE-2025-37135, CVE-2025-37138, CVE-2025-37145, CVE-2025-37136, CVE-2025-37132, CVE-2025-37133, CVE-2025-37143, CVE-2025-37139, CVE-2025-37141, CVE-2025-37142, CVE-2025-37140, CVE-2025-37137, CVE-2025-37144

CVE-2025-43418 - Apple iOS Locked Device Information Disclosure Vulnerability - مدیریت منیج سرور ثبت دامنه

Trust: 5.25

Fetched: Nov. 9, 2025, 11:26 a.m., Published: Nov. 5, 2025, 6:33 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-43418

Google’s AI ‘Big Sleep’ Uncovers Five Critical WebKit Vulnerabilities in Apple Devices - Advisories

Trust: 5.5

Fetched: Nov. 9, 2025, 11:26 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: improper memory handling, memory corruption, buffer overflow...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-43434, CVE-2025-43433, CVE-2025-43431, CVE-2025-43429, CVE-2025-43430

Samsung Spyware Shocker: Landfall Targets Galaxy Devices with Zero-Day Vulnerability - The Nimble Nerd

Trust: 3.0

Fetched: Nov. 9, 2025, 11:25 a.m., Published: Nov. 7, 2025, 3:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy

LANDFALL Android Malware Exploits Samsung Zero-Day via Malicious WhatsApp Image

Trust: 4.75

Fetched: Nov. 9, 2025, 11:24 a.m., Published: Nov. 8, 2025, 8:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: google model: android
vendor: palo model: networks
db: NVD ids: CVE-2025-55177, CVE-2025-43300, CVE-2025-21042, CVE-2025-21043

CVE-2025-43424 - Apple iOS/ iPadOS HID Device Crash Vulnerability

Trust: 4.75

Fetched: Nov. 9, 2025, 11:21 a.m., Published: Nov. 4, 2025, 2:15 a.m.
 Vulnerabilities: process crash
Affected productsExternal IDs
vendor: apple model: ios
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43424

Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability

Trust: 5.0

Fetched: Nov. 9, 2025, 11:21 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

CVE-2025-6026 - Lenovo Universal Device Client Certificate Validation Weakness

Trust: 3.25

Fetched: Nov. 9, 2025, 11:19 a.m., Published: Oct. 15, 2025, 3:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-6026