VARIoT latest news about IoT security

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure Trust: 3.75 Fetched: Dec. 18, 2025, 11:39 p.m., Published: Dec. 16, 2025, 12:27 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

watchguard

model:

firebox

db:

NVD

ids:

CVE-2023-27532, CVE-2023-22518, CVE-2022-26318, CVE-2021-26084

Critical FortiGate Devices SSO Vulnerabilities Actively Exploited Trust: 5.0 Fetched: Dec. 18, 2025, 11:39 p.m., Published: Dec. 18, 2025, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

IoT Security Challenges (Most Critical Risk of 2025) Trust: 3.5 Fetched: Dec. 18, 2025, 11:38 p.m., Published: March 31, 2025, 11:56 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	checkpoint	model:	next generation
vendor:	sharp	model:	printers
vendor:	google	model:	home
vendor:	amazon	model:	key
vendor:	cherokee	model:	cherokee
vendor:	apple	model:	watch

Security Check-in Quick Hits: Cisco Zero-Day Exploits, VPN Brute-Force Attacks, Fortinet Vulnerabilities, Ransomware Surge, and Node.js Patch Delays Trust: 5.5 Fetched: Dec. 18, 2025, 11:37 p.m., Published: Dec. 18, 2025, midnight	Vulnerabilities: code execution, authentication bypass, command injection

Affected products

External IDs

vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	access points
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	ssl vpn
vendor:	palo	model:	networks
vendor:	palo	model:	ssl vpn
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718, CVE-2025-20393

CVE-2025-27461: Unauthenticated Automatic Login Vulnerability in EPC2 Windows Device Startup - Ameeba Exploit Tracker Trust: 4.0 Fetched: Dec. 18, 2025, 11:37 p.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

essential

model:

phone

db:

NVD

ids:

CVE-2025-27461

Critical Zero-Day Vulnerability Affects Apple Devices: Urgent Update Required Trust: 5.5 Fetched: Dec. 18, 2025, 11:35 p.m., Published: Dec. 18, 2025, 5:31 a.m.	Vulnerabilities: memory access issue, memory corruption

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	software update
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-14174, CVE-2025-43529

What Laws Govern the Security of Connected Medical Devices? - LegalClarity Trust: 3.0 Fetched: Dec. 18, 2025, 11:35 p.m., Published: Dec. 14, 2025, 8:51 a.m.	Vulnerabilities: -

Affected products	External IDs

Axis Communications Camera Station Pro, Camera Station, and Device Manager \| CISA Trust: 5.25 Fetched: Dec. 18, 2025, 11:34 p.m., Published: March 9, 2025, midnight	Vulnerabilities: authentication bypass, privilege escalation, code execution

Affected products

External IDs

vendor:	axis communications	model:	communications
vendor:	axis communications	model:	axis
vendor:	axis	model:	communications
vendor:	axis	model:	axis

db:

NVD

ids:

CVE-2025-30024, CVE-2025-30025, CVE-2025-30023, CVE-2025-30026

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) - Help Net Security Trust: 5.5 Fetched: Dec. 18, 2025, 11:33 p.m., Published: Dec. 15, 2025, 10:58 a.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-14174, CVE-2025-43529

CISA Warns of Critical Vulnerabilities in Cisco, SonicWall, and ASUS Devices Trust: 4.75 Fetched: Dec. 18, 2025, 11:32 p.m., Published: Dec. 18, 2025, 6:45 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	nexus
vendor:	asus	model:	asus
vendor:	google	model:	nexus
vendor:	sonicwall	model:	sma1000

db:

NVD

ids:

CVE-2025-59374, CVE-2025-23006, CVE-2025-20393

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Dec. 18, 2025, 11:31 p.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

CVE-2025-43529 : Use-After-Free Vulnerability in Apple iOS and macOS Products Trust: 6.0 Fetched: Dec. 18, 2025, 11:31 p.m., Published: Dec. 17, 2025, 8:46 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-43529

CVE-2023-33062: Transient Denial of Service (DOS) Vulnerability in WLAN Firmware - Ameeba Exploit Tracker Trust: 5.25 Fetched: Dec. 18, 2025, 11:30 p.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33062

17 Best Penetration Testing Apps for Android 2025 - TechCult Trust: 3.5 Fetched: Dec. 18, 2025, 11:29 p.m., Published: June 15, 2020, 2:20 a.m.	Vulnerabilities: traffic interception, sql injection

Affected products

External IDs

vendor:

google

model:

android

CVE-2025-65007 - Missing Authentication for Critical Function in WODESYS WD-R608U router - SecAlerts Trust: 3.25 Fetched: Dec. 18, 2025, 11:29 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-65007

FortiGate Vulnerability Exploited: Update Now to Prevent SSO Attacks Trust: 4.0 Fetched: Dec. 18, 2025, 11:29 p.m., Published: Dec. 16, 2025, 5:51 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

FortiCloud SSO Login Bypass Vulnerabilities Exploited in the Wild \| Blog \| VulnCheck Trust: 3.75 Fetched: Dec. 18, 2025, 11:28 p.m., Published: Dec. 18, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718, CVE-2025-55182

CVE-2025-21042 - Out-of-Bounds Write in… Trust: 5.0 Fetched: Dec. 18, 2025, 11:28 p.m., Published: Dec. 8, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2025-21042

Exploitation of Critical Vulnerability in React Server Components (Updated December 12) Trust: 4.25 Fetched: Dec. 18, 2025, 11:27 p.m., Published: Dec. 12, 2025, 9:40 p.m.	Vulnerabilities: code execution, memory corruption, command execution...

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	google	model:	nexus
vendor:	google	model:	home
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	mesh	model:	mesh
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2025-66478, CVE-2025-55182

FortiGate devices targeted with malicious SSO logins \| Cybersecurity Dive Trust: 5.0 Fetched: Dec. 18, 2025, 11:26 p.m., Published: Dec. 17, 2025, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

VARIoT news about IoT security