Sign-up

VARIoT news about IoT security

Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities | CyberScoop

Trust: 4.0

Fetched: March 4, 2026, 9:11 a.m., Published: March 2, 2026, 10:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2026-21385

Don’t ignore Apple’s urgent security update | 930 WFMD Free Talk

Trust: 5.75

Fetched: March 3, 2026, 9:47 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: apple tv
db: NVD ids: CVE-2026-20700

Zyxel Patches Critical Vulnerability in Multiple Device Models | Automated News - Automator Solutions posted on the topic | LinkedIn

Trust: 3.75

Fetched: March 3, 2026, 9:45 a.m., Published: March 3, 2026, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: wireshark model: wireshark

CISA Warns of RESURGE Malware Exploiting 0-Days to Breach Ivanti Connect

Trust: 4.5

Fetched: March 3, 2026, 9:44 a.m., Published: March 2, 2026, 4:45 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: snort model: snort
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2023-46805, CVE-2024-21887

MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE) | CISA

Trust: 4.25

Fetched: March 3, 2026, 9:40 a.m., Published: Feb. 26, 2026, midnight
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: quick heal model: quick heal
vendor: clamav model: clamav
vendor: emsisoft model: antivirus
vendor: sophos model: firewall
vendor: avira model: antivirus
db: NVD ids: CVE-2025-0282

About the security content of macOS Tahoe 26.3 - Apple Support

Trust: 4.25

Fetched: March 3, 2026, 9:39 a.m., Published: March 26, 2026, midnight
 Vulnerabilities: memory corruption, process crash, bounds access issue...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: icloud
vendor: trend model: security
db: NVD ids: CVE-2026-20656, CVE-2026-20677, CVE-2026-20612, CVE-2026-20634, CVE-2026-20673, CVE-2026-20662, CVE-2026-20652, CVE-2026-20615, CVE-2026-20621, CVE-2026-20628, CVE-2026-20610, CVE-2026-20602, CVE-2026-20700, CVE-2026-20616, CVE-2026-20624, CVE-2026-20660, CVE-2026-20658, CVE-2026-20619, CVE-2026-20617, CVE-2026-20601, CVE-2026-20649, CVE-2026-20636, CVE-2026-20654, CVE-2026-20676, CVE-2026-20627, CVE-2026-20646, CVE-2026-20626, CVE-2026-20635, CVE-2026-20614, CVE-2026-20608, CVE-2026-20611, CVE-2026-20675, CVE-2025-59375, CVE-2026-20603, CVE-2026-20653, CVE-2026-20650, CVE-2026-20625, CVE-2026-20623, CVE-2026-20606, CVE-2026-20647, CVE-2026-20667, CVE-2026-20618, CVE-2025-43529, CVE-2026-20609, CVE-2025-14174, CVE-2026-20644, CVE-2026-20620, CVE-2026-20680, CVE-2026-20605, CVE-2026-20681, CVE-2026-20648, CVE-2026-20666, CVE-2026-20671, CVE-2026-20629, CVE-2026-20641, CVE-2026-20630, CVE-2026-20669

Mitsubishi Electric MELSEC iQ-R Series | CISA

Trust: 5.25

Fetched: March 3, 2026, 9:39 a.m., Published: May 3, 2026, midnight
 Vulnerabilities: improper validation, information disclosure
Affected productsExternal IDs
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi model: r08/16/32/120pcpu
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: mitsubishi electric model: r08/16/32/120pcpu
db: NVD ids: CVE-2025-15080

Ivanti Endpoint Manager Vulnerability Allows Remote Attackers to Leak Arbitrary Data

Trust: 4.75

Fetched: March 3, 2026, 9:39 a.m., Published: Feb. 11, 2026, 11:13 a.m.
 Vulnerabilities: sql injection, weak password, authentication bypass
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2026-1602, CVE-2026-1603

NSA Joins ASD’s ACSC and Others to Release a Cybersecurity Alert and Related Hunt Guide on Cisco SD-WAN Systems > National Security Agency/Central Security Service > Press Release View

Related entries in the VARIoT vulnerabilities database: VAR-202602-3258

Trust: 4.75

Fetched: March 3, 2026, 9:38 a.m., Published: Feb. 26, 2026, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: catalyst
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
db: NVD ids: CVE-2026-20127

AL26-004 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20127 - Canadian Centre for Cyber Security

Related entries in the VARIoT vulnerabilities database: VAR-202602-3258

Trust: 3.5

Fetched: March 3, 2026, 9:35 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: wan manager
vendor: cisco model: sd-wan
vendor: cisco model: sd-wan vmanage
vendor: cisco model: catalyst
db: NVD ids: CVE-2026-20127

FortiOS Vulnerability Enables LDAP Authentication Bypass

Trust: 5.0

Fetched: March 3, 2026, 9:33 a.m., Published: Feb. 11, 2026, 6:26 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2026-22153

CVE-2026-3399 : Buffer Overflow Vulnerability in Tenda F453 by Tenda

Trust: 4.5

Fetched: March 3, 2026, 9:32 a.m., Published: March 1, 2026, 11:02 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2026-3399

EZVIZ - Creating Easy Smart Homes

Trust: 3.0

Fetched: March 3, 2026, 9:31 a.m., Published: May 3, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-22626, CVE-2026-22624, CVE-2026-22623, CVE-2026-22625

Government issues 'warning' for Microsoft Teams users: Update the app right now - The Times of India

Trust: 4.25

Fetched: March 3, 2026, 9:31 a.m., Published: March 17, 2026, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs

Software engineer accidentally gains control of 7,000 robot vacuums, exposing serious security flaw

Trust: 5.0

Fetched: March 3, 2026, 9:29 a.m., Published: March 1, 2026, 4:40 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: home

CISA Warns of RESURGE Malware Exploiting 0-Days to Breach Ivanti Connect Secure Devices

Trust: 5.0

Fetched: March 3, 2026, 9:27 a.m., Published: March 2, 2026, 10:36 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-0282

Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices

Trust: 3.0

Fetched: March 3, 2026, 9:26 a.m., Published: March 3, 2026, 7:18 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days

Trust: 4.75

Fetched: March 3, 2026, 9:25 a.m., Published: March 2, 2026, 7:03 a.m.
 Vulnerabilities: buffer overflow, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-0282

Hacking a Linux device with TPM + LUKS encryption: extracting the TPM key from SPI in plaintext. 🐧💻👂🔑🎉

Trust: 3.25

Fetched: March 3, 2026, 9:25 a.m., Published: March 2, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-0714

Zyxel Devices Affected by Post-Authentication Command Injection and Service Disruption - Advisories

Trust: 5.0

Fetched: March 3, 2026, 9:24 a.m., Published: March 1, 2026, 6:58 p.m.
 Vulnerabilities: command injection, pointer dereference vulnerability, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-13942, CVE-2025-13943, CVE-2026-11847, CVE-2025-11845, CVE-2026-1459, CVE-2025-11846