Sign-up

VARIoT news about IoT security

4 Types of Attack Surface in Cybersecurity

Trust: 4.25

Fetched: Aug. 10, 2025, 10:43 a.m., Published: July 25, 2025, 5:24 a.m.
 Vulnerabilities: code injection, sql injection, code execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: essential model: phone
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-47575

CVE-2025-8654 : Command Injection Vulnerability in Kenwood DMX958XR Devices

Related entries in the VARIoT vulnerabilities database: VAR-202508-0188

Trust: 3.25

Fetched: Aug. 10, 2025, 10:43 a.m., Published: Aug. 6, 2025, 1:18 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8654

New macOS Vulnerability Allows Attackers to Steal Private Files by Bypassing TCC

Trust: 3.5

Fetched: Aug. 10, 2025, 10:21 a.m., Published: July 29, 2025, 8:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: macos
db: NVD ids: CVE-2025-31199

CVE-2025-20331 - Vulnerability Details - OpenCVE

Trust: 4.75

Fetched: Aug. 10, 2025, 10:20 a.m., Published: Aug. 4, 2025, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine software
vendor: cisco model: identity services engine software
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-20331

CVE-2025-8475 : Buffer Overflow Vulnerability in Alpine iLX-507 Bluetooth Devices

Trust: 4.0

Fetched: Aug. 10, 2025, 10:19 a.m., Published: Aug. 1, 2025, 5:38 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-8475

CVE-2025-8656 - (0Day) (Pwn2Own) Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability - SecAlerts

Related entries in the VARIoT vulnerabilities database: VAR-202508-0109

Trust: 3.25

Fetched: Aug. 10, 2025, 10:19 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-8656

Vulnerability Management Services: An Easy Guide 101 | SentinelOne

Trust: 3.75

Fetched: Aug. 10, 2025, 10:18 a.m., Published: Aug. 6, 2025, 11:19 a.m.
 Vulnerabilities: code insertion
Affected productsExternal IDs
vendor: delegate model: delegate

10 common cybersecurity threats and attacks: 2025 update | ConnectWise

Trust: 4.5

Fetched: Aug. 10, 2025, 10:17 a.m., Published: Aug. 10, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security
vendor: essential model: phone

What is Cyber Security? - GeeksforGeeks

Trust: 5.25

Fetched: Aug. 10, 2025, 10:16 a.m., Published: March 1, 2021, 5:54 p.m.
 Vulnerabilities: sql injection, privilege escalation, denial of service...
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: rising model: antivirus
vendor: apple model: watch

192 Cybersecurity Statistics for 2025 | Indusface Blog

Related entries in the VARIoT vulnerabilities database: VAR-202504-3437

Trust: 4.25

Fetched: Aug. 10, 2025, 10:14 a.m., Published: July 25, 2025, 5:24 a.m.
 Vulnerabilities: privilege escalation, service disruption, weak password...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: cups
vendor: apple model: java
vendor: trend model: security
vendor: google model: android
vendor: cisco model: service management
vendor: cisco model: leap
vendor: cisco model: meeting
vendor: sophos model: mobile
vendor: cups model: cups
db: NVD ids: CVE-2024-9264, CVE-2024-5217, CVE-2024-4577, CVE-2024-4879, CVE-2024-38094, CVE-2024-5806, CVE-2024-47076, CVE-2024-8190, CVE-2024-38856, CVE-2025-31324, CVE-2023-51467, CVE-2024-47176, CVE-2025-53770, CVE-2024-26169, CVE-2024-0204, CVE-2023-49070

Lantronix Provisioning Manager | CISA

Trust: 4.5

Fetched: Aug. 10, 2025, 10:14 a.m., Published: Aug. 1, 2025, midnight
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2025-7766

CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation

Trust: 4.25

Fetched: Aug. 10, 2025, 10:14 a.m., Published: Aug. 8, 2025, 9:23 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-8069

CVE-2025-27212: Command Injection Vulnerability in UniFi Access Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Aug. 10, 2025, 10:13 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-27212

Security alerts - Microsoft Defender for Identity | Microsoft Learn

Trust: 3.0

Fetched: Aug. 10, 2025, 10:13 a.m., Published: May 8, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

CitrixBleed 2: When Memory Leaks Become Session Hijacks | Splunk

Trust: 4.25

Fetched: Aug. 10, 2025, 10:12 a.m., Published: Aug. 2, 2025, midnight
 Vulnerabilities: memory leak, session hijacking
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: gateway
vendor: cisco model: netscaler gateway
vendor: snort model: snort
db: NVD ids: CVE-2023-4966, CVE-2025-5777

CVE-2025-30124: Critical Vulnerability in Marbella KR8s Dashcam Devices Exposes Clear-text Passwords - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 10, 2025, 10:11 a.m., Published: Aug. 3, 2025, 5:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-30124

Indian government warns of security issues affecting 2B Apple devices

Trust: 3.0

Fetched: Aug. 10, 2025, 10:11 a.m., Published: Dec. 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: apple tv

Google patches critical Android vulnerabilities in August 2025 security bulletin

Trust: 4.75

Fetched: Aug. 10, 2025, 10:09 a.m., Published: Aug. 10, 2025, midnight
 Vulnerabilities: code execution, authorization vulnerability
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-48530, CVE-2025-27038, CVE-2025-21479

Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall July 24, 2025 Network Security / Vulnerability Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows: CVE-2025-6704 (CVSS score: 9.8): An arbitrary file writing vulnerability within the Secure PDF eXchange (SPX) feature that can enable pre-auth remote code execution if specific SPX configurations are used alongside firewall operation in High Availability (HA) mode. CVE-2025-7624 (CVSS score: 9.8): An SQL injection vulnerability in the legacy (transparent) SMTP proxy that can result in remote code execution, contingent on an active quarantining policy for Email and if SFOS has been upgraded from a version prior to 21.0 GA. Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability. - Breach Spot

Trust: 5.5

Fetched: Aug. 10, 2025, 10:07 a.m., Published: Aug. 3, 2025, 1 p.m.
 Vulnerabilities: sql injection, code execution, privilege escalation...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
vendor: sophos model: mobile
vendor: sophos model: firewall
db: NVD ids: CVE-2025-6704, CVE-2025-7624

Apple's Latest Security Patch Fixes a Zero-Day Vulnerability Targeting Chrome | Lifehacker

Trust: 3.75

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 1, 2025, 10:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: software update
vendor: apple model: tvos
db: NVD ids: CVE-2025-6558