Sign-up

VARIoT news about IoT security

HPE Aruba Vulnerabilities Enables Unauthorized Access To Sensitive Information

Trust: 4.75

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Jan. 15, 2026, 1:41 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: blueman model: blueman
vendor: aruba model: aruba instant
vendor: aruba model: instant
db: NVD ids: CVE-2025-37165, CVE-2023-52340, CVE-2025-37166, CVE-2022-48839

CVE-2018-25140 : Unauthenticated Device Manipulation Vulnerability in FLIR Thermal Traffic Cameras

Trust: 3.25

Fetched: Jan. 18, 2026, 9:49 a.m., Published: Dec. 24, 2025, 7:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2018-25140

Surface Laptop Studio gets new (January 15, 2026) firmware updates

Trust: 4.75

Fetched: Jan. 18, 2026, 9:48 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-23281, CVE-2025-23309, CVE-2022-36392, CVE-2025-23347, CVE-2025-23286, CVE-2022-38102, CVE-2025-23288, CVE-2025-23276, CVE-2025-23345

Microsoft rolled out new firmware updates (January 15, 2026) for Surface Go 3

Trust: 3.75

Fetched: Jan. 18, 2026, 9:47 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-36392, CVE-2024-44074

CVE-2025-66177 Hikvision DS-96xxxNI-Hx, DS-96xxxNI-Ix, DS-... CVETodo

Trust: 6.5

Fetched: Jan. 18, 2026, 9:46 a.m., Published: Jan. 13, 2026, 3:16 a.m.
 Vulnerabilities: code execution, denial of service, service disruption...
Affected productsExternal IDs
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
db: NVD ids: CVE-2025-661771, CVE-2025-66177

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Critical 'WhisperPair' Flaw in Google's Fast Pair Protocol Exposes Millions of Headphones to Hacking and Eavesdropping - BigGo News

Trust: 3.75

Fetched: Jan. 18, 2026, 9:45 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome os
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel
vendor: oneplus model: oneplus
db: NVD ids: CVE-2025-36911

Bluetooth Audio Vulnerability Allows Tracking And Eavesdropping | The Review Hive

Trust: 3.5

Fetched: Jan. 18, 2026, 9:44 a.m., Published: Jan. 16, 2026, 9:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: essential model: phone
db: NVD ids: CVE-2025-36911

Microsoft rolled out January 2026 firmware updates for Surface Laptop 4 with AMD

Trust: 3.75

Fetched: Jan. 18, 2026, 9:43 a.m., Published: Jan. 15, 2026, 5 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315, CVE-2024-36352, CVE-2024-44074

GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.

Trust: 3.25

Fetched: Jan. 18, 2026, 9:35 a.m., Published: Jan. 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-36911

Apple 2025 Vulnerability Patches: iOS, macOS, and Device Security Risks

Trust: 4.0

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43304, CVE-2025-43298

CISA Flags Samsung Mobile Out-of-Bounds Write Vulnerability (CVE-2025-21042)

Trust: 3.75

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2025-21042

Akira Ransomware 2025: Critical Infrastructure Compromised via Edge Exploits

Trust: 4.25

Fetched: Jan. 18, 2026, 9:32 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

WatchGuard Firebox Zero-Day Breach (2024): Edge Device Vulnerability Exploited

Trust: 3.0

Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox

WatchGuard 2025 VPN Vulnerability Enables Critical Remote Code Execution

Trust: 5.75

Fetched: Jan. 18, 2026, 9:31 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: watchguard fireware
vendor: watchguard model: fireware
db: NVD ids: CVE-2025-9242

Siemens 2026 OT Edge Device Vulnerability: Critical Authorization Bypass

Trust: 3.0

Fetched: Jan. 18, 2026, 9:30 a.m., Published: Jan. 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: comfort panel
vendor: siemens model: simatic ipc847e
vendor: siemens model: simatic
vendor: siemens model: simatic ipc227e
vendor: siemens model: simatic ipc127e
vendor: siemens model: simatic ipc427e
vendor: siemens model: scalance
vendor: siemens model: simatic hmi

A new earbud security flaw may expose you to remote eavesdropping - here's how to fix it | ZDNET

Trust: 3.75

Fetched: Jan. 18, 2026, 9:22 a.m., Published: May 18, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-36911

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

Trust: 5.25

Fetched: Jan. 16, 2026, 10:10 a.m., Published: Dec. 23, 2025, 8:43 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-52163

macOS Flaw Enables Silent Bypass of Apple Privacy Controls | eSecurity Planet

Trust: 5.75

Fetched: Jan. 16, 2026, 10:10 a.m., Published: Jan. 6, 2026, 3:31 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43530

8 Attack Surface Management Vendors in 2026 | SentinelOne

Trust: 3.75

Fetched: Jan. 16, 2026, 10:08 a.m., Published: Jan. 8, 2026, 1:46 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security