VARIoT latest news about IoT security

Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance related to CVE-2026-0386 - Microsoft Support Trust: 3.0 Fetched: Jan. 23, 2026, 9:50 a.m., Published: Jan. 13, 2026, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2026-0386

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones Trust: 3.0 Fetched: Jan. 23, 2026, 9:48 a.m., Published: Jan. 3, 2026, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-20701, CVE-2025-20700, CVE-2025-20702

CVE-2026-20055 - Cisco Packaged Contact Center Enterprise & Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability Trust: 5.75 Fetched: Jan. 23, 2026, 9:46 a.m., Published: Jan. 21, 2026, 5:16 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	unified contact center enterprise
vendor:	cisco	model:	packaged contact center enterprise
vendor:	cisco	model:	cisco unified contact center enterprise

db:

NVD

ids:

CVE-2026-20055

Top 8 Mobile Security Software for 2026 Trust: 3.5 Fetched: Jan. 23, 2026, 9:44 a.m., Published: Nov. 25, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend micro	model:	antivirus
vendor:	sophos	model:	mobile
vendor:	sophos	model:	endpoint protection
vendor:	sophos	model:	firewall
vendor:	broadcom	model:	messaging
vendor:	broadcom	model:	linux
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	trendmicro	model:	security
vendor:	trendmicro	model:	antivirus
vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	symantec	model:	endpoint protection
vendor:	symantec	model:	antivirus
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks

Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code Trust: 5.5 Fetched: Jan. 23, 2026, 9:43 a.m., Published: Jan. 23, 2026, midnight	Vulnerabilities: code injection, code execution

Affected products

External IDs

vendor:

vivotek

model:

camera

db:

NVD

ids:

CVE-2026-22755

New Bluetooth Headphone Vulnerabilities Allow Hackers to Hijack Connected Smartphones Trust: 3.0 Fetched: Jan. 23, 2026, 9:43 a.m., Published: Dec. 29, 2025, 9:59 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-20701, CVE-2025-20700, CVE-2025-20702

Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) - Help Net Security Trust: 4.0 Fetched: Jan. 23, 2026, 9:42 a.m., Published: Jan. 16, 2026, 2:54 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

asyncos

db:

NVD

ids:

CVE-2025-20393

Telegram Vulnerability Exposed: Authentication Flaw Exploited \| Luis Oria Seidel posted on the topic \| LinkedIn Trust: 5.0 Fetched: Jan. 23, 2026, 9:41 a.m., Published: -	Vulnerabilities: authentication flaw

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Real Time Threat Detection: Hexnode UEM + XDR Trust: 3.5 Fetched: Jan. 23, 2026, 9:41 a.m., Published: Jan. 13, 2026, 8:28 a.m.	Vulnerabilities: brute force attack, buffer overflow

Affected products

External IDs

vendor:

tableau

model:

server

Can an Indirect Vulnerability Still Be High Risk? \| C2A Security - The Only Risk-Driven DevSecOps Platform Trust: 5.75 Fetched: Jan. 23, 2026, 9:40 a.m., Published: Jan. 22, 2026, 3:33 a.m.	Vulnerabilities: code injection

Affected products

External IDs

vendor:	cisco	model:	unity connection
vendor:	cisco	model:	webex
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unity
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	cisco unified communications manager

db:

NVD

ids:

CVE-2026-20045

Zoom Security Alert: Critical Vulnerability in Node MMR Devices Trust: 5.0 Fetched: Jan. 23, 2026, 9:40 a.m., Published: Jan. 22, 2026, 2:33 p.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2026-22844

WPair - Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Trust: 4.75 Fetched: Jan. 23, 2026, 9:39 a.m., Published: Jan. 21, 2026, 10:27 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-36911

Trivial Telnet authentication bypass exposes devices to complete takeover \| CSO Online Trust: 3.75 Fetched: Jan. 23, 2026, 9:38 a.m., Published: Jan. 22, 2026, midnight	Vulnerabilities: privilege escalation, authentication bypass

Affected products	External IDs

How to protect yourself from Bluetooth-headset tracking and the WhisperPair attack \| Kaspersky official blog Trust: 3.5 Fetched: Jan. 23, 2026, 9:37 a.m., Published: Jan. 23, 2050, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	oneplus	model:	oneplus
vendor:	oneplus	model:	one
vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-36911

Fortinet SSO Flaw Actively Exploited to Compromise Firewalls and Gain Admin Access Trust: 4.0 Fetched: Jan. 23, 2026, 9:37 a.m., Published: Jan. 22, 2026, 7:20 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59718

A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution Trust: 5.0 Fetched: Jan. 23, 2026, 9:36 a.m., Published: Jan. 21, 2026, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

cisco

model:

unified communications

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations Trust: 4.25 Fetched: Jan. 23, 2026, 9:36 a.m., Published: Jan. 22, 2026, 5:55 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59718, CVE-2025-59719

2026 Device Vulnerabilities Surge: AI Exploits Threaten IoT and Infrastructure Trust: 4.5 Fetched: Jan. 23, 2026, 9:35 a.m., Published: Jan. 22, 2026, 6:31 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

db:

NVD

ids:

CVE-2026-22920, CVE-2026-22910

WPair Scanner Released to Detect WhisperPair Flaw in Google’s Fast Pair Protocol Trust: 5.0 Fetched: Jan. 23, 2026, 9:30 a.m., Published: Jan. 20, 2026, 9:49 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-36911

WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent - Millions Affected Trust: 3.75 Fetched: Jan. 23, 2026, 9:29 a.m., Published: Jan. 20, 2026, 7:31 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	oneplus	model:	oneplus

db:

NVD

ids:

CVE-2025-36911

VARIoT news about IoT security