Sign-up

VARIoT news about IoT security

CERT-EU - Critical Vulnerability in FortiWeb

Trust: 3.0

Fetched: Nov. 9, 2025, 11:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-25257

Finding Open Redirects and How to Fix Them| GRSee

Trust: 3.75

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 2, 2025, midnight
 Vulnerabilities: open redirect vulnerability, request forgery
Affected productsExternal IDs

CVE-2025-43372: Critical Media File Processing Vulnerability in Multiple Apple Operating Systems - Ameeba Exploit Tracker

Trust: 5.5

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: improper validation, memory corruption
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: tvos
db: NVD ids: CVE-2025-43372

CVE-2025-43424 - Apple iOS/ iPadOS HID Device Crash Vulnerability

Trust: 4.75

Fetched: Nov. 9, 2025, 11:32 a.m., Published: Nov. 4, 2025, 2:15 a.m.
 Vulnerabilities: process crash
Affected productsExternal IDs
vendor: apple model: ios
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43424

CVE-2025-40108 - serial: qcom-geni: Fix blocked task - SecAlerts

Trust: 3.0

Fetched: Nov. 9, 2025, 11:30 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-40108

Samsung monthly updates: November 2025 security patch details - SamMobile

Trust: 3.0

Fetched: Nov. 9, 2025, 11:28 a.m., Published: Nov. 4, 2025, 12:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: exynos

WatchGuard RCE Vulnerability: Update Now | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 5.75

Fetched: Nov. 9, 2025, 11:28 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
db: NVD ids: CVE-2024-4060

WatchGuard RCE Vulnerability: Update Now | Enigma Security posted on the topic | LinkedIn

Trust: 5.75

Fetched: Nov. 9, 2025, 11:27 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: watchguard model: firebox
vendor: watchguard model: fireware
db: NVD ids: CVE-2024-4060

HPESBNW04957 rev.1 - HPE Aruba Networking AOS-10 and AOS-8 Mobility Conductor, Controllers, and Gateways, Multiple Vulnerabilities

Trust: 3.5

Fetched: Nov. 9, 2025, 11:27 a.m., Published: -
 Vulnerabilities: command injection, denial of service, file download vulnerability...
Affected productsExternal IDs
db: NVD ids: CVE-2025-37134, CVE-2025-37135, CVE-2025-37138, CVE-2025-37145, CVE-2025-37136, CVE-2025-37132, CVE-2025-37133, CVE-2025-37143, CVE-2025-37139, CVE-2025-37141, CVE-2025-37142, CVE-2025-37140, CVE-2025-37137, CVE-2025-37144

CVE-2025-43418 - Apple iOS Locked Device Information Disclosure Vulnerability - مدیریت منیج سرور ثبت دامنه

Trust: 5.25

Fetched: Nov. 9, 2025, 11:26 a.m., Published: Nov. 5, 2025, 6:33 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-43418

Google’s AI ‘Big Sleep’ Uncovers Five Critical WebKit Vulnerabilities in Apple Devices - Advisories

Trust: 5.5

Fetched: Nov. 9, 2025, 11:26 a.m., Published: Nov. 3, 2025, midnight
 Vulnerabilities: improper memory handling, memory corruption, buffer overflow...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-43434, CVE-2025-43433, CVE-2025-43431, CVE-2025-43429, CVE-2025-43430

Samsung Spyware Shocker: Landfall Targets Galaxy Devices with Zero-Day Vulnerability - The Nimble Nerd

Trust: 3.0

Fetched: Nov. 9, 2025, 11:25 a.m., Published: Nov. 7, 2025, 3:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy

LANDFALL Android Malware Exploits Samsung Zero-Day via Malicious WhatsApp Image

Trust: 4.75

Fetched: Nov. 9, 2025, 11:24 a.m., Published: Nov. 8, 2025, 8:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: google model: android
vendor: palo model: networks
db: NVD ids: CVE-2025-55177, CVE-2025-43300, CVE-2025-21042, CVE-2025-21043

CVE-2025-43424 - Apple iOS/ iPadOS HID Device Crash Vulnerability

Trust: 4.75

Fetched: Nov. 9, 2025, 11:21 a.m., Published: Nov. 4, 2025, 2:15 a.m.
 Vulnerabilities: process crash
Affected productsExternal IDs
vendor: apple model: ios
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-43424

Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability

Trust: 5.0

Fetched: Nov. 9, 2025, 11:21 a.m., Published: Nov. 5, 2025, 3:55 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

CVE-2025-6026 - Lenovo Universal Device Client Certificate Validation Weakness

Trust: 3.25

Fetched: Nov. 9, 2025, 11:19 a.m., Published: Oct. 15, 2025, 3:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-6026

iOS 26.1 and iPadOS 26.1 bring multiple critical security fixes - 9to5Mac

Trust: 5.25

Fetched: Nov. 9, 2025, 11:17 a.m., Published: Nov. 3, 2025, 10:59 p.m.
 Vulnerabilities: user interface issue, memory corruption, buffer overflow...
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: installer
vendor: apple model: safari
vendor: apple model: iphone
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2025-43500, CVE-2025-43392, CVE-2025-43423, CVE-2025-43438, CVE-2025-43442, CVE-2025-43384, CVE-2025-43498, CVE-2025-43398, CVE-2025-43432, CVE-2025-43413, CVE-2025-43350, CVE-2025-43421, CVE-2025-43425, CVE-2025-43431, CVE-2025-43458, CVE-2025-43436, CVE-2025-43493, CVE-2025-43447, CVE-2025-43480, CVE-2025-43430, CVE-2025-43457, CVE-2025-43507, CVE-2025-43407, CVE-2025-43443, CVE-2025-43434, CVE-2025-43503, CVE-2025-43444, CVE-2025-43441, CVE-2025-43450, CVE-2025-43427, CVE-2025-43455, CVE-2025-43449, CVE-2025-43391, CVE-2025-43386, CVE-2025-43502, CVE-2025-43435, CVE-2025-43385, CVE-2025-43445, CVE-2025-43439, CVE-2025-43495, CVE-2025-43454, CVE-2025-43462, CVE-2025-43426, CVE-2025-43424, CVE-2025-43379, CVE-2025-43433, CVE-2025-43383, CVE-2025-43452, CVE-2025-43496, CVE-2025-43460, CVE-2025-43422, CVE-2025-43448, CVE-2025-43429, CVE-2025-43294, CVE-2025-43440, CVE-2025-43389

Samsung Zero-Day Vulnerability Targeted by 'Landfall' Spyware - Breach Spot

Trust: 3.75

Fetched: Nov. 9, 2025, 11:17 a.m., Published: Nov. 8, 2025, 4:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2025-43300, CVE-2025-21042

Landfall Android Spyware Campaign Exploits Samsung Zero-Day Vulnerability " CyberSecurityCue 2025

Trust: 3.25

Fetched: Nov. 9, 2025, 11:17 a.m., Published: Nov. 7, 2025, 3:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

'Landfall' spyware abused zero-day to hack Samsung Galaxy phones | TechCrunch

Trust: 3.75

Fetched: Nov. 9, 2025, 11:15 a.m., Published: Nov. 7, 2025, 5:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2025-21042