Tag: iot security
21 articles

U-Boot Flaws Expose Devices to Code Execution, Crashes
Six newly discovered flaws in U-Boot, a widely used bootloader, leave devices from home routers to data-center servers vulnerable to code execution and crashes, posing a significant risk to everything that loads after it. These vulnerabilities can be exploited before the operating system even starts, undermining the entire security chain.

Ubiquiti Fixes Flaws in UniFi Ecosystem
Ubiquiti has patched a critical vulnerability in its UniFi ecosystem, specifically a command injection flaw with a perfect 10.0 CVSS score, that could let hackers take control of your device. The update fixes issues across UniFi products, shielding you from potential attacks that could escalate privileges or make unauthorized changes.

Tenda Router Firmware Exposes Hidden Admin Backdoor
A critical vulnerability in Tenda router firmware, tracked as CVE-2026-11405, allows hackers to bypass password verification and gain full administrative control of your device. This hidden backdoor puts your online security at risk, and a patch is still pending.

RustDuck Botnet Evolves with Rust Rewrite to Evade Detection
Meet RustDuck, a sneaky botnet that's been evolving to evade detection since February 2026, tracked by researchers at QiAnXin's XLab. It gains a foothold by exploiting weak passwords, unpatched vulnerabilities, and targeting specific web software.

Smart TVs Compromised by Proxyware Vulnerabilities Plague 24-Year-Old Curl AI Emerges in Cybercrime Forums Hackers Exploit Microsoft Teams Legacy Credentials Fuel Data Breaches
Over a third of smart TV apps, including clocks, screensavers, and games, contain residential proxy software, putting your device at risk. Researchers found that 42.5% of LG webOS and 26.9% of Samsung Tizen apps harbour these vulnerabilities.

Canada's Spy Agency Neutralizes Foreign Botnets with Landmark Warrant
In a groundbreaking move, Canada's spy agency, CSIS, has successfully neutralized two foreign-run botnets operating on Canadian soil, thanks to a landmark warrant that allowed them to access and shut down infected devices. This pioneering threat-reduction tactic marks a major win in the fight against botnet threats.

NetNut Exposed in Massive Popa Botnet Operation
Meet Popa, a sneaky Android-based plugin that's been secretly infiltrating over 1.4 million internet addresses via unofficial streaming apps and set-top devices, researchers have uncovered. This stealthy operation is linked to the notorious Vo1d botnet family, which has been targeting vulnerable Android TV boxes.

Microsoft Fixes Flaw in Surface Hardware That Allowed Devices to Be Bricked
A security researcher recently discovered that Microsoft's Copilot AI tool could be used to create a series of aggressive Python scripts that accidentally bricked a Surface device by overwriting its firmware. The incident highlights a flaw in Microsoft's Surface hardware that has since been fixed.

China Exposes Botnet Resurgence, AI Influence Ops Targeting US
A botnet once dismantled by US law enforcement has made a stunning comeback, with over 1,500 compromised routers and IoT devices now under the control of China-nexus actors, who are using it to fuel influence campaigns and recruitment scams. This resurgence poses a significant threat, with the same group of actors still active and causing chaos.

Ransomware Attacks Surge as Clop Gang Dominates Threat Landscape
Ransomware attacks have skyrocketed, with over 343 million blocked by Kaspersky products in just the first quarter of 2026 alone, highlighting a surge in threats from the notorious Clop gang and other malicious players. This alarming trend underscores a quarter marked by intensified ransomware activity and rapidly evolving cyber threats.

Wireless Vulnerabilities Skyrocket, Outpacing Traditional Threats
The number of wireless vulnerabilities has skyrocketed, with a staggering 937 new threats discovered in 2025 alone - that's 2.5 new vulnerabilities every day. This represents a 60% increase since the start of 2024, and a growth rate that's 20 times faster than traditional threats over the last 15 years.

Flaws in EV Charger Security Expose Cities to Denial-of-Service Attacks
A security researcher recently demonstrated how easily electric vehicle chargers can be hacked, leaving cities vulnerable to denial-of-service attacks with just a few clicks. In a stunning Black Hat Asia presentation, he showed how typing a simple charger ID into a custom-built script could instantly render a charging port useless.
Dutch Navy Exposed by Cheap Bluetooth Tracker Mishap
A €5 Bluetooth tracker and some basic online sleuthing allowed journalists to track a Dutch navy frigate, exposing a shocking lapse in operational security that has left many wondering how such a breach could occur. It seems that publicly available information, combined with a tiny device that's cheaper than a cup of coffee, was all it took to reveal the warship's location.

Transportation Sector Grapples with Rising Cyber Risks from Connected Vehicles
As modern trucks transform into data centers on wheels, loaded with sensors and connectivity, they also become vulnerable to cyber threats - turning transportation into a pressing cybersecurity issue. With their expanding attack surfaces, the transportation sector is racing against time to tackle the fast-evolving risks of connected vehicles.

Raspberry Pi OS Tightens Sudo Security with Password Mandate
Raspberry Pi OS just got a major security boost: the latest release now requires a password by default when using the sudo command, putting an end to its previously open-door policy and adding an extra layer of protection to your device. This simple yet significant change means you'll need to enter a password to access sudo, giving you more control over who holds the keys to your device.

Fitness Equipment Exposes Weak Link in Gym Security
A recent security mishap at a gym serves as a stark reminder of the importance of safeguarding sensitive information, as a technician's careless mistake - stapling configuration details to a cupboard - left fitness equipment vulnerable to exploitation by mischief makers. This embarrassing blunder highlights the need for vigilance in protecting security credentials.

Masjesu Botnet Targets Global IoT Devices with DDoS-for-Hire Service
Meet Masjesu, a stealthy botnet that's been quietly building an army of compromised IoT devices to launch devastating DDoS attacks - and it's available for rent to anyone with a Telegram account. This covert network has been operating in the shadows since 2023, offering a sinister DDoS-for-hire service that's got cybersecurity experts sounding the alarm.

NCSC Warns of Russia's Ongoing Router Exploits
Russia's notorious hackers, Fancy Bear, are exploiting routers to steal passwords and sensitive information, compromising the security of countless individuals and organisations. With around 5,000 devices and 200 organisations already affected, experts warn that this latest threat is one to take seriously.

Coffee Machines Expose Corporate Networks to Hacking Risks
Your daily cup of coffee might be putting your company's network at risk of a massive breach, thanks to the humble coffee machine's connection to the internet. Connected devices like these can unwittingly create a backdoor for hackers into an otherwise secure environment.

Critical Flaw Exposes 7,000 Robot Vacuums to Alarming Remote Hacking Risk
A security researcher recently discovered a critical flaw that leaves around 7,000 robot vacuums vulnerable to remote hacking, raising alarming concerns about the safety of our increasingly connected lives. This startling finding highlights the dark side of the Internet of Things (IoT) and the urgent need for better device security.

Critical Camera Alert: Apple's Indicator Light Shields Users from Devastating Malware Risks
Imagine being able to trust that your camera isn't being secretly used - Apple’s camera indicator lights offer a simple yet powerful solution, giving you peace of mind with a reassuring glow that alerts you when your camera is in use. This clever feature is a game-changer in the fight against malware and hacking, empowering you to take control of your digital security.