Iot Security
The latest Iot Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Hubitat CVE-2026-1201: Critical Authorization Bypass Patched in Firmware 2.4.2.157
A critical security vulnerability in Hubitat Elevation smart home hubs has been patched in a recent firmware update, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing a...
YoLink Hub Update Fixes Flaws That Could Let Attackers Remote-Control Your Smart Lock
Federal cybersecurity officials warned on Tuesday that multiple flaws in the YoLink smart home hub and its supporting infrastructure could let attackers remotely unlock connected deadbolts, silently...
CISA Flags Sierra Wireless AirLink CVE-2018-4063: Critical IoT Gateway Patch Now Mandatory
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated a six-year-old vulnerability in Sierra Wireless AirLink gateways to critical status, adding CVE-2018-4063 to its Known...
Azure Thwarts Record 15.72 Tbps DDoS Attack: Cloud Security Milestone
Microsoft's Azure cloud platform has successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded, neutralizing a massive 15.72 terabits per second assault that...
CVE-2025-11243: Critical DoS Vulnerability in Shelly Pro 4PM Devices
A newly discovered critical vulnerability in Shelly Pro 4PM smart energy monitoring devices could allow attackers to remotely crash the devices through specially crafted network requests. The...
Brightpick Mission Control Security Flaws Expose Warehouse Robots to Remote Attacks
A critical security vulnerability in Brightpick Mission Control software has exposed warehouse automation systems to remote attacks, allowing unauthenticated actors to access sensitive credentials...
CloudEdge CVE-2025-11757 MQTT Vulnerability: Critical Camera Security Risk
A critical security vulnerability designated CVE-2025-11757 has been identified in CloudEdge camera systems, exposing millions of IoT devices to remote attacks through unauthenticated MQTT protocol...
CVE-2025-9494, CVE-2025-9495: Critical OS injection and auth bypass hit Vitogate 300
Two high-severity vulnerabilities, CVE-2025-9494 and CVE-2025-9495, have been disclosed in the Viessmann Vitogate 300, a widely used IoT gateway device. These flaws expose systems to OS command...
Vendor Won't Fix Daikin Gateway Pre-Auth Password Reset Bug—Public Exploit Code Heightens Risk for Energy Sector
A critical pre-authentication password reset vulnerability in Daikin Security Gateways, tracked as CVE-2025-10127, has entered a dangerous phase: public proof-of-concept exploit code is circulating,...
CISA Adds Actively Exploited TP-Link Extender and WhatsApp Zero-Click Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch them...
When 99% of Cloud Breaches Start with a Checkbox: Inside Borderless CS's New Hardening Offensive
Misconfigured cloud storage buckets, unchanged default admin passwords, and unpatched Windows servers continue to fuel the majority of enterprise breaches—and one Australian cybersecurity firm just...
Microsoft Copilot Lands on Samsung 2025 TVs with Animated Avatar, Voice AI, and Visual Cards
Microsoft and Samsung have officially launched Copilot on select 2025 Samsung TVs and Smart Monitors, bringing a voice-powered AI companion with an animated, lip-synced avatar directly to the biggest...