IoT security Archives • Daily CyberSecurity

Critical Security Flaw Exposes Industrial IoT Converters USR-W610 vulnerability hardcoded administrative credentials

Critical Security Flaw Exposes Industrial IoT Converters

Do Son June 3, 2026

A severe flaw has put industrial serial-to-ethernet converters at risk this week. Specifically, a newly discovered USR-W610...

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication ZKTeco CCTV Vulnerability CVE-2026-8598 Patch

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication

Do Son May 20, 2026

A newly disclosed, critical vulnerability in ZKTeco CCTV cameras is serving as a reminder that the devices...

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets

Do Son May 19, 2026

A critical authentication bypass flaw in industrial cellular routers has transitioned into a full-blown mass exploitation campaign,...

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices dnsmasq Vulnerabilities DNS Cache Poisoning

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices

Do Son May 13, 2026

In the foundational architecture of small-to-medium networks and home routing devices, dnsmasq is the open-source networking tool...

The 2029 Lifeline: Why the FCC Just Postponed the “Death Sentence” for Millions of Drones and Routers FCC drone router firmware extension 2029 CVE-2024-21833 FCC foreign router ban 2026

FCC drone router firmware extension 2029 CVE-2024-21833 FCC foreign router ban 2026

The 2029 Lifeline: Why the FCC Just Postponed the “Death Sentence” for Millions of Drones and Routers

Do Son May 12, 2026

The Office of Engineering and Technology of the U.S. Federal Communications Commission (FCC) recently issued a proclamation...

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover

Do Son May 5, 2026

Qualcomm has released its May 2026 Security Bulletin, disclosing a series of high-impact vulnerabilities across its proprietary...

The Tadashi Files: Inside the xlabs_v1 Botnet Targeting 4 Million Android Devices xlabs_v1 Botnet ADB Port 5555 Exploit

The Tadashi Files: Inside the xlabs_v1 Botnet Targeting 4 Million Android Devices

Do Son May 3, 2026

Security researchers at Hunt Intelligence have dismantled the operational blueprint of a new Mirai-derived botnet dubbed xlabs_v1....

Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw KMW CCTV vulnerability unauthenticated password reset Xiongmai IP Camera Vulnerability CVE-2025-65856 CVE-2024-8956 (CVSS 9.1): PTZOptics Cameras

KMW CCTV vulnerability unauthenticated password reset Xiongmai IP Camera Vulnerability CVE-2025-65856 CVE-2024-8956 (CVSS 9.1): PTZOptics Cameras

Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw

Do Son April 24, 2026

In a disturbing development for IoT security, a critical unpatch vulnerability has been found in Hangzhou Xiongmai...

Command Injection Vulnerability (CVE-2025-29635) Exploited in the Wild Cloudflare DDoS attacks 2 Tbps

Command Injection Vulnerability (CVE-2025-29635) Exploited in the Wild

Do Son April 22, 2026

The Akamai Security Intelligence and Response Team (SIRT) has issued a warning regarding a surge in malicious...

Nexcorium Botnet Turns Unpatched DVRs into DDoS Foot Soldiers Nexcorium Botnet Mirai Variant

Nexcorium Botnet Turns Unpatched DVRs into DDoS Foot Soldiers

Do Son April 21, 2026

Security researchers at FortiGuard Labs have uncovered a sophisticated campaign deploying Nexcorium, a multi-architecture Mirai variant that...

RondoDox Botnet Hijacks Everything from IoT to Fortnite RondoDox Botnet Nanomite Anti-Debugging

RondoDox Botnet Hijacks Everything from IoT to Fortnite

Do Son April 21, 2026

A new deep-dive analysis from BitSight has unmasked the RondoDox Botnet, a sophisticated and rapidly evolving threat...

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform OpenRemote RCE IoT Security

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform

Do Son April 15, 2026

Security researchers have sounded a major alarm for the internet-of-things (IoT) sector as OpenRemote, a popular 100%...

Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio UniFi OS vulnerabilities, Ubiquiti security flaws, CVE-2026-47367, CVE-2026-47369, CVE-2026-47370 Ubiquiti UniFi OS Vulnerabilities UniFi OS Firmware Update 2026 UniFi Play Vulnerability Critical RCE Patch Ubiquiti UniFi Vulnerability CVE-2026-22557

UniFi OS vulnerabilities, Ubiquiti security flaws, CVE-2026-47367, CVE-2026-47369, CVE-2026-47370 Ubiquiti UniFi OS Vulnerabilities UniFi OS Firmware Update 2026 UniFi Play Vulnerability Critical RCE Patch Ubiquiti UniFi Vulnerability CVE-2026-22557

Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio

Do Son April 14, 2026

Ubiquiti has issued an urgent security advisory for its UniFi Play audio lineup, addressing a suite of...

Inside the Masjesu IoT Botnet’s 3-Year Stealth Reign Masjesu Botnet IoT DDoS Protection

Inside the Masjesu IoT Botnet’s 3-Year Stealth Reign

Do Son April 14, 2026

Trellix ARC has released a deep dive into the Masjesu botnet, a threat that has redefined stealth...

Smart Home Alert: Critical Flaws Exposed in TP-Link Tapo Security Cameras

Do Son April 3, 2026

A security advisory from TP-Link have exposured a series of high-severity vulnerabilities—ranging from CVE-2026-34118 to CVE-2026-34124—affecting the...

Turf War in Your Living Room: ‘Katana’ Botnet Hijacks Android TV Boxes with Custom Rootkits Katana Botnet Android TV Malware

Turf War in Your Living Room: ‘Katana’ Botnet Hijacks Android TV Boxes with Custom Rootkits

Do Son March 22, 2026

A specialized report from the Nokia Deepfield Emergency Response Team (ERT) has identified a sharp escalation in...

New Mirai Variant and “Monaco” Miner Targeting Linux Devices Linux Malware CondiBot

New Mirai Variant and “Monaco” Miner Targeting Linux Devices

Do Son March 20, 2026

Security researchers at Eclypsium have identified two distinct and previously undocumented malware strains targeting Linux-based systems. On...

The Shotgun Approach: BitSight Exposes RondoDox Botnet’s Rapid-Fire 174-Exploit Arsenal Targeting IoT RondoDox Botnet BitSight IoT Security

The Shotgun Approach: BitSight Exposes RondoDox Botnet’s Rapid-Fire 174-Exploit Arsenal Targeting IoT

Do Son March 16, 2026

As the Internet of Things (IoT) ecosystem swells toward an estimated 41.1 billion connected devices by 2030,...

Critical 9.4 CVSS Zephyr RTOS Flaw Exposes Millions of IoT Devices to RCE Zephyr RTOS Vulnerability CVE-2026-1678

Critical 9.4 CVSS Zephyr RTOS Flaw Exposes Millions of IoT Devices to RCE

Do Son March 9, 2026

Security researchers have disclosed a critical memory-safety vulnerability in the Zephyr Project, a high-profile, scalable real-time operating...

Integer Overflow Flaw in Apache ActiveMQ Exposes MQTT Brokers to DoS ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

Integer Overflow Flaw in Apache ActiveMQ Exposes MQTT Brokers to DoS

Do Son March 5, 2026

The Apache Software Foundation has released a security update for Apache ActiveMQ, addressing a significant integer overflow...

Critical Alert 1 Active Exploit Detected Today