🏷️ IoT-security

22 articles tagged IoT-security.

The Credential Reckoning: Smart Office Security in the First Half of June 2026

In two weeks, CISA published three IoT advisories covering smart doorbells, cameras and a yard robot — every headline flaw a hardcoded or default credential. Acer shipped fixes for two CVSS 10.0 mesh-router zero-days, Cisco confirmed active exploitation of an SD-WAN Manager flaw, and a multi-agency advisory warned of attacks on internet-exposed fuel-tank gauges. All of it lands as the EU Cyber Resilience Act's 24-hour reporting clock counts down to September 11.

June 14, 2026

Three Advisories, One Root Cause: CISA Flags Hardcoded and Default Credentials in Office IoT

On a single day, CISA published advisories for a smart doorbell and camera platform, a line of network cameras, and a connected outdoor robot. The CVEs differ; the root cause does not. Hardcoded cryptographic keys, default passwords, and credentials served up to anyone who asks — across devices that quietly accumulate on office networks, two of them with no patch coming.

June 11, 2026

Ninety Days to the Clock: What the EU Cyber Resilience Act's 24-Hour Reporting Rule Means for Connected Offices

From September 11, 2026, manufacturers of connected products sold in the EU must report actively exploited vulnerabilities to ENISA within 24 hours. The obligation reaches routers, cameras, smart-building devices and OT, carries fines up to €15 million or 2.5% of global turnover, and reshapes how buyers should evaluate vendors. With roughly 90 days to go, two-thirds of vendors say they are still unfamiliar with the regulation.

June 9, 2026

When the Network Is the Target: Acer's CVSS 10.0 Router Zero-Days and an Exploited Cisco SD-WAN Flaw

Acer shipped advisories for two maximum-severity zero-days in its Wave 7 mesh routers — a world-readable log leaking cleartext admin credentials and a hardcoded AES key that lets attackers backdoor device backups. Days later, Cisco confirmed active exploitation of a Catalyst SD-WAN Manager flaw being chained to push rogue configurations to edge devices. Both fit the dominant 2026 pattern: the network itself is the target.

June 5, 2026

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026

Industrial Routers Under Botnet Attack: Four-Faith and ASUS Vulnerabilities Being Actively Exploited in OT Networks

Two vulnerabilities in widely deployed industrial and commercial routers are being actively exploited by botnets in May 2026. CVE-2024-9643 in Four-Faith F3x36 Industrial Cellular Routers, scoring 9.8 on CVSS, allows full administrative control without authentication. CVE-2018-5999 in ASUS AsusWRT routers, a vulnerability from 2018, has been re-weaponized by the RondoDox botnet as of May 17, 2026. Both vulnerabilities are being used to build botnet infrastructure, and compromised industrial routers in OT environments create paths from the internet directly into production control systems.

May 8, 2026

Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

New research tracking connected device risk across IT, OT, IoT, and IoMT environments has named routers the single most dangerous device category in enterprise networks, averaging 32 vulnerabilities per device and accounting for roughly a third of all critical vulnerabilities found in corporate infrastructure. Forty percent of device types on the 2026 riskiest list are entirely new entries, and 75% were not on the list two years ago — a pace of attack surface expansion that most security programs are not designed to absorb.

May 1, 2026

Smart Office Security Week in Review: The Seven Things That Mattered, April 22–28, 2026

This week produced a joint intelligence advisory on Chinese state-sponsored IoT device hijacking, a major Cisco wireless security report confirming that 85% of organizations are getting hit through wireless and IoT, critical vulnerabilities in Siemens industrial edge and building automation systems, a landmark workforce report linking skills gaps to real breaches, and a new NIST initiative on OT network visibility. Here is what it means for organizations running connected office environments.

April 29, 2026

When Your Security Cameras Become the Attacker's Infrastructure: The IoT Pivot Threat in Smart Buildings

Security cameras, smart displays, and building automation devices are no longer just passive targets in a cyberattack — they are being actively repurposed as attack infrastructure. State-sponsored actors and criminal groups are using compromised IP cameras and IoT equipment as relay nodes, reconnaissance tools, and lateral movement staging points inside the networks they were supposed to protect.

April 24, 2026

85% of Organizations Got Hit Through Wireless: What the Cisco 2026 State of Wireless Report Means for Your Smart Office

Cisco surveyed 6,098 wireless decision-makers across 30 countries and found that 85% of organizations experienced wireless security incidents in the past year, with IoT and OT devices identified as the primary weak link. Half of those incidents cost over $1 million. Here is what the data means for organizations running connected smart offices.

April 23, 2026

China Is Weaponizing Your Office Router and IoT Devices: The Volt Typhoon and Flax Typhoon Threat Explained

A joint advisory from CISA, the FBI, NSA, and allied intelligence agencies issued April 22, 2026 confirms that Chinese state-sponsored groups are systematically compromising SOHO routers, IoT devices, and smart office equipment to build covert attack infrastructure. Your network edge devices are not just targets — they are being turned into weapons.

April 22, 2026

The ODNI Report Nobody Read: China, Russia, Iran, and North Korea Are All-In on Your Critical Infrastructure

The ODNI's annual threat assessment and Google's defense industrial base report confirm what a week of incidents has made viscerally clear: every major nation-state adversary has simultaneously prioritized critical infrastructure cyberattacks. The IoT and OT devices connecting your operations to the internet are their preferred entry point.

April 21, 2026

Shadow AI Is Your Biggest Unmanaged IoT Problem — And 76% of Organizations Already Have It

Shadow AI has surged to 76% of organizations in 2026, up from 61% a year ago. AI agents now autonomously control IoT devices, access operational systems, and make decisions without security oversight. The result is a new category of unmanaged attack surface that most enterprise security teams aren't equipped to handle.

April 17, 2026

North Korea Backdoored axios — 100 Million Projects Didn't Notice for 39 Minutes

North Korean threat actors compromised the axios npm package — used in 100 million JavaScript projects weekly — through a hijacked maintainer account, delivering a cross-platform RAT in under an hour. For IoT and embedded device builders, it's a wake-up call about firmware supply chain risk.

April 14, 2026

Your Solar Panels Are Now a Cyberattack Vector: The Grid-Edge Threat Nobody Budgeted For

Millions of internet-connected solar inverters, battery storage systems, and smart meters now form the most distributed attack surface on the power grid. Security researchers have identified critical vulnerabilities that could allow remote manipulation of grid-edge devices at scale.

April 10, 2026

Open Source vs Corporate Smart Office: How to Actually Automate Your Office — From Access Control to Cameras to the Kitchen

Should your smart office run on Home Assistant, Frigate, and open-source access control — or on Verkada, Lenel, and Cisco Meraki? This is the real comparison: cost, control, privacy, security, and what actually works when you're running an office of 5 to 500 people.

April 9, 2026

Masjesu: The Commercial IoT Botnet That Sells 290 Gbps DDoS Attacks on Telegram — and Targets Your Factory Floor

Security researchers have exposed Masjesu, a sophisticated IoT botnet sold as a DDoS-for-hire service on Telegram. It targets routers and gateways across ARM, MIPS, and AMD64 architectures — and has begun extorting smart manufacturing operations.

April 8, 2026

Walmart's AI Price Tags Know Your Budget Before You Do — And That's Just the Beginning

Walmart's digital price tags are the infrastructure for AI-driven dynamic and personalized pricing. Your data is being used to determine what you pay.

March 25, 2026

Lights Out: How Power Grid Attacks Are Crippling Smart Cities in the 2026 Conflict

Iraq went dark. Iran hit 1% connectivity. When the power grid falls, smart cities become dumb targets. Here's the pattern emerging from the 2026 conflict — and what it means for IoT-dependent enterprises.

March 8, 2026

When Water Becomes a Weapon: Critical Infrastructure Under Fire in the 2026 Iran Conflict

Iran just struck a Bahrain desalination plant. The US hit one in Iran. Meanwhile, IRGC-linked hackers have been inside American water systems since 2023. Here's what the 2026 war means for water infrastructure security.

March 8, 2026

IoT Security and SSAE 18 Compliance: A Comprehensive Guide for Office Environments

Implement IoT security measures in office environments to align with SSAE 18 principles and protect office spaces.

April 16, 2023

← All topics