Smart Home Security Blog

218 articles on IoT security, smart devices, and protecting your connected home.

May 29, 2026

D-Link's Router Password Is Printed on the Side of the Device — And That's the Vulnerability

CVE-2026-4377, disclosed May 28 by CERT Polska, reveals that D-Link DWR-X1820 cellular routers generate their default administrative password directly...

D-LinkCVE-2026-4377router security

May 27, 2026

Your ASUS Router May Be Part of a Cyberweapon Right Now: RondoDox Is Exploiting an 8-Year-Old Flaw

On May 17, 2026, a botnet called RondoDox began exploiting CVE-2018-5999 — a critical unauthenticated vulnerability in ASUS routers that was patched i...

ASUSRondoDoxCVE-2018-5999

May 20, 2026

Your Android TV Box Is Being Turned Into a DDoS Weapon: The xlabs_v1 Botnet Explained

Hunt.io researchers discovered a new Mirai-based botnet called xlabs_v1 in early May 2026, targeting Android TV boxes, smart TVs, set-top boxes, and r...

xlabs_v1Miraibotnet

May 16, 2026

Your Router Has a Built-In Password Hackers Already Know: The Four-Faith Mass Exploitation That Started May 12

On May 12, 2026, threat actors began mass-exploiting CVE-2024-9643 in Four-Faith F3x36 routers — a critical flaw involving hard-coded administrative c...

CVE-2024-9643Four-Faithrouter vulnerability

May 8, 2026

The Smart Home Security Label Just Got a New Sheriff — What the FCC's Cyber Trust Mark Means for Every Device You Buy

After UL Solutions abruptly withdrew as lead administrator amid a federal probe into its China ties, the FCC appointed ioXt Alliance to run the U.S. C...

FCCCyber Trust MarkIoT security

May 5, 2026

Your ASUS Router May Be Renting Out Your Internet Connection to Criminals: The KadNap Botnet

Since August 2025, a botnet called KadNap has quietly infected 14,000+ ASUS routers and edge devices, turning them into residential proxies sold throu...

KadNapASUSbotnet

Apr 29, 2026

The Camera Network Tracking Every Drive You Take — And the Global Backlash Tearing It Down

Flock Safety's 80,000-camera license plate reader network performs 20 billion vehicle scans per month, quietly feeding data to police, federal agencie...

Flock SafetysurveillanceALPR

Apr 28, 2026

Another Router Brand, Another CVE Flood: Totolink's Command Injection Wave Hits the A8000RU and A3300R

A wave of critical CVSS 9.8 command injection vulnerabilities hit Totolink routers in late April 2026, with exploits publicly available for the A8000R...

CVETotolinkrouter security

Apr 27, 2026

Your Security Camera Is Broadcasting Its Own Password: CVE-2026-42363 in GeoVision Devices

A critical flaw in GeoVision's IP camera management software broadcasts admin credentials over UDP — and includes the decryption key in the same packe...

CVEGeoVisionIP camera

Apr 26, 2026

The Company Watching Your Home Got Hacked: ADT's Third Breach in a Year Exposes 5.5 Million Customers

ShinyHunters breached ADT through a single phone call to an employee, then walked out with 5.5 million customers' personal data. It's the third ADT br...

data breachsmart homehome security

Apr 25, 2026

Your Old Router Is Stealing Your Microsoft Passwords for Russia — And You'd Never Know

Russian military hackers from GRU's Forest Blizzard unit hijacked over 18,000 home and business routers — without installing any malware — and used th...

RussiaAPT28Forest Blizzard

Apr 24, 2026

The Database That Tells You If Your Devices Are Safe Just Stopped Working for Most Vulnerabilities

NIST announced it will no longer fully analyze most CVEs submitted to the National Vulnerability Database, after a 263% surge in vulnerability submiss...

NISTNVDCVE

Showing 12 of 218 articles

Load More →