✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Commercial Real Estate
Breach intelligence, attack campaigns, and threat reports targeting the Commercial Real Estate sector.
Explore Other Sectors
Commercial Real Estate Threat Reports
Yarbo Mobile App Vulnerabilities Expose Robot Fleet to Remote Control
In June 2026, critical vulnerabilities were identified in Yarbo's Android and iOS mobile applications and cloud infrastructure. These flaws included hard-coded MQTT broker credentials and inadequate authorization controls, allowing unauthorized access to telemetry data and remote command execution on Yarbo's robotic devices. Exploitation of these vulnerabilities could lead to unauthorized control over the robot fleet and exposure of sensitive user information. Yarbo has since released updates to address these issues, urging users to update their applications to version 3.17.4 or later. This incident underscores the persistent risks associated with hard-coded credentials and misconfigured cloud services in IoT devices. As the adoption of connected devices continues to rise, ensuring robust security measures and regular updates is crucial to prevent unauthorized access and potential exploitation.
1 week ago
Kill Chain
Critical Vulnerability in KMW CCTV Security Cameras (CVE-2026-5386)
In May 2026, a critical vulnerability (CVE-2026-5386) was identified in KMW CCTV Security Cameras, specifically models KM-IP521 and KM-IP421. This flaw allows unauthenticated attackers to remotely reset the administrator password to a known value, granting full access to camera feeds and settings. The vulnerability poses significant risks to critical infrastructure sectors, including commercial facilities, government services, and financial services. KMW has released firmware updates to address this issue and recommends users apply these updates promptly. ([windowsforum.com](https://windowsforum.com/threads/cisa-icsa-26-148-06-kmw-cctv-critical-password-reset-flaw.420548/?utm_source=openai)) This incident underscores the growing security challenges associated with IoT devices in critical infrastructure. The ease of exploitation and potential impact highlight the necessity for robust security measures, including regular firmware updates and network segmentation, to protect against unauthorized access and potential breaches.
3 weeks ago
Kill Chain
Critical XSS Vulnerability in CP Plus NVRs: CVE-2026-6824
In May 2026, a critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-6824, was discovered in CP Plus 8 Channel Network Video Recorders (NVRs). This flaw allows attackers to inject malicious scripts into the device's web interface, which execute in the browsers of authenticated users or administrators upon access. Exploitation can lead to session hijacking, unauthorized actions, data exposure, and compromise of system integrity. The affected versions include CP-UNR-108F1 Hardware V1.0, Web V3.2.7.128806, and System V4.001.00AT009.0.R. ([socdefenders.ai](https://www.socdefenders.ai/item/a70ca9af-a0bb-4b2f-9cf8-a89beb76b2b9?utm_source=openai)) This incident underscores the persistent threat posed by web-based vulnerabilities in critical infrastructure devices. As attackers increasingly target such systems, organizations must prioritize regular security assessments, timely patching, and adherence to best practices to mitigate risks associated with similar vulnerabilities.
3 weeks ago
Kill Chain
Critical Vulnerability in ABB's Busch-Welcome 2 Wire Door Opener Actuator (CVE-2025-7705)
In July 2025, ABB disclosed a vulnerability (CVE-2025-7705) in its Busch-Welcome 2 Wire Door Opener Actuator, specifically affecting all versions of the Switch Actuator 4 DU (model 83330) and Switch Actuator, door/light 4 DU (model 83330-500). The issue arises from the devices operating in compatibility mode by default, which could allow an attacker with physical access to bypass authentication mechanisms and gain unauthorized entry to buildings where these devices are installed. The vulnerability has been assigned a CVSS v3.1 base score of 6.8, indicating medium severity. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/cve-2025-7705?utm_source=openai)) This incident underscores the critical importance of securing physical access control systems, especially in commercial facilities. As IoT devices become increasingly integrated into building management, ensuring their security configurations are properly set and regularly updated is paramount to prevent unauthorized access and potential security breaches.
3 weeks ago
Kill Chain
Critical XSS Vulnerability in Kieback & Peter DDC Controllers: CVE-2026-4293
In May 2026, a cross-site scripting (XSS) vulnerability, identified as CVE-2026-4293, was discovered in Kieback & Peter DDC Building Controllers. This flaw allows attackers to execute malicious JavaScript in a victim's browser via the controller's web interface, potentially leading to unauthorized control over the browser. Affected models include DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400, DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e, and DDC520, with firmware versions up to 1.12.14 and 1.23.4, respectively. ([windowsforum.com](https://windowsforum.com/threads/kieback-peter-ddc-xss-advisory-patch-supported-controllers-isolate-legacy-ot.418939/?utm_source=openai)) This incident underscores the critical need for robust security measures in building automation systems, especially as such vulnerabilities can serve as entry points for broader network compromises. Organizations are urged to update firmware where possible and isolate legacy systems to mitigate potential risks.
1 month ago
Kill Chain
Critical Vulnerability in Johnson Controls CEM AC2000: CVE-2026-21661
In May 2026, a critical vulnerability (CVE-2026-21661) was identified in Johnson Controls' CEM AC2000 versions 10.6, 11.0, and 12.0. This flaw, stemming from an uncontrolled search path element, allows standard users to escalate privileges on the host machine via DLL hijacking. The vulnerability affects sectors such as Critical Manufacturing, Commercial Facilities, Government Services, Transportation Systems, and Energy. Johnson Controls has released specific updates to remediate this issue. The incident underscores the persistent risks associated with DLL hijacking vulnerabilities in critical infrastructure systems. Organizations are urged to promptly apply the recommended updates and review their security protocols to prevent potential exploitation.
1 month ago
Kill Chain
Critical Vulnerability in Xiongmai XM530 IP Cameras: CVE-2025-65856
In December 2025, a critical authentication bypass vulnerability, identified as CVE-2025-65856, was discovered in Xiongmai XM530 IP cameras running Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. This flaw allows unauthenticated remote attackers to access sensitive device information and live video streams by exploiting the ONVIF implementation, which fails to enforce authentication on 31 critical endpoints. The vulnerability poses significant privacy and security risks to organizations and individuals relying on these surveillance devices. The public release of proof-of-concept exploit code in April 2026 has heightened the urgency for remediation. Despite the severity of the issue, the manufacturer has yet to provide a patch, leaving thousands of devices worldwide vulnerable to potential exploitation.
2 months ago
Kill Chain
Critical Vulnerability in Pharos Controls Mosaic Show Controller: CVE-2026-2417
In March 2026, a critical vulnerability (CVE-2026-2417) was identified in Pharos Controls' Mosaic Show Controller firmware version 2.15.3. This flaw allows unauthenticated attackers to execute arbitrary commands with root privileges, potentially compromising the integrity and functionality of the affected devices. Pharos Controls has released firmware version 2.16 to address this issue and recommends that all users upgrade promptly to mitigate the risk of exploitation. This incident underscores the importance of timely firmware updates and robust authentication mechanisms in industrial control systems. Organizations utilizing such systems should prioritize regular security assessments and implement comprehensive access controls to safeguard against similar vulnerabilities.
3 months ago
Kill Chain
Critical Unauthenticated Access Vulnerability in Honeywell IQ4x BMS Controllers (2026)
In March 2026, a critical vulnerability (CVE-2026-3611) was identified in Honeywell's IQ4x Building Management System (BMS) controllers. The flaw allows unauthenticated access to the web-based Human-Machine Interface (HMI) in factory-default configurations, enabling remote attackers to create administrative accounts, manipulate building controls, and potentially lock out legitimate operators. This vulnerability affects multiple models, including IQ4E, IQ412, IQ422, IQ4NC, IQ41x, IQ3, and IQECO, across firmware versions from v3.50_3.44 to v4.36_build_4.3.7.9. ([community.itbible.org](https://community.itbible.org/t/honeywell-iq4x-bms-controller/2685?utm_source=openai)) The discovery underscores the critical need for secure default configurations in industrial control systems. With thousands of these controllers potentially exposed online, the risk of unauthorized access to critical infrastructure is heightened, emphasizing the importance of immediate remediation and robust security practices in operational technology environments. ([cybersecuritynews.com](https://cybersecuritynews.com/thousand-of-honeywell-controllers-exposed/?utm_source=openai))
3 months ago
Kill Chain
Critical Unauthenticated API Vulnerability in Honeywell CCTV Products (CVE-2026-1670)
In February 2026, a critical vulnerability (CVE-2026-1670) was identified in Honeywell CCTV products, allowing unauthenticated attackers to remotely modify the 'forgot password' recovery email address via an exposed API endpoint. This flaw could lead to unauthorized access to camera feeds and potential network compromise. Affected models include I-HIB2PI-UL 2MP IP (version 6.1.22.1216), SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0, PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0, and 25M IPC WDR_2MP_32M_PTZ_v2.0. ([cvedetails.com](https://www.cvedetails.com/cve/CVE-2026-1670/?utm_source=openai)) The vulnerability underscores the importance of securing IoT devices, especially in critical infrastructure sectors. Organizations are urged to apply patches promptly and implement robust access controls to mitigate such risks.
4 months ago
Kill Chain
Critical Vulnerability in TP-Link VIGI Cameras: Authentication Bypass Exploit (CVE-2026-0629)
In January 2026, a critical vulnerability (CVE-2026-0629) was discovered in TP-Link's VIGI series surveillance cameras, affecting over 32 models. This flaw allowed attackers on the same local network to bypass authentication by exploiting the password recovery feature in the cameras' local web interface. By manipulating client-side state, attackers could reset the administrator password without verification, granting them full administrative access to the device. This access enabled potential compromise of device configurations, network security, and unauthorized viewing of live and recorded video feeds. ([tp-link.com](https://www.tp-link.com/us/support/faq/4899/?utm_source=openai)) The incident underscores the growing risks associated with IoT devices in corporate environments. As surveillance systems become increasingly integrated into business operations, vulnerabilities like this highlight the necessity for robust security measures, regular firmware updates, and network segmentation to prevent unauthorized access and potential data breaches.
4 months ago
Kill Chain
Critical Vulnerability in Avation Light Engine Pro Exposes Systems to Unauthorized Access
In February 2026, a critical vulnerability (CVE-2026-1341) was identified in Avation's Light Engine Pro devices, which are widely deployed in commercial facilities worldwide. The flaw involves the exposure of the device's configuration and control interface without any authentication or access control, potentially allowing unauthorized users to gain full control over the device. This vulnerability poses significant risks, including unauthorized access, data manipulation, and potential disruption of operations. ([itsecuritynews.info](https://www.itsecuritynews.info/avation-light-engine-pro/?utm_source=openai)) The absence of authentication mechanisms in critical infrastructure devices underscores the urgent need for robust security measures. Organizations must prioritize the implementation of authentication protocols and access controls to safeguard against such vulnerabilities, especially in devices integral to operational technology environments.
4 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports