Home Assistant: Smartphone apps allow takeover by attackers

The companion apps for Android and iOS create a security vulnerability in Home Assistant. Attackers could take over instances.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...