Hacktivate Labs: 2025 Security & Dev Update
In 2025, AI agents moved from labs into production, opening new attack surfaces and exposing outdated security architecture. At Hacktivate Labs, we break down the year’s key security trends—from AI agent security and ransomware-driven projects.
#NetworkSecurity #CyberSecurity #HacktivateLabs #AI #Automation #PenTesting #DevSecOps #ZeroTrust #Ransomware #AIsecurity #SecurityGadgets #IoTSecurity #SecureDevelopment #TechTrends #Programming
ShadowV2, a new Mirai-based IoT botnet variant, is exploiting multiple CVEs across D-Link, TP-Link, DD-WRT, DigiEver, and TBK devices. Activity was first seen during the AWS outage, suggesting early testing. The botnet connects to a C2 server and supports UDP/TCP/HTTP DDoS attacks.
Full analysis:
https://www.technadu.com/new-mirai-variant-shadowv2-targets-vulnerable-iot-devices-to-create-botnet-for-ddos-attacks/614670/
#CyberSecurity #IoTSecurity #Botnet #ThreatIntel #DDoS #TechNadu
New research finds that exposure in aircraft cabin IoT doesn’t happen over the air - it happens once data reaches any authorized device that can read full sensor details.
Tests of differential privacy and secret sharing show viable paths toward protecting readings at the source without breaking cabin performance.
Follow TechNadu for more clear, research-based security insights.
Source: https://www.helpnetsecurity.com/2025/11/25/aircraft-cabin-iot-privacy-exposure/
#infosec #iotsecurity #aviationtech #privacyengineering #threatintel #techcommunity #TechNadu
Censys analysis shows that Android TV boxes like Superbox use unauthorized app stores, DNS hijacking, ARP poisoning, and proxy relays communicating with Tencent QQ and Grass IO.
Stable retail availability remains a concern.
Full write-up:
https://www.technadu.com/streaming-devices-and-iot-security-threats-android-tv-boxes-linked-to-botnet-activity/614472/
Follow TechNadu for more threat research updates.
#Infosec #IoTSecurity #AndroidTV #Botnet #HomeNetworkSecurity #CyberThreats
🚨 CVE-2025-11243 (HIGH): Shelly Pro 4PM devices <1.6 allow unauthenticated remote DoS via resource exhaustion. Patch to 1.6+ when available & use network controls to mitigate risk. No exploits seen yet. Details: https://radar.offseq.com/threat/cve-2025-11243-cwe-770-allocation-of-resources-wit-07445dd8 #OffSeq #IoTSecurity #Vuln
Microsoft reports a 15.72 Tbps DDoS attack against Azure, launched from more than 500,000 devices controlled by the Aisuru botnet.
Aisuru, classified as a Turbo Mirai-class IoT botnet, heavily leverages compromised routers, cameras, DVR/NVR devices, and Realtek-based hardware.
It has also been linked to 22.2 Tbps and 11.5 Tbps attacks reported in recent months.
Cloudflare recently began redacting suspected malicious domains after Aisuru-linked traffic distorted DNS popularity rankings.
💬 What do you think about the durability of IoT-driven botnets at this scale?
👍 Follow us for more neutral, evidence-based cybersecurity analysis.
#Infosec #CyberSecurity #DDoS #Botnet #Aisuru #Azure #ThreatIntel #NetworkSecurity #IoTSecurity #TechNadu
The real-time yield data from connected farm machinery could give attackers an early look at crop outputs before the market does, creating opportunities to manipulate or profit from commodity futures.
Such an attack is a real risk due to the various weaknesses in on-vehicle hardware, telematics units, and ag cloud APIs. Securing these systems will protect both farmers and the markets.
📌Read the blog post here:https://www.pentestpartners.com/security-blog/exploiting-agtech-connectivity-to-corner-the-grain-market/
#cybersecurity #agtech #iotsecurity #marketabuse #pentesting #connecteddevices
🔍 HIGH severity: CVE-2025-12915 impacts 70mai X200 (≤20251019) via local file inclusion in Init Script Handler. Public exploit, no patch from vendor. Restrict access & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2025-12915-file-inclusion-in-70mai-x200-a0652ef7 #OffSeq #IoTSecurity #CVE202512915 #Vuln
Why am I not surprised?
Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline | Tom's Hardware https://share.google/2Te0naA7URabvCJ4C
🚨 HIGH severity vuln (CVSS 8.7): CVE-2025-12619 in Tenda A15 (15.13.07.13). Buffer overflow via /goform/openNetworkGateway; remote exploitation possible. Public exploit released! Review exposure & monitor for fixes. https://radar.offseq.com/threat/cve-2025-12619-buffer-overflow-in-tenda-a15-3fd827e1 #OffSeq #Vuln #IoTSecurity
Ein Ingenieur entdeckte, dass sein smarter #Staubsauger heimlich #Telemetriedaten an den Hersteller ohne Einwilligung sendete.
Als er den Datenfluss blockierte, wurde das Gerät per Fernbefehl blockiert.
Nach Analyse und Reverse Engineering konnte er das Gerät mit #Python-Skripten und einem #RaspberryPi wiederbeleben. Der Fall zeigt, wie sensibel #IoT-Geräte mit Nutzerfreiheit und #Datenschutz umgehen.
We love sharing resources that will help our AppSec community!! New eBook Alert: The Unique Challenges of Securing #ConnectedDevices
Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide from Finite State is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0
🚨 Massive surge in automated #botnet activity
→ Targeting PHP servers, IoT devices & cloud gateways
→ Mirai, Gafgyt, Mozi exploiting known CVEs
→ AWS & Google Cloud used to hide source
Experts warn: even low-skilled attackers can now wreak havoc with public exploit kits.
💭 Thoughts on securing production environments from automated scans?
Follow @technadu for real-time #infosec updates & research drops.
#CyberSecurity #Botnet #PHP #IoTSecurity #CloudSecurity #ThreatIntel #DevSecOps #Malware #VulnerabilityManagement #DigitalDefense
🌐 The IoT wave is here—and so are the risks. Learn how SOC analysts and CISOs can defend against connected device threats and secure tomorrow’s networks. 🔒 #IoTSecurity #ThreatHunting #Cybersecurity
Understanding the EU Cyber Resilience Act: A Practical Guide
Finite State's latest ebook breaks down:
✅ What the EU CRA means for your business
✅ Key compliance steps to stay ahead
+more.
Download now: https://hubs.ly/Q03rr13c0
🚨 CVE-2025-12214: HIGH severity stack buffer overflow in Tenda O3 v1.0.0.10(2478). Remote attackers can execute code via /goform/sysAutoReboot with no auth required. Public exploit out—mitigate ASAP! https://radar.offseq.com/threat/cve-2025-12214-stack-based-buffer-overflow-in-tend-51b2371e #OffSeq #CVE #Infosec #IoTSecurity
🔑 Default passwords are hacker favorites.
Change them on routers, printers, and IoT devices immediately to close easy entry points. 🛡️
👉 https://zurl.co/ebbqD
🚨 CRITICAL vuln in Sauter modu680-AS (v0.0.0): Path traversal via importFile SOAP lets unauthenticated attackers upload files anywhere. No fix yet—monitor and restrict access! CVE-2025-41723 https://radar.offseq.com/threat/cve-2025-41723-cwe-35path-traversal-in-sauter-modu-7719e10e #OffSeq #CVE202541723 #IoTSecurity #Vuln
34 zero-day exploits—from flagship smartphones to smart home tech—exposed a huge vulnerability gap at Pwn2Own Ireland 2025. Think your gadgets are secure? Dive into the shocking details.
#pwn2own2025
#zeroday
#cybersecuritytrends
#vulnerabilityresearch
#iotsecurity
