🔐 CVE-2026-27751 (CRITICAL): SODOLA SL902-SWTGW124AS gateways (≤200.1.20) use default creds, enabling remote admin takeover. Change all passwords or restrict access ASAP! No patch yet. https://radar.offseq.com/threat/cve-2026-27751-cwe-1392-use-of-default-credentials-706a3fb0 #OffSeq #Vuln #IoTSecurity #NetworkSecurity

🚨 CRITICAL: CVE-2026-27755 in SODOLA SL902-SWTGW124AS (≤200.1.20) lets attackers forge MD5-based session IDs, bypassing auth remotely. No patch yet — segment, restrict, monitor! https://radar.offseq.com/threat/cve-2026-27755-cwe-330-use-of-insufficiently-rando-27c7bdab #OffSeq #CVE202627755 #IoTSecurity #Infosec

CISA warns of 4 CRITICAL vulns in Gardyn Smart Gardens (Home & Studio) enabling remote, unauthenticated compromise. No CVE yet. No active exploits, but patch & segment now. Monitor updates. https://radar.offseq.com/threat/critical-flaws-exposed-gardyn-smart-gardens-to-rem-6afe633e #OffSeq #IoTSecurity #Vulnerability #Gardyn

⚠️ CRITICAL OS command injection in Totolink N300RH (v6.1c.1353_B20190305) — CVE-2026-3301. Unauthenticated remote exploit possible, with public exploit code out. Restrict access & monitor until patch released. https://radar.offseq.com/threat/cve-2026-3301-os-command-injection-in-totolink-n30-8ab5e0b9 #OffSeq #CVE20263301 #IoTSecurity

Reverse Engineering Garmin Watch Applications with Ghidra - Anvil Secure

https://www.anvilsecure.com/blog/reverse-engineering-garmin-watch-applications-with-ghidra.html

#cybersecurity #vulnerability #iotsecurity

WITH THIS $10 Aliexpress Module You can do ANYTHING?

https://www.youtube.com/watch?v=krHt08T_aqg

#vulnerability #exploit #iotsecurity

Zyxel addresses critical CVE-2025-13942 RCE affecting UPnP in 4G/5G CPEs, DSL/Ethernet, Fiber ONTs, and wireless extenders. Exploitation requires WAN + UPnP enabled; Shadowserver tracks ~120k exposed devices.

Additional post-auth command-injection flaws (CVE-2025-13943, CVE-2026-1459) patched. EOL devices (VMG1312, VMG3312/13, SBG3300/3500) remain unpatched; replacement recommended.

Mitigation recommendations:
• Apply firmware updates immediately
• Disable unnecessary UPnP/WAN access
• Monitor network exposure of legacy devices
• Track patched vs. unpatched CPEs/routers in enterprise inventories

Source: https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-rce-flaw-affecting-over-a-dozen-routers/

How are you prioritizing critical RCE patches for network devices? Comment below and follow for in-depth threat reporting.

#NetworkSecurity #IoTSecurity #PatchManagement #RCE #RouterSecurity #CVE #ThreatIntel #Infosec #ZeroTrust #EnterpriseSecurity

In-Circuit eMMC Firmware Extraction - Hacking a Car Diagnostic Scanner

https://www.youtube.com/watch?v=dOP7Rz1pXwk

#cybersecurity #iotsecurity #penetrationtesting

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary]

https://isc.sans.edu/diary/rss/32748

#cybersecurity #vulnerability #iotsecurity

mattst88's blog - Reverse Engineering the PROM for the SGI O2

https://mattst88.com/blog/2026/02/08/Reverse_Engineering_the_PROM_for_the_SGI_O2/

#cybersecurity #iotsecurity #reverseengineering

mattst88's blog - Reverse Engineering the PROM for the SGI O2

https://mattst88.com/blog/2026/02/08/Reverse_Engineering_the_PROM_for_the_SGI_O2/

#cybersecurity #iotsecurity #reverseengineering

⚠️ CRITICAL: CVE-2026-26341 in Tattile Smart+, Vega & Basic (fw ≤1.181.5) — default creds allow admin access if device is reachable. Change passwords, restrict interface access ASAP. Details: https://radar.offseq.com/threat/cve-2026-26341-cwe-1392-use-of-default-credentials-b1797eea #OffSeq #IoTSecurity #DefaultCreds #Vuln

ROP the ROM: Exploiting a Stack Buffer Overflow on STM32H5 in Multiple Ways

https://www.errno.fr/Overflowing_STM32H5.html

#vulnerability #exploit #iotsecurity

The Internet, Reinvented.

https://www.youtube.com/watch?v=XTnYVh7K6xQ

#privacy #iotsecurity #radio

GitHub - olvvier/apple-silicon-accelerometer: reading the undocumented mems accelerometer on apple silicon macbooks via iokit hid

https://github.com/olvvier/apple-silicon-accelerometer

#cybersecurity #iotsecurity #community

MagiQuest Wand Hacking with Flipper Zero

https://www.youtube.com/watch?v=M9hSxHYQrbY

#cybersecurity #iotsecurity

My smart sleep mask broadcasts users’ brainwaves to an open MQTT broker - #IoTsecurity
https://blog.adafruit.com/2026/02/17/my-smart-sleep-mask-broadcasts-users-brainwaves-to-an-open-mqtt-broker-iotsecurity/

The Bash Bunny is a covert USB attack platform built for automating penetration testing. By impersonating trusted devices like keyboards or network adapters, it lets security professionals trigger powerful payloads in seconds, often without raising suspicion.

Here is a quick breakdown of what it can do and why it is so effective 😎👇

Find high-res pdf ebooks with all my infosec related infographics at https://study-notes.org

#cybersecurity #iot #iotsecurity #infosec #pentesting

🛑 CRITICAL vuln (CVE-2026-2564) in Intelbras VIP 3260 Z IA (2.840.00IB005.0.T): Weak password recovery via /OutsideCmd enables remote attack. No user interaction needed. Restrict access, monitor, and await patch. https://radar.offseq.com/threat/cve-2026-2564-weak-password-recovery-in-intelbras--15b4ad92 #OffSeq #CVE20262564 #IoTSecurity

What Your Bluetooth Devices Reveal About You

https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/

#cybersecurity #privacy #iotsecurity