■■■■□ Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology.

https://www.justice.gov/opa/pr/former-google-engineer-found-guilty-economic-espionage-and-theft-confidential-ai-technology

■□□□□ Microsoft to disable NTLM by default in future Windows releases.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/

■■■■□ Statement issued by Notepad++

Dear Customer,
We want to further update you following the previous communication with us about your server compromise and further investigation with your incident response team.
We discovered the suspicious events in our logs, which indicate that the server (where your application https://notepad-plus-plus.org/update/getDownloadUrl.php was hosted until the 1st of December, 2025) could have been compromised.
As a precautionary measure, we immediately transferred all clients’ web hosting subnoscriptions from this server to a new server and continued our further investigation.
Here are the key finding points:
1. The shared hosting server in question was compromised until the 2nd of September, 2025. On this particular date, the server had scheduled maintenance where the kernel and firmware were updated. After this date, we could not identify any similar patterns in logs, and this indicates that bad actors have lost access to the server. We also find no evidence of similar patterns on any other shared hosting servers.
2. Even though the bad actors have lost access to the server from the 2nd of September, 2025, they maintained the credentials of our internal services existing on that server until the 2nd of December, which could have allowed the malicious actors to redirect some of the traffic going to https://notepad-plus-plus.org/getDownloadUrl.php to their own servers and return the updates download URL with compromised updates.
3. Based on our logs, we see no other clients hosted on this particular server being targeted. The bad actors specifically searched for https://notepad-plus-plus.org/ domain with the goal to intercept the traffic to your website, as they might know the then-existing Notepad++ vulnerabilities related to insufficient update verification controls.
4. After concluding our research, the investigated security findings were no longer observed in the web hosting systems from the 2nd of December, 2025, and onwards, as:
* We have fixed vulnerabilities, which could have been used to target Notepad++. In particular, we do have logs indicating that the bad actor tried to re-exploit one of the fixed vulnerabilities; however, the attempt did not succeed after the fix was implemented.
* We have rotated all the credentials that bad actors could have obtained until the 2nd of September, 2025.
* We have checked the logs for similar patterns in all web hosting servers and couldn’t find any evidence of systems being compromised, exploited in a similar way, or data breached.
While we have rotated all the secrets on our end, below you will find the preventive actions you should take to maximize your security. However, if below actions have been done after the 2nd of December, 2025, no actions are needed from your side.
* Change credentials for SSH, FTP/SFTP, and MySQL database.
* Review administrator accounts for your WordPress sites (if you have any), change their passwords, and remove unnecessary users.
* Update your WordPress sites (if you have any) plugins, themes, and core version, and turn on automatic updates, if applicable.
We appreciate your cooperation and understanding. Please let us know in case you have any.

■■■■□ Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows while maintaining ethical hacking standards.

https://github.com/zakirkun/guardian-cli

■■■□□ The Jeffery Epstein million file drop by DoJ of United States yesterday is creating ripples in the geo-political world.

Fallout may occur even though drip feeding of information is done to reduce overall impact.

Conversation about Palantir by JE (cabalist) and former Israeli president, Ehud Barak (pedophile and cabalist).

■■■■■ Criminals producing devices that unlock cars arrested in international operation.

Five suspects were arrested during an international operation targeting a network of car thieves. The group manufactured reprogrammed speakers and other technical devices that made it possible to unlock cars with decoded keys, bypassing the security systems. The operation, coordinated by Eurojust, was carried out by French and Italian investigators.

The car theft devices mounted in JBL Bluetooth speakers appeared on the black market around the end of 2021 and exploited a previously unknown vulnerability in Toyota and Lexus immobilizers (at least models from 2016-2021).

The attack was separated into two parts:
1️⃣ The attacker find an accessible CAN bus, connect the "JBL" device to it, and unlock the car.
2️⃣ Then "JBL" tool is connected to the OBD-II to simulate an emergency engine start without a key.

https://www.eurojust.europa.eu/news/criminals-producing-devices-unlock-cars-arrested-international-operation

■■■□□ Two cyber attacks updates from Israel:

1. Hacktivist group affiliated with Iran claims to have attacked Kibbutz Hatzor. The group is publishing several screenshots proving the breach.

2. Hacktivist Tengu publishes victim company b2m motorsport, which is engaged in car rental, spare parts supply, and more.

■■□□□🛡️ Mid-market firms aren’t under-secured. IBM finds 83 security tools on average, and complexity is the real blocker.

The gaps come from unused EDR, alert overload, and weak prevention—not missing tools.

■■□□□ Bitcoin creator Satoshi was either affiliated to Epstein or a character (real person) drafted by Epstein. As his emails pointed out that Epstein was in contact and in commanding position to control it and other crypto. He has many core developers of Bitcoin where he seemed to claim control on the tech.

He was planning sharia coin (a stable coin for Muslims and Arabs).

■■□□□ China develops technology that could affect Starlink 🚀📡

🔹 New military advancement
China developed the TPG1000Cs, the most compact high-power microwave controller in the world, according to researchers from the Northwest Institute of Nuclear Technology (NINT), which is linked to the Chinese military.
🔹 What is this technology used for?

⚡ This controller allows the generation of high-power microwaves (HPM), capable of disrupting or disabling satellite networks, such as Starlink, without the need to physically destroy the satellites.
🔹 Strategic advantage


🛰️ Unlike conventional anti-satellite weapons:

They are harder to detect
They complicate the attribution of the attack
They reduce the risk of space debris

🔹 Geopolitical implications

🌍 This advancement could put China ahead of the United States and Russia in the space arms race, increasing the pressure on commercial and military satellite infrastructures.

■■■■□ nmapUnleashed (nu) is a modern CLI wrapper for Nmap, designed to make network scanning more comfortable and effective. Nmap is THE tool for penetration testing and network auditing, you can use nu just like Nmap with all its familiar commands but with extended features such as multithreading, easy scan management, and improved overview of your scans and more.

https://github.com/Sharkeonix/nmap-unleashed

■■□□□ In the past week, several attack groups have announced that they are carrying out DDoS attacks on websites in Israel.
Here are some of the websites mentioned by the attackers since the beginning of February:

weizmann.ac.il
new.huji.ac.il
haifa.ac.il
energy.gov.il
knesset.tv
shatil.org.il
en.israel-clinics.guru
haifaport.co.il
elbitsystems.com
kolzchut.org.il
bgu4u22.bgu.ac.il
rt.co.il
sderot.org
elco.co.il
rimon1.com
tami-imi.com
zionutdatit.org.il
invisiblealbum.com
levana.org.il
noam.org.il
jppi.org.il
me.health.gov.il
israelinfo.co.il
mevaker.gov.il
hadash.org.il
telavivfoundation.org
visit-tlv.co.il
civil-military-studies.org.il
idfpro.com
hta.org.il
ncalaw.co.il
mossad.gov.il/en
pazatsta.co.il
shas.org.il
pitchonlev.org.il
tmsifting.org/en
ashot.co.il
imj.org.il
maarachot.idf.il
israel-city.co.il

■■■□□ AV as malware. An interesting thread!

https://x.com/i/status/2017245832639094984

■■■□□ UAE based Binghatti developers had a data leak and threat actor is sharing samples online. Seems legitimate.

The data is apparently if sales they made includes detailed information about clients and their properties. Customer PII is leaking.

■■□□□ Base64 Decode via convoluted neutral networks on United States' DoJ shared Epstein files.