■■■■□ Notepad++ Vulnerability Let Attackers Hijack Network Traffic to Install Malware via Updates.

https://cybersecuritynews.com/notepad-vulnerability-exploited/

■■■□□ United States 🇺🇸 Space Force receives first satellite jamming system.

https://defence-blog.com/u-s-space-force-receives-first-satellite-jamming-system/

■■■■■ React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation.

https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html

https://www.cisa.gov/news-events/alerts/2025/12/05/cisa-adds-one-known-exploited-vulnerability-catalog

■■■■□ ⚠️ Notepad++ fixes a bug that was actively abused.

Notepad++ released version 8.8.9 to patch a critical updater flaw. Attackers hijacked update traffic and tricked users into installing malware instead of real updates.
https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html

■■□□□ Open AI caught up in propaganda. Key employee quits!

OpenAI Researcher Quits, Saying Company Is Hiding the Truth. It's not letting potentially damning research get out there.

https://futurism.com/artificial-intelligence/openai-researcher-quits-hiding-truth

■■■□□ Kali 2025.4 has MCP server support through Hexstrike-AI.

■■■■□ Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits.

https://github.com/KeygraphHQ/shannon

https://cybersecuritynews.com/shannon-ai-pentesting-tool/

■■■■□ A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges.

While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that relies on a secondary, previously unknown zero-day flaw to function effectively.

https://cybersecuritynews.com/windows-remote-access-connection-manager-vulnerability/

■■■■□ Data-Leak of Military technology. A fully intact GBU-39 from United States 🇺🇸 was dropped on Lebanon 🇱🇧 weeks ago to kill top Hizbollah Shit'te commander. 8 strikes, 7 explode, 1 was dud.

The dud was recovered. Now US is pressuring Lebanese government to return the dud. The technology is being now reverse engineered by resistance fighters. Likely shared to Iran 🇮🇷 / Russia 🇷🇺

https://www.indiatoday.in/world/story/us-gbu-39b-unexploded-bomb-lebanon-return-glbs-2827246-2025-11-28

https://www.jpost.com/middle-east/article-876530

https://www.instagram.com/reel/DRfNQpkDywD

■■■□□ Signal Intelligence, Reconnaissance esp wrt. aerial targets and other technologies of electronic warfare were shared by Israeli Elbit systems with Ministry of Defence of UAE 🇦🇪 with 2.3 Billion USD.

This is highest amount of money in any deal Elbit has ever seen.

■■■■□ A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

https://github.com/Semperis/EntraGoat

■■■□□ Hacker group claims to have taken 11GB of data from United States' Department of Health.

■■■□□ D-Link router DIR-553 * which have carrier / ISP owned custom firmware can be Jailbroken and remote commands can be executed in a specific configuration of FTP.

■■■□□ NFC threats continued to grow in scale and sophistication.

RatOn Malware on the NFC fraud scene, brought a rare fusion of RAT capabilities and NFC relay attacks.

https://github.com/blackorbird/APT_REPORT/blob/master/summary/2025/eset-threat-report-h22025.pdf