etes%20OS%20Command%20Injection%29/32554
React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
Wiz has a writeup with more background on the React2Shell vulnerability and current attacks
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive
Notepad++ Update Hijacking
Notepad++ s vulnerable update process was exploited
https://notepad-plus-plus.org/news/v889-released/
New macOS PackageKit Privilege Escalation
A PoC was released for a new privilege escalation vulnerability in macOS. Currently, there is no patch.
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
11:["$","$L20",null,{"data":{"isPreview":true,"seq":6368987,"episode":{"Id":"60067ae98b6846f20e1030cda9a002d43ca79365113678630f1c906347746c20","Seq":6368987,"PodId":"1bc22f549871ee490b45626b27260042208d77fe8a9b973d62d047b9bd72eb85","PodSeq":13973,"Title":"SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation","PodName":"SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)","Description":"$21","Url":"https://isc.sans.edu/podcastdetail/9734","Link":"https://traffic.libsyn.com/securitypodcast/9734.mp3","LinkType":"mp3","PublishTime":"$D2025-12-11T01:48:20.000Z","Img":"https://isc.sans.edu/images/podcast3000.jpg","EpImg":"https://isc.sans.edu/images/podcast3000.jpg","Duration":"6:58","Language":null,"SampleDuration":null,"IsVBR":false,"Transcribed":false,"Indexed":1,"Deleted":false,"RedirectSeq":null,"Source":null},"prevAndNext":{"prevSeq":6385677,"nextSeq":6340109},"states":{"state":"not-login","extra":{"summary":"SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) - SANS Stormcast Thursday, December 11th, 2025: Possi