🔥Introducing a new Red Team tool - SessionHop: https://t.co/hChhDXzhiE

SessionHop utilizes the IHxHelpPaneServer COM object to hijack specified user sessions. This session hijacking technique is an alternative to remote process injection or dumping LSASS. Kudos to @tiraniddo…

— Andrew Oliveau (@AndrewOliveau) December 10, 2025

The one talk from BH EU I started reading about right away:

Flaw And Order: Finding The Needle In The Haystack Of CodeQL Using LLMs

CyberArk’s blog about it: https://t.co/uquVQs0fJ2

Slides: https://t.co/GDlinjldsf

Vulnhalla release:https://t.co/y7hMEQrqHm pic.twitter.com/mtoCphJmrn

— Hamid Kashfi (@hkashfi) December 10, 2025

How to Proxy your C2s HTTP-Traffic through Chromiumhttps://t.co/prxLXI7q7t pic.twitter.com/bw956H9TpT

— Smukx.E (@5mukx) December 9, 2025

US charges and extradites 33-year-old Ukrainian woman for her alleged role in pro-Russia hacking group that caused spillage at a Texas water plant and an ammonia leak at a meat processing plant in LA. https://t.co/5I3ApyFfsJ

— Sean Lyngaas (@snlyngaas) December 10, 2025

New from the Charming Kitten #APT35 leak: Payroll records exposing 35 IRGC cyber operatives with names, bank accounts, and salaries. Additional footage of the Kashef surveillance platform tracking Iranian citizens. And a classified 2004 document found on the department head's…

— Nariman Gharib (@NarimanGharib) December 9, 2025

AI is getting better in offensive Cyber. Fast. @Irregular https://t.co/fEW0xMv7zo pic.twitter.com/Iokljlv5Ae

— Tal Be'ery (@TalBeerySec) December 11, 2025