Welcome to your daily cybersecurity briefing.
DeepSeek Releases V3.2 Open Source Model Rivaling GPT-5 The Chinese AI startup DeepSeek has officially released its V3.2 and V3.2-Speciale models under a fully permissive MIT license. Claiming to outperform GPT-5 in reasoning tasks, the release utilizes a novel “Sparse Attention” architecture to maximize efficiency, marking a significant shift in the open-source AI landscape.
CISA Adds Android Framework Flaws to KEV Catalog CISA has updated its Known Exploited Vulnerabilities (KEV) catalog with two critical flaws affecting the Android Framework. The vulnerabilities, involving privilege escalation and information disclosure, are currently being exploited in the wild, requiring immediate attention from federal agencies and mobile fleet managers.
CERT-FR Warns of Critical Python Denial of Service Risks France’s CERT-FR has issued an alert regarding multiple vulnerabilities within the Python runtime environment. These flaws allow remote attackers to trigger Denial of Service (DoS) conditions on unpatched systems, threatening the availability of backend infrastructure and web applications relying on the language.
Microsoft Silently Mitigates Windows LNK Zero-Day Microsoft has deployed a silent mitigation for a high-severity LNK vulnerability (CVE-2025-9491) actively exploited by state-sponsored groups. The update changes how shortcut target fields are displayed to reveal malicious whitespace padding, though experts warn it does not fully block the execution of malicious payloads.
Critical Security Advisory Issued for Next.js Framework A new security advisory has been published for Next.js, the popular React framework. The vulnerability, detailed in a GitHub Security Advisory, poses risks to applications using affected versions. Developers are urged to review the disclosure and upgrade their dependencies to the latest stable release immediately.
Don’t Think – Patch Now!
Sources:
GitHub – DeepSeek V3.2 Release https://github.com/deepseek-ai/DeepSeek-V3.2-Exp
CISA – KEV Catalog Update https://www.cisa.gov/news-events/alerts/2025/12/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
CERT-FR – Python Vulnerability Alert https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1060/
BleepingComputer – Microsoft LNK Mitigation https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/
GitHub – Next.js Security Advisory https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
Your feedback is welcome. Email: radiocsirt@gmail.com Website: https://www.radiocsirt.com Weekly Newsletter: https://radiocsirtintl.substack.com