Espresso

Sign in Subscribe

Cybersecurity

Verizon’s $20 Credit After 10-Hour 911 Outage & Google’s Silent Earbud Hack: When Convenience Kills Security

Verizon’s $20 Credit After 10-Hour 911 Outage & Google’s Silent Earbud Hack: When Convenience Kills Security

Verizon’s network crashed for 10 hours — 911 services degraded, $600M lost, and their ‘solution’? A $20 credit. Meanwhile, Google’s Fast Pair bug lets hackers eavesdrop on your earbuds… silently. No password. No alert. Just betrayal. Are your devices safe? #Cybersecurity #VerizonOutage #GoogleFastPair #BluetoothHack #Privacy #SecurityFail Verizon’s $20

China-linked APT UAT-8837 Exploits Zero-Day to Hijack Critical Infrastructure; Iran Spoofs GPS to Sabotage Starlink; ICE Leak Exposes Surveillance Machine; AI Code Agents Generate 69 Flaws; Copilot Leaks Chat History via One-Click URL

China-linked APT UAT-8837 Exploits Zero-Day to Hijack Critical Infrastructure; Iran Spoofs GPS to Sabotage Starlink; ICE Leak Exposes Surveillance Machine; AI Code Agents Generate 69 Flaws; Copilot Leaks Chat History via One-Click URL

TL;DR * UAT-8837 APT actor exploits CVE-2025-53690 zero-day to compromise North American critical infrastructure via credential harvesting and Earthworm malware * Iranian state actors jam Starlink terminals using GPS spoofing, disrupting satellite connectivity for 24 minutes per session and degrading bandwidth to 10% in targeted regions * ICE whistleblower leak exposes 4,

Microsoft Launches M365 Security Baseline Mode; DHS Leaks 4,500 Agent Records

Microsoft Launches M365 Security Baseline Mode; DHS Leaks 4,500 Agent Records

TL;DR * Microsoft 365 enables Security Baseline Mode to automatically apply default policies across 26 SharePoint sites, reducing manual configuration gaps and improving auditability * DHS leaks 4,500 ICE and Border Patrol employee records in largest-ever staff data breach, exposing identities of 2,000 active agents and triggering nationwide protests

Global-e Breach Exposes Crypto Wallets via API Flaw; Microsoft Offers Copilot Uninstall Tool; UK Criminalizes AI Deepfakes; Nigeria Mandates Crypto-ID Linkage

Global-e Breach Exposes Crypto Wallets via API Flaw; Microsoft Offers Copilot Uninstall Tool; UK Criminalizes AI Deepfakes; Nigeria Mandates Crypto-ID Linkage

TL;DR * Global-e third-party breach compromises 50,000+ customer orders, exposing Ledger wallet data through compromised vendor system * Microsoft enables enterprise admins to uninstall Copilot via documented Group Policy on Windows 11 Insider Preview * UK moves to criminalize AI-generated sexual deepfakes and revokes X’s self-regulatory status amid growing public

Instagram Data Breach Exposes 17.5M Users, Grok AI Blocked in Malaysia and Indonesia, WEX API Keys Sold on Dark Web

Instagram Data Breach Exposes 17.5M Users, Grok AI Blocked in Malaysia and Indonesia, WEX API Keys Sold on Dark Web

TL;DR * Malwarebytes reports 17.5 million Instagram accounts compromised via 2024 API leak, exposing usernames, physical addresses, and phone numbers; users advised to enable 2FA * CVE-2026-01-11: Unauthenticated remote code execution vulnerability discovered in OpenCode AI coding assistant server (port 4096), enabled by default prior to v1.1.10 * Grok

OpenAI, Trend Micro, HPE, and Microsoft Patch Critical Zero-Click and RCE Vulnerabilities Amid Surge in Telecom and Cloud Exploits

OpenAI, Trend Micro, HPE, and Microsoft Patch Critical Zero-Click and RCE Vulnerabilities Amid Surge in Telecom and Cloud Exploits

TL;DR * OpenAI patches ZombieAgent and ShadowLeak vulnerabilities in ChatGPT connectors, enabling zero-click exfiltration of Gmail, GitHub, and Outlook data via memory and file upload exploits * Trend Micro releases Critical Patch Build 7190 to remediate CVE-2025-69258 allowing unauthenticated remote code execution in Apex Central via DLL injection into MsgReceiver.exe

Critical n8n RCE Vulnerability CVE-2026-21858 Exploited, GoBruteforcer Botnet Grows, and OpenAI’s ChatGPT Health Faces Legal and Medical Risks

Critical n8n RCE Vulnerability CVE-2026-21858 Exploited, GoBruteforcer Botnet Grows, and OpenAI’s ChatGPT Health Faces Legal and Medical Risks

TL;DR * CVE-2026-21858 Critical RCE Vulnerability in n8n Allows Unauthenticated Attackers to Exfiltrate Credentials and Execute Commands on Systems * GoBruteforcer Botnet Targets 50,000+ Exposed FTP/MySQL Servers to Steal Cryptocurrency Wallets via Brute-Force Attacks on Default Credentials * Kensington and Chelsea Council Data Breach Exposes Hundreds of Thousands of Residents;