Espresso

Sign in Subscribe

Cybersecurity

Major Cyber Threats: WinRAR Flaw, Gemini Exfiltration, Fortinet Vulns, Russian Attacks

Major Cyber Threats: WinRAR Flaw, Gemini Exfiltration, Fortinet Vulns, Russian Attacks

TL;DR * CISA issues urgent alert for critical WinRAR path traversal vulnerability (CVE-2025-6218) actively exploited in the wild – immediate patching required by December 30, 2025 * Google Gemini Enterprise RAG architecture vulnerable to prompt injection attacks allowing silent exfiltration of Gmail, Calendar, and Google Docs data without user interaction * Fortinet patches

Google Chrome Integrates UAC and AOS to Block AI Prompt-Injection Attacks, While Linux Kernel Patches Critical Memory Leak

Google Chrome Integrates UAC and AOS to Block AI Prompt-Injection Attacks, While Linux Kernel Patches Critical Memory Leak

TL;DR * CVE-2025-55182 React2Shell vulnerability exposes 39% of cloud environments to remote code execution, enabling theft of cloud secrets and API keys * Qilin ransomware gang claims breach of Inotiv, stealing 200 GB of data in August 2025 cyberattack affecting 9,500 individuals * Google Chrome integrates Gemini AI with User Alignment

Windows 11 25H2 Update, Cloudflare WAF, and AI Code Assistants Hit Security Issues

Windows 11 25H2 Update, Cloudflare WAF, and AI Code Assistants Hit Security Issues

TL;DR * Microsoft’s Windows 11 25H2 update regression triggers File Explorer crashes and login issues on ~1% of consumers * Global Cloudflare WAF mis‑configuration on Dec. 5 caused 28 % of US traffic to return 500‑error pages * AI‑powered code assistants (Copilot, Cursor) vulnerable to prompt injections that can

4.3 Million Browsers Turned Spy, Mixpanel Leaks 8K Accounts, and Google’s 107-Bug Panic Patch

4.3 Million Browsers Turned Spy, Mixpanel Leaks 8K Accounts, and Google’s 107-Bug Panic Patch

TL;DR * Google patches 107 Android bugs, including zero‑day exploits, to curb widespread vulnerabilities. * AWS expands GuardDuty detection to IAM credential misuse and S3 anomalies, strengthening cloud security. * Mixpanel breach exposes data of 8,000 customers, intensifying scrutiny of analytics platforms. * ShadyPanda extensions infect 4.3M devices, exfiltrating browsing

Korean E‑commerce Breaches Expose 67M Customers, DarkWeb Informer Aggregates 676 Ransomware Claims

Korean E‑commerce Breaches Expose 67M Customers, DarkWeb Informer Aggregates 676 Ransomware Claims

TL;DR * Korean e‑commerce breaches expose 67 million customers' PII, driving stricter privacy regulation. * Malware browser extensions infect 4.3 million users, prompting Microsoft cleanup and stricter policy. * Zero‑day vulnerabilities affecting critical infrastructure leave 40% unpatched, raising systemic exposure. * DarkWeb Informer API aggregates 676 ransomware claims, enabling

GitLab Surpasses Bitbucket in Leaked Secrets, Microsoft Introduces Copilot Studio Security, Amazon Enhances Global DNS

GitLab Surpasses Bitbucket in Leaked Secrets, Microsoft Introduces Copilot Studio Security, Amazon Enhances Global DNS

TL;DR * GitLab Cloud repos expose 17,000+ secrets, surpassing Bitbucket’s 6,200, underscoring developers’ heightened risk of credential leaks * Microsoft partners with Check Point to embed AI‑guardrails, DLP, and threat prevention in Copilot Studio, shifting security to runtime enforcement * Amazon’s Route 53 Global Resolver offers a