Espresso

Sign in Subscribe

Cybersecurity

NordVPN Dev Server in Panama Breached via Unsecured SSH, Leaking API Keys and Jira Tokens

NordVPN Dev Server in Panama Breached via Unsecured SSH, Leaking API Keys and Jira Tokens

TL;DR * Crimson Collective breaches Brightspeed systems, exfiltrates 1M+ customer records including PII and payment history, demands ransom * Zestix sells corporate data stolen from 30+ firms via infostealers like RedLine, targeting cloud platforms including ShareFile and Nextcloud * ClickFix social engineering campaign uses fake Booking.com BSOD pages to deploy .NET

North Korean Hackers Use AI-Enhanced Smart Contract Malware, Physical Crypto Attacks Surge as Phishing Fades

North Korean Hackers Use AI-Enhanced Smart Contract Malware, Physical Crypto Attacks Surge as Phishing Fades

TL;DR * North Korean hackers embed malware in blockchain smart contracts via UNC5342 group, leveraging Ethereum and Binance Smart Chain to evade detection and distribute InvisibleFerret payloads * ShinyHunters breached Resecurity’s honeypot, exfiltrating 28,000+ consumer records and impersonating victims to exploit Vietnam’s National Credit Information Center (CIC) data

Flow Foundation Halts Network to Recover $3.9M Without Rollback; AMD, Microsoft, and Trust Wallet Also Deploy Major Security Fixes

Flow Foundation Halts Network to Recover $3.9M Without Rollback; AMD, Microsoft, and Trust Wallet Also Deploy Major Security Fixes

TL;DR * Flow Foundation patches $3.9M blockchain exploit, recovers 2,596 compromised addresses via validator-authorized cleanup * Trust Wallet browser extension compromise leads to $7M in crypto losses, prompting security audit and user reimbursement plan * AMD releases microcode patches for Zen CPU signature verification flaw, enabling secure custom microcode deployment

Lazarus Group Steals $1.4B from Bybit in 2025’s Largest Crypto Heist, Sparking Global Ripple Effects

Lazarus Group Steals $1.4B from Bybit in 2025’s Largest Crypto Heist, Sparking Global Ripple Effects

TL;DR * PS5 BootROM Keys Leaked, Enabling Piracy and Emulation Across All Console Models * Lazarus Group Stole $1.5B from Bybit in February 2025, Marking Largest Crypto Heist of the Year * Condé Nast Data Breach Exposes 2.3M User Records via Social Engineering Attack Vector * HDF5 Library Vulnerability (CVE-2025-2915) Enables

Former Cybersecurity Pros Plead Guilty to $1.2M Ransomware Attack; Cl0p Breach Hits Korean Air, GnuPG Patch Fixes Critical Flaw

Former Cybersecurity Pros Plead Guilty to $1.2M Ransomware Attack; Cl0p Breach Hits Korean Air, GnuPG Patch Fixes Critical Flaw

TL;DR * CVE-2025-43529 and CVE-2025-14174 exploited in iOS WebKit attacks; Apple issues emergency patch for Safari, prompting Google Threat Analysis Group collaboration * ALPHV/BlackCat ransomware group extorts $1.2M in Bitcoin from U.S. medical device firms; two former cybersecurity professionals plead guilty, sentencing set for March 12, 2026 * Cl0p

Condé Nast WIRED Breach Exposes 23M Subscribers Amid GDPR and CCPA Scrutiny; North Korean Hackers Drain $2B from Web3

Condé Nast WIRED Breach Exposes 23M Subscribers Amid GDPR and CCPA Scrutiny; North Korean Hackers Drain $2B from Web3

TL;DR * Condé Nast data breach exposes 23M WIRED subscribers' data via dark web forum, triggering GDPR compliance scrutiny across US and EU * TrustWallet Chrome extension exploit steals crypto assets from 2,596 wallets, prompting $7M reimbursement and urgent update to v2.69 * PHP 8.x CVE-2025-14178 heap buffer

MongoBleed Exploit Hits 100K MongoDB Instances; Rainbow Six Siege Breach Costs $13.3M as OpenAI Creates Senior Preparedness Role

MongoBleed Exploit Hits 100K MongoDB Instances; Rainbow Six Siege Breach Costs $13.3M as OpenAI Creates Senior Preparedness Role

TL;DR * MongoBleed (CVE-2025-14847) exploit actively targets 87,000+ exposed MongoDB instances, enabling unauthenticated remote extraction of sensitive credentials and heap memory fragments via zlib compression flaw * Ubisoft Rainbow Six Siege servers compromised in coordinated attack, resulting in $13.3M in-game credit theft, mass account bans, and suspected source code