Espresso

Sign in Subscribe

Cybersecurity

CISA rushes Ivanti patch, VS Code loots keys, Docker Gordon RCE, Aussie API leak

CISA rushes Ivanti patch, VS Code loots keys, Docker Gordon RCE, Aussie API leak

TL;DR * Ivanti EPMM Critical Vulnerabilities (CVE-2026-1281) Actively Exploited, 1,400+ Instances Exposed * Open VSX Supply Chain Attack Compromises 22,000+ Downloads with macOS Infostealer Malware * DockerDash Flaw Enables Prompt Injection in Ask Gordon AI Assistant, Leading to Data Exfiltration * Australian Furniture Company Data Leak Sells 48,000 Records on

APT swaps Notepad++ updates, Microsoft axes NTLM, Asia firms bleed $800k

APT swaps Notepad++ updates, Microsoft axes NTLM, Asia firms bleed $800k

TL;DR * Notepad++ Suffers Supply Chain Attack via Hijacked Hosting Server * Chrysalis Backdoor Delivered via Compromised Notepad++ Update by Chinese APT Lotus Blossom * Microsoft Deprecates NTLM by Default in Windows 11 and Server ⚠️ APT hijacks Notepad++ updates, 10M installs at risk, v8.8.9 pins certs Notepad++ hijacked: Chinese APT

Hackers weaponize MFA, AI skills, DeFi bridges; EU spurns surveillance

Hackers weaponize MFA, AI skills, DeFi bridges; EU spurns surveillance

TL;DR * Vishing Campaigns Compromise SSO-Protected SaaS Accounts via Credential Harvesting * OpenClaw Ecosystem Targeted by 14 Malicious AI Skills on ClawHub * CrossCurve Bridge Exploit Steals $3M via Smart Contract Vulnerability * Capgemini to divest from ICE contract amid protests over surveillance program 🔐 ShinyHunters vish SSO, bypass MFA, exfil SaaS, extort billions

CISA leaks, Android bricks, Brazil theft drops 45%

CISA leaks, Android bricks, Brazil theft drops 45%

TL;DR * CISA Acting Head Madhu Gottumukkala Under Scrutiny for Uploading Sensitive Docs to ChatGPT * Android expands Theft Protection with granular authentication lockouts and remote locking * Microsoft KB5074109 Update Causes Windows 11 Boot Failures, Partial Rollback Initiated 🤦 CISA Leaks Own Files to ChatGPT, DHSChat Ignored CISA’s acting chief just

4 000 Unsecured AI Boxes Looted in 5s

4 000 Unsecured AI Boxes Looted in 5s

TL;DR * Attackers exploit exposed LLM endpoints at scale, targeting SMEs with unauthenticated AI infrastructure * ServiceNow patches critical AI workflow flaw enabling MFA bypass and privileged access * Meta Rolls Out Enhanced WhatsApp Security Features to Combat Spyware and Zero-Day Exploits * Cyberattack disrupts ARC Raiders and The Finals servers, with DDoS

Descope 2.0 Cuts AI Surface 25%, Zscaler 100% Pwn Rate, OAuth Phishing 149 M creds, GhostPoster steals 390 k passwords.

Descope 2.0 Cuts AI Surface 25%, Zscaler 100% Pwn Rate, OAuth Phishing 149 M creds, GhostPoster steals 390 k passwords.

TL;DR * Descope launches Agentic Identity Hub 2.0 to secure AI agents and MCP servers * Zscaler’s 2026 AI Security Report reveals 100% of enterprise systems vulnerable to 16-minute compromise * Microsoft Entra ID Agent Identities Exploited in OAuth-Consent Phishing Campaigns * 16 Malicious Chrome Extensions Steal ChatGPT Session Tokens, Exfiltrate