Espresso

Sign in Subscribe

Cybersecurity

200k PCs Fried, 50TB Looted: $500M Cyber Bonfire Scorches Windows World

200k PCs Fried, 50TB Looted: $500M Cyber Bonfire Scorches Windows World

TL;DR * Iran-linked hacktivist group Handala claims responsibility for global Stryker cyberattack, wiping 200,000+ systems and exfiltrating 50TB of data * MediaTek Dimensity 7300 flaw lets attackers extract PINs and crypto seed phrases in under 45 seconds via USB * Meta deploys AI-driven scam detection, removing 159M scam ads and 11M

120 Ukraine Gov Boxes Hacked 8 Yrs—Europe’s 2008 Servers Next Target

120 Ukraine Gov Boxes Hacked 8 Yrs—Europe’s 2008 Servers Next Target

TL;DR * ESET-SlimAgent and Xagent cyber threats detected in Ukraine and Russia, targeting critical infrastructure with malware * Iran-linked APT28 deploys BeardShell and Covenant implants for long-term espionage against Ukrainian military targets * AI-powered phishing and deepfakes surge as attackers reduce cost of social engineering by over 95%, per 2026 threat report

OK Bot Hacks Dutch Gov: 30+ Accounts Compromised — SMS 2FA Still Alive in 2026

OK Bot Hacks Dutch Gov: 30+ Accounts Compromised — SMS 2FA Still Alive in 2026

TL;DR * Russian state-sponsored hackers compromise WhatsApp and Signal accounts via phishing authentication codes * Cybercriminals exploit misconfigured Salesforce Experience Cloud sites using customized AuraInspector tool to harvest data for social engineering * ScamAgent AI framework developed at Rutgers University bypasses safety guardrails to simulate realistic social engineering attacks 🤖 30+ Gov Accounts

45M Ransomware Payoff Exposes Corporate Cyber Delusion — UK, US, and EU Firms Most Exposed

45M Ransomware Payoff Exposes Corporate Cyber Delusion — UK, US, and EU Firms Most Exposed

TL;DR * Akira ransomware generated $45M in illicit payments in 2025, leveraging AI and double extortion tactics against 2,207 North American victims * U.S. regulators block mandatory age verification on Discord after privacy backlash and data breach * LLMs like GPT-5.2 and Claude 4.5 Opus detect conversation history

42,000 iPhones Hacked — iOS 13 Still Running Amid $75B Crypto Losses: Apple’s Patch Ignored

42,000 iPhones Hacked — iOS 13 Still Running Amid $75B Crypto Losses: Apple’s Patch Ignored

TL;DR * Google uncovers Coruna iOS exploit kit targeting 23 vulnerabilities across iOS 13–17.2.1 to steal crypto seed phrases * Critical CVE-2026-1492 vulnerability exploited in 60,000+ WordPress sites allows unauthenticated admin access * Wikimedia Foundation hit by self-propagating JavaScript worm modifying 3,996 pages and over 85 users&

200M Stolen Passwords & 18M Colombian IDs Leaked: Bureaucracy Wins, Security Loses

200M Stolen Passwords & 18M Colombian IDs Leaked: Bureaucracy Wins, Security Loses

TL;DR * LeakBase cybercrime forum dismantled in global operation; 142,000+ members, 215,000 messages, and hundreds of millions of credentials seized * Colombia’s DIAN tax authority breach exposes 18M records via unpatched appointment portal vulnerability 🤡 200 Million Stolen Credentials Seized in Global Crackdown — FBI Takes Down LeakBase Across 14

Revoked Certificates Still Trusted: 2.4M Windows Systems Compromised — Microsoft Defender Fails Trust Chain — Enterprise Security Crisis

Revoked Certificates Still Trusted: 2.4M Windows Systems Compromised — Microsoft Defender Fails Trust Chain — Enterprise Security Crisis

TL;DR * Microsoft Defender identifies phishing campaign using ScreenConnect, Tactical RMM, and Mesh Agent via signed MSI packages in February 2026 * Phishing campaign impersonates Zoom and Google Meet waiting rooms to deploy Windows remote monitoring malware * Trail of Bits releases mquire, a Linux memory forensics tool that analyzes dumps without