Espresso

Sign in Subscribe

Microsoft

Microsoft Patches BPF Race Flaw in WSL2 and Azure Linux, Deploys CSAF/VEX Attestations to Advance Kernel Security

Microsoft Patches BPF Race Flaw in WSL2 and Azure Linux, Deploys CSAF/VEX Attestations to Advance Kernel Security

TL;DR * CVE-2025-39863 use-after-free in Broadcom Wi-Fi driver (brcmfmac) exploited via timer-race, affects Azure Linux and AKS nodes; patch deployed upstream * Microsoft patches CVE-2025-39886 BPF allocation flaw in WSL2 and CBL-Mariner kernels, publishes CSAF/VEX attestations for Azure Linux * F2FS remount flaw (CVE-2023-53447) causes kernel crashes during concurrent file operations;

React RCE CVE-2025-55182 Exploited by Botnets, BlackForce MFA Kit Emerges, Azure Linux Patched, AI Pen-Tester Artemis Rises

React RCE CVE-2025-55182 Exploited by Botnets, BlackForce MFA Kit Emerges, Azure Linux Patched, AI Pen-Tester Artemis Rises

TL;DR * CVE-2025-55182 Patched in React Server Components After 137,200 IPs Exposed to RCE via Flight Protocol * BlackForce Phishing Kit Sold on Telegram for €200–300 Uses Legitimate React Code to Bypass MFA Detection * Microsoft Azure Linux Affected by CVE-2025-49177 XFixes Extension Vulnerability Enabling Remote Code Execution * AI Agent

Big Tech Lays Off 100K+ in 2025 Amid AI Restructuring, Hiring Slowdowns, and Global Upskilling Shifts

Big Tech Lays Off 100K+ in 2025 Amid AI Restructuring, Hiring Slowdowns, and Global Upskilling Shifts

TL;DR * CMA Credential Demand Surges in India and U.S., With Salaries Ranging from $60K to $250K as BFSI, Tech, and Manufacturing Firms Compete for Skilled Professionals * India’s Aerospace and Space Tech Sector to Create 200,000+ New Jobs by 2033, Driven by Gaganyaan Mission and $44B Market

U.S. Job Openings Jump to 7.67M as Quits Hit 5-Year Low | Layoffs Surge, Hiring Stagnates, AI Skill Gap Threatens Quant Research

U.S. Job Openings Jump to 7.67M as Quits Hit 5-Year Low | Layoffs Surge, Hiring Stagnates, AI Skill Gap Threatens Quant Research

TL;DR * Microsoft and India's Ministry of Labour partner to onboard 15,000+ employers to National Career Service platform, boosting AI-driven skilling and digital labor ecosystem * U.S. job openings rise to 7.67 million in October, but quits drop to 5-year low as workers cling to roles

Major Cyber Threats: WinRAR Flaw, Gemini Exfiltration, Fortinet Vulns, Russian Attacks

Major Cyber Threats: WinRAR Flaw, Gemini Exfiltration, Fortinet Vulns, Russian Attacks

TL;DR * CISA issues urgent alert for critical WinRAR path traversal vulnerability (CVE-2025-6218) actively exploited in the wild – immediate patching required by December 30, 2025 * Google Gemini Enterprise RAG architecture vulnerable to prompt injection attacks allowing silent exfiltration of Gmail, Calendar, and Google Docs data without user interaction * Fortinet patches

Windows 11 25H2 Update, Cloudflare WAF, and AI Code Assistants Hit Security Issues

Windows 11 25H2 Update, Cloudflare WAF, and AI Code Assistants Hit Security Issues

TL;DR * Microsoft’s Windows 11 25H2 update regression triggers File Explorer crashes and login issues on ~1% of consumers * Global Cloudflare WAF mis‑configuration on Dec. 5 caused 28 % of US traffic to return 500‑error pages * AI‑powered code assistants (Copilot, Cursor) vulnerable to prompt injections that can

Korean E‑commerce Breaches Expose 67M Customers, DarkWeb Informer Aggregates 676 Ransomware Claims

Korean E‑commerce Breaches Expose 67M Customers, DarkWeb Informer Aggregates 676 Ransomware Claims

TL;DR * Korean e‑commerce breaches expose 67 million customers' PII, driving stricter privacy regulation. * Malware browser extensions infect 4.3 million users, prompting Microsoft cleanup and stricter policy. * Zero‑day vulnerabilities affecting critical infrastructure leave 40% unpatched, raising systemic exposure. * DarkWeb Informer API aggregates 676 ransomware claims, enabling