Espresso

Sign in Subscribe

News

Microsoft Patches BPF Race Flaw in WSL2 and Azure Linux, Deploys CSAF/VEX Attestations to Advance Kernel Security

Microsoft Patches BPF Race Flaw in WSL2 and Azure Linux, Deploys CSAF/VEX Attestations to Advance Kernel Security

TL;DR * CVE-2025-39863 use-after-free in Broadcom Wi-Fi driver (brcmfmac) exploited via timer-race, affects Azure Linux and AKS nodes; patch deployed upstream * Microsoft patches CVE-2025-39886 BPF allocation flaw in WSL2 and CBL-Mariner kernels, publishes CSAF/VEX attestations for Azure Linux * F2FS remount flaw (CVE-2023-53447) causes kernel crashes during concurrent file operations;

React RCE CVE-2025-55182 Exploited by Botnets, BlackForce MFA Kit Emerges, Azure Linux Patched, AI Pen-Tester Artemis Rises

React RCE CVE-2025-55182 Exploited by Botnets, BlackForce MFA Kit Emerges, Azure Linux Patched, AI Pen-Tester Artemis Rises

TL;DR * CVE-2025-55182 Patched in React Server Components After 137,200 IPs Exposed to RCE via Flight Protocol * BlackForce Phishing Kit Sold on Telegram for €200–300 Uses Legitimate React Code to Bypass MFA Detection * Microsoft Azure Linux Affected by CVE-2025-49177 XFixes Extension Vulnerability Enabling Remote Code Execution * AI Agent

American Airlines Launches A321XLR Fleet, IndiGo Appoints External Expert After Crisis, DJI Faces U.S. Regulatory Crossroads

American Airlines Launches A321XLR Fleet, IndiGo Appoints External Expert After Crisis, DJI Faces U.S. Regulatory Crossroads

TL;DR * American Airlines Launches Airbus A321XLR on Transatlantic Routes with 40 Aircraft by 2030, Featuring Premium Economy and Bluetooth Connectivity * IndiGo Appoints External Aviation Expert John Illson to Investigate December 2 Flight Cancellations and Operational Disruptions * Eve Air Mobility Secures $40M from BNDES to Certify First eVTOL Aircraft, Targeting

U.S. Seizes Venezuelan Oil Tanker Amid Escalating Sanctions, Russian Bombers Deployed, and Global Power Struggle Intensifies

U.S. Seizes Venezuelan Oil Tanker Amid Escalating Sanctions, Russian Bombers Deployed, and Global Power Struggle Intensifies

TL;DR * U.S. Seizes Venezuelan Oil Tanker Off Coast, Escalating Tensions Amid Trump’s Military Threats and ICC Sanctions * Senate Rejects Extension of Health Care Subsidies, Triggering Potential 43-Day Government Shutdown and Million-Dollar Cost Surge * TMC Government in West Bengal Faces Backlash as 35 Communities Removed from OBC List

Waymo Robotaxi Delivers Baby in San Francisco as AI Detects Distress, Outpaces EMS by 5 Minutes

Waymo Robotaxi Delivers Baby in San Francisco as AI Detects Distress, Outpaces EMS by 5 Minutes

TL;DR * Waymo Robotaxi Delivers Baby in San Francisco, Highlighting Safety Systems in Autonomous Vehicles * Rivian Launches AI-Powered Autonomy+ Subscription with 20x Improvement in Critical Disengagements * Uber and WeRide Launch Robotaxi Service in Dubai, Expanding Autonomous Mobility in Middle East * Tesla Expands FSD v14.1 to 9,200 Miles Between

DJI Drone Discounts in U.S. Ahead of December Government Audit

DJI Drone Discounts in U.S. Ahead of December Government Audit

TL;DR * Boom Supersonic adapts Symphony jet engine to power AI data centers with 42 MW turbogenerator units, targeting 4 GW annual capacity by 2030 * U.S. Space Force installs multi-million-dollar counter-UAS system at Cape Canaveral to protect 300+ annual launches from drone threats using AFRL and NRO tech * DJI

Apache, urllib3, Chrome Patch Critical Vulnerabilities: What You Need to Know

Apache, urllib3, Chrome Patch Critical Vulnerabilities: What You Need to Know

TL;DR * Apache HTTP Server patches critical CVE-2025-55753 integer overflow in mod_md, preventing resource exhaustion and ACME renewal denial-of-service * CVE-2025-66471 in urllib3 allows denial-of-service via compressed response bombs; fix released in v2.6.0 for Python web frameworks and cloud agents * Critical RCE vulnerability CVE-2025-58098 in Apache HTTP Server&