<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
			:root {
				color-scheme: light dark; supported-color-schemes: light dark;
			}
			
			*,
			*:after,
			*:before {
				-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
			}
			
			* {
				-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
			}
			
			html,
			body,
			.document {
				width: 100% !important; height: 100% !important; margin: 0; padding: 0;
			}
			
			body {
				-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
			}
			
			div[style*="margin: 16px 0"] {
				margin: 0 !important;
			}
			
			table,
			td {
				mso-table-lspace: 0pt; mso-table-rspace: 0pt;
			}
			
			table {
				border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
			}
			
			img {
				-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
			}
			
			*[x-apple-data-detectors] {
				color: inherit !important; text-decoration: none !important;
			}
			
			.x-gmail-data-detectors,
			.x-gmail-data-detectors *,
			.aBn {
				border-bottom: 0 !important; cursor: default !important;
			}
			
			.btn {
				-webkit-transition: all 200ms ease; transition: all 200ms ease;
			}
			
			.btn:hover {
				background-color: #f67575; border-color: #f67575;
			}
			
			* {
				font-family: Arial, Helvetica, sans-serif; font-size: 18px;
			}
			
			@media screen and (max-width: 600px) {
				.container {
					width: 100%; margin: auto;
				}
				.stack {
					display: block!important; width: 100%!important; max-width: 100%!important;
				}
				.btn {
					display: block; width: 100%; text-align: center;
				}
			}
			
			body,
			p,
			td,
			tr,
			.body,
			table,
			h1,
			h2,
			h3,
			h4,
			h5,
			h6,
			div,
			span {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			
			@media (prefers-color-scheme: dark) {
				body,
				p,
				td,
				tr,
				.body,
				table,
				h1,
				h2,
				h3,
				h4,
				h5,
				h6,
				div,
				span {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
			
			a {
				color: inherit !important; text-decoration: underline !important;
			}
		</style><!--[if mso | ie]>
		<style type="text/css">
			a {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			@media (prefers-color-scheme: dark) {
				a {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
	 </style>
			<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Palo Alto Networks suffered a data breach due to compromised OAuth tokens from the Salesloft Drift breach. The attacker extracted business content                                                      </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/YF-bgjklPCSgmeuSrqSxqgLStBzzj7k9X925px4D3fM=421" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/60xnQl_ohFJg2AzxrnjNj6597yWoBy39iSmzff_QqNA=421" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=613d8516-88a0-11f0-96bf-33c9dbdbc9d4%26pt=campaign%26t=1756904776%26s=2ff2213f4e4d8a7e4dfd59e7204233b96c088a520f91530df580ce4cdcffad34/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/iRD74kKKJQbM6hhPJ92d7Jnsvx_uBgCmCgU7uxXFo5I=421"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fthreatlocker-cyber-hero-managed-detection-and-response-mdr%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=mdr_q3_25%26utm_content=mdr%26utm_term=newsletter/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/MS69pNl69Pxm3-q7hR8QaEJOG-5IdA8uYiHKRKoZh-8=421"><img src="https://images.tldr.tech/threatlocker2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fthreatlocker-cyber-hero-managed-detection-and-response-mdr%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=mdr_q3_25%26utm_content=mdr%26utm_term=newsletter/2/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/G8JQzwqvCqZ6jaq4RC8KnoM_nk6csWTnGLfwA5cuz0Q=421">
                                    <span>
                                        <strong>⚡ 60-second threat MDR vs. "we'll get back to you" (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    <em>Your MDR provider</em>: "We've escalated this to our Tier 2 team, expect a response in 2-4 hours"<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fthreatlocker-cyber-hero-managed-detection-and-response-mdr%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=mdr_q3_25%26utm_content=mdr%26utm_term=newsletter/3/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/eaTq6wZImiH-2xo3v77dZOtmNpGC8OHKct00BsPbRPc=421" rel="noopener noreferrer nofollow" target="_blank"><span><em>ThreatLocker Cyber Hero</em></span></a>: Already locked down the attacker and sent you the full forensic breakdown.</p>
<p>Get MDR that never sleeps:</p>
<p>→ 60-second average response time.</p>
<p>→ Human analysts monitoring the ThreatLocker Detect EDR 24/7/365.</p>
<p>→ The Cyber Hero Team follows your runbook to either isolate or lock down the device, and delivers additional information about the threat.
<br>
<br>✅ Proven <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fthreatlocker-cyber-hero-managed-detection-and-response-mdr%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=mdr_q3_25%26utm_content=mdr%26utm_term=newsletter/4/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/cg8w6DL9F17wn8HsJKnpSwlCCJSVp_Ec1bGHZPXXEtg=421" rel="noopener noreferrer nofollow" target="_blank"><span>live on stage</span></a> at Zero Trust World 2024</p>
<p>If you've had enough of sifting through false positives and waiting for callbacks, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fthreatlocker-cyber-hero-managed-detection-and-response-mdr%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=mdr_q3_25%26utm_content=mdr%26utm_term=newsletter/5/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/Vg8p_r_hXUkJ0YM8jsmVBBBML051kUycvCZCPb8QpPg=421" rel="noopener noreferrer nofollow" target="_blank"><span>book a demo today</span></a>.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181801%2Fdata-breach%2Fsupply-chain-attack-hits-zscaler-via-salesloft-drift-leaking-customer-info.html%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/0zcAosnpNrelhmrdmZoU-dk1_xAtYVZ-Sud5s87DrZ4=421">
                                    <span>
                                        <strong>Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Zscaler confirmed that a threat actor compromised OAuth tokens via the Salesloft Drift integration from August 8 to 18, exposing business contacts and Salesforce data. Though core infrastructure remained secure, the breach revealed names, emails, job titles, phone numbers, and licensing info. The attack extended beyond Salesforce, targeting AWS keys and Snowflake tokens across multiple organizations. Zscaler revoked Drift's access and rotated API tokens.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FwoKTXt/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/QMszWhaXvKyAm4o7ni9VsOHHT2p6hGcOsx3qkqd1kzQ=421">
                                    <span>
                                        <strong>Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram (6 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    The Go module "golang-random-ip-ssh-bruteforce" mimics an SSH brute-force tool but secretly exfiltrates credentials to a Telegram bot (@sshZXC_bot) controlled by Russian-speaking threat actor IllDieAnyway. It scans random IPv4 addresses on port 22, attempts to log in with default IoT credentials (such as "root"/"admin" with passwords like "toor"), and then stops after the first successful login to avoid detection. Active since June 2022 and still on pkg.go.dev despite removal requests, it exploits trust in security tools, turning them into credential harvesters using ssh.InsecureIgnoreHostKey() and the HTTPS Telegram API are used to evade monitoring.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpalo-alto-networks-data-breach-exposes-customer-info-support-cases%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/SkX6IuUPv6-zw9XytUW_yKuxPbLZjbRAmmsNpHCBc1Y=421">
                                    <span>
                                        <strong>Palo Alto Networks Data Breach Exposes Customer Info, Support Cases (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Palo Alto Networks suffered a data breach due to compromised OAuth tokens from the Salesloft Drift breach. The attacker primarily extracted business content and related account information, internal sales account records, and basic case data from their Salesforce environment. They were searching for secrets, including AWS access keys, Snowflake tokens, VPN and SSO login strings, and generic keywords.
                                </span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fattackers-sell-your-bandwidth-using-sdks%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/UckmLdC5-f5vHNuM9bh_11tTciP9FjUPEtBv-fgU4HE=421">
                                    <span>
                                        <strong>Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth (10 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Attackers have been exploiting CVE-2024-36401 in GeoServer to deploy legitimate SDKs and bandwidth-sharing apps that monetize victims' internet connections, operating stealthily with minimal resource consumption while generating passive income through residential proxy networks. The campaign uses Dart-compiled executables distributed via transfer. To maintain persistence, attackers are targeting over 7,000 exposed GeoServer instances globally, while evading detection by shifting their infrastructure with different IP addresses. The exploit leverages JXPath extension functions to achieve remote code execution, allowing attackers to download and execute monetization payloads that masquerade as legitimate passive income services.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fbeyond-iam-access-keys-modern-authentication-approaches-for-aws%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/BCBamAW2sC8hkChRS0g2DWvIU1v94ckSanMV2PU6o_E=421">
                                    <span>
                                        <strong>Beyond IAM Access Keys: Modern Authentication Approaches for AWS (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Long-lived IAM access keys can present risks such as credential exposure, unauthorized sharing, or theft. AWS CLI access can be achieved with CloudShell or via IAM Identity Center to avoid using access keys. Users can work with IDEs without using access keys by leveraging the AWS Toolkit extension for IDEs such as VS Code. IAM roles can be leveraged by CI/CD pipelines, on-premise workloads, or third-party applications instead of access keys.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftailscale.com%2Fblog%2Ftailscale-web-ssh-console%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/4Op-bOfphGPVGl6fvOXTQtqkFWOkc3qRujyVsS5-bZY=421">
                                    <span>
                                        <strong>The Wonderfully Lazy Way to SSH Into Your Computers (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Tailscale offers a web-based SSH tool called Tailscale SSH that can be used to SSH into connected devices without the need to manage SSH keys. It utilizes an ephemeral authentication key to create an end-to-end encrypted tunnel in a pop-out browser window to allow for one-click access via the admin panel. Tailscale SSH requires users to run the open-source version of Tailscale's Mac client to access Macs and does not work on Synology or QNAP systems.
                                </span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSemperis%2FSAMLSmith%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/B4V51WqeGEHe2kg9Y-dDQ_o7KD6QXFgEvMkwKTKoyrE=421">
                                    <span>
                                        <strong>SAMLSmith (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    SAMLSmith is a C# tool designed for creating custom SAML responses and executing Silver SAML and Golden SAML attacks. It offers extensive features suitable for security researchers and penetration testers dealing with SAML-based authentication systems.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2025%2F07%2F28%2Fwe-built-the-security-layer-mcp-always-needed%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/jy8aiSUvNDLAbEKdqWqQYUO86XZlxe_djEO2dgFbEPo=421">
                                    <span>
                                        <strong>We Built the Security Layer MCP Always Needed (6 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    `mcp-context-protector` is a security wrapper for LLM apps using MCP that defends against line jumping attacks and prompt injection via tool descriptions and ANSI escape codes. It requires users to review new and modified server descriptions and tool definitions. The tool sanitizes ANSI sequences to prevent prompt injection and is implemented as an MCP. It is unable to evaluate chain-of-thought attacks.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftristanlatr%2Fburpa%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/uZR5PYD-DLfICuTVt3qLcdnyqBV2wfDIw4D77x8vPUo=421">
                                    <span>
                                        <strong>Burpa (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    This repository is a maintained fork of the Burp Automator tool, originally at 0x4D31/burpa, which was left abandoned. It provides a high-level CLI and Python interfaces to Burp Suite scanner and can be used to set up Dynamic Application Security Testing (DAST).
                                </span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgoteleport.com%2Fblog%2Fiso-iec-27001-2022-explained%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/B9ESMlGEjEJuLhgiEJLkbGTv2ezwReDBoyLg-cvS-v0=421">
                                    <span>
                                        <strong>ISO 27001:2022 Requirements Explained for 2025 (7 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Any organization that wishes to retain its ISO 27001 certification must upgrade to the latest 2022 standard by October. This post breaks down the clauses that cover formal certification requirements and are the focus of the audit process and provides examples of how each clause can be applied in practice. The post also highlights which of the Annex A controls were revised or added in the 2022 standard.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Finfostealers-the-silent-smash-and-grab-driving-modern-cybercrime%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/kRrxSSdMML0LnItEH1OuCetzFNrbtD4MIWfxbriqxH4=421">
                                    <span>
                                        <strong>Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime (8 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Modern infostealers operate through a sophisticated malware-as-a-service model, executing complete credential harvests within minutes using silent entry, stealthy data collection (including session cookies that bypass MFA), and traceless exfiltration before victims realize they've been compromised. These tools have evolved from simple keyloggers into turnkey identity harvesting systems that extract browser credentials, hardware IDs, personal documents, and cryptocurrency wallets, with stolen logs selling for as little as $10 on underground markets and Telegram channels. The harvested credentials serve as the foundation for 90% of corporate breaches, enabling initial access brokers to monetize compromised accounts through ransomware operations, financial fraud, and identity theft in an increasingly specialized cybercrime economy.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7GxszX/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/5X3-zG8N8FVAnb3Y8hey848rpA-iHqmYQVRMqEu0nrk=421">
                                    <span>
                                        <strong>Jaguar Land Rover Shuts Down in Scramble to Secure 'Cyber Incident' (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Jaguar Land Rover halted operations after a cyberattack disrupted its retail and production activities. The company is carefully rebooting its global applications, reporting no customer data theft so far. Experts say the breach was spotted late, and JLR is now working with responders to restore service and lock out attackers from its systems.
                                </span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fx.com%2FCloudflare%2Fstatus%2F1962559687368593552%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/Yl7rB1sx3oS7r8TTADnD3IgGdWsBXLvOXCXDi8AqtqE=421">
                                    <span>
                                        <strong>Cloudflare Blocks Largest DDoS Attack (1 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Cloudflare has autonomously blocked hundreds of hyper-volumetric DDoS attacks over the past few weeks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.nist.gov%2Fnews-events%2Fnews%2F2025%2F08%2Fnist-revises-security-and-privacy-control-catalog-improve-software-update%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/HGE3aaLSWqcw89mYoMelfEFgQDaShLbiShn6v0FnkAw=421">
                                    <span>
                                        <strong>NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    NIST updated its security controls to improve software patching to emphasize logging, root cause analysis, and designing for cyber resilience.
                                </span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F09%2F02%2Ffrostbyte10_copeland_controller_bugs%2F%3Futm_source=tldrinfosec/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/Mmgrt_obJHMpRO-cXaGyJeXRL4qI62tzITQJPIGTAZc=421">
                                    <span>
                                        <strong>Frostbyte10 bugs put grocery refrigeration devices at risk (6 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Frostbyte10 is a critical vulnerability in Copeland controllers, used by major grocery chains for refrigeration, that allows hackers to manipulate temperatures and potentially spoil food and medicine remotely.
                                </span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/58eBcXIBtrdR8PSvx2DGNStij44s9TqaGUT78gzdG1k=421" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/fDUfZrnuHeSCYuWkkZAj9DwNSnx7rRKUJAtSNLHOg28=421" style="font-size: 16px; line-height: 1.6;  padding: 10px 0; display: inline-block;  text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/OkOPv-Yfc4Vouz_NConp6VlgShnt1caL9vAevD2YXHU=421"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/1wajr6evOpOOYxgUhSaWQvytyfY4S9g8qbANDSkiQPo=421" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/bTXmZoKHS2xW4tFmFwjj0q6kAegwy8FDYog3CA5x2ew=421"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/zZKDx3-zB3-KpRGGATKn4Mdmw0jsoZ79gHstUWW6jqs=421"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/OX7WTfo9MsLjvkZmt77knDr0MRtvw46H3baD7bnnQ1o=421"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/kvoDhyHF6BIB5dgqcD8db-bTgjDZ3XgtYpZdLMfg83U=421">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=613d8516-88a0-11f0-96bf-33c9dbdbc9d4%26pt=campaign%26pv=4%26spa=1756904464%26t=1756904776%26s=64a738a480c6381fa5f8e7daaaa1e85ab74f99efb6f0c2bd9070ef7610cd2dfe/1/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/GtHYgD0uhclK38beyJxtMIH1NJZE1U9vwtz6_sq6Fss=421">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/010001990faf64b7-d7b9a82f-9314-4187-b93f-1100484a2199-000000/B0npls62b19PqeDSzL0lPgfLpiDgy8sNuw1yIcedo8A=421" style="display: none; width: 1px; height: 1px;">
</body></html>