<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Adobe released an emergency patch for a critical (CVSS 9.1) vulnerability in all versions of Adobe Commerce and Magento </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/GUHBLgM0iXu0ozXaWL_zmglBAK6ynlBiWgy-1OwTkxs=422" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/NVkrb2AdsVwFxQmjG249PRDjw-IwN-yl4mNjnIKf2kU=422" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=946e41ac-8ed9-11f0-8700-b1fe0682262f%26pt=campaign%26t=1757596035%26s=f3fff4744c3cd23a21b191bfcdd628170e2d0dfdd6ca86ebd9217b43fa2a4854/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/78QZJsKyD6k-3uRVWnY_rOg1pudu_7iH9cwvbLp3geo=422"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/5AojR1D40j3nJ2Tx3IybnvV8Q6tLicikaHQKc4_0aQA=422"><img src="https://images.tldr.tech/bitwarden.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Bitwarden"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-11</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/2/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/zAeS5UoJ_DfU7bfylWdOCZzlaqYMwof8Zs7CyFip-t4=422">
<span>
<strong>Password manager showdown: G2 compared 14 solutions, one dominated the competition (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When G2, the world's largest software marketplace, analyzed 14 enterprise password managers, the results weren't even close:<p></p><ul><li><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=form_page/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/vEbyV5YIquP1s9Uikd0i-huVzWORe9C6ehomfK-VMtw=422" rel="noopener noreferrer nofollow" target="_blank"><span>Bitwarden</span></a> scored 99/100 on user satisfaction - far outperforming Keeper (78), Lastpass (61), and 1Password (30).</li>
<li>Bitwarden customers achieve ROI 29% faster than alternatives.</li>
<li>70% of Bitwarden Enterprise customers went live in under 30 days, making it the simplest and most efficient solution to implement.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/3/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/lOmaOQKykYmylAmaFOECBCbGqqbWWbl6muChzNm-aQI=422" rel="noopener noreferrer nofollow" target="_blank"><span>See the full breakdown →</span></a></p>
<p>Ready to see why Bitwarden continues to lead the G2 reports for 11 consecutive quarters? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=form_page/2/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/zlGOUFf1RArDYucN4w-YozRBEK5coR84AtiiHLvJlCM=422" rel="noopener noreferrer nofollow" target="_blank"><span>Start a free trial of Bitwarden for your business</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2Ffrom-mostererat-to-clickfix-new-malware.html%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/W83-z8OxF7uY3nsCNbwCrOkeO0Hnr8zMNXaAzZF7GV0=422">
<span>
<strong>From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fortinet researchers have disclosed a sophisticated phishing campaign delivering MostereRAT, a banking malware-turned-RAT that uses the obscure Easy Programming Language (EPL), disables Windows security mechanisms, and deploys remote access tools like AnyDesk and TightVNC to maintain persistent access on compromised systems. A separate ClickFix campaign targets users searching for AnyDesk by serving fake Cloudflare verification pages that ultimately deliver MetaStealer through social engineering tactics involving Windows File Explorer and malicious LNK files disguised as PDFs. Security researchers also revealed a novel adaptation of ClickFix using CSS-based obfuscation to weaponize AI summarizers through "prompt overdose" attacks that overwhelm AI context windows to produce malicious step-by-step instructions, demonstrating how threat actors are exploiting user trust in AI-generated content.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsansec.io%2Fresearch%2Fsessionreaper%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/fmKblMJT9jE-UIx-PuiSzSVO0TpB3Wzs1Tg3H8IF3dc=422">
<span>
<strong>SessionReaper, Unauthenticated RCE in Magento & Adobe Commerce (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Adobe released an emergency patch for a critical (CVSS 9.1) vulnerability in all versions of Adobe Commerce and Magento. The vulnerability allows for customer account takeover as well as unauthenticated remote code execution in some circumstances. The attack combines a malicious session with a nested deserialization bug.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4054796%2Fcursors-autorun-lets-hackers-execute-arbitrary-code.html%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/vls-zVGFHOWPdxdJCbErxTmt_o3QT15XYC_TUVgg2_8=422">
<span>
<strong>Cursor's autorun lets hackers execute arbitrary code (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cursor's AI-powered code editor ships with Workspace Trust disabled by default, allowing malicious repositories to automatically execute code through crafted ".vscode/tasks.json" files the moment a developer opens a folder, without any user prompts or warnings. Attackers can inject these malicious task files into public repositories, enabling them to compromise developer machines and access sensitive data, including API keys, cloud credentials, and SaaS sessions, simply through the act of browsing a project. Unlike VS Code, which does not auto-run tasks in default configurations, Cursor executes these tasks immediately after opening a project folder, creating a significant supply chain attack vector for the platform's one million users.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4053635%2Fwhen-ai-nukes-your-database-the-dark-side-of-vibe-coding.html%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/5698Yx78rOdafWq2C8YdJ6DZPscb-SziOg5OZ6FuFTs=422">
<span>
<strong>When AI nukes your database: The dark side of vibe coding (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A startup founder's production database was accidentally wiped by an AI coding assistant in Replit, highlighting the dangers of "vibe coding" - the practice of letting AI tools like GitHub Copilot generate code from plain English prompts without proper review. Research shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities, with common issues including hardcoded secrets, weak access controls, and hallucinated dependencies that don't exist or contain security flaws. Security experts warn that "Shadow AI" development bypasses traditional code review processes, requiring organizations to treat AI-generated code like junior developer output with strict scrutiny and governance controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Frare-look-inside-attacker-operation%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/3eaW01asc1syGl7yyDw4KdG210-iRlQIwrfaSVBc3yE=422">
<span>
<strong>How an Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Huntress gained unprecedented insight into a threat actor's operations when the attacker accidentally installed their EDR agent after finding them through a Google ad while researching Bitdefender, revealing extensive use of AI tools like Make.com for workflow automation, searches for Evilginx instances, and systematic reconnaissance targeting Nigerian banks and cryptocurrency exchanges. The actor demonstrated sophisticated OPSEC with residential proxies (LunaProxy), anti-detection browsers (Nstbrowser), and security tools (Malwarebytes) while working 12 to 14-hour days conducting research, crafting phishing messages using Google Translate, and accessing over 2,400 compromised identities. Browser history revealed their evolution from manual processes to AI-assisted workflows, including automated Telegram bot integration and the use of stolen cookies with tools like ROADtools for Microsoft Entra token exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oligo.security%2Fblog%2Fpwn-my-ride-exploring-the-carplay-attack-surface%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/d9KYXrvBukcSk6eH23aVoID-OLXyUdEF56Ee1M8xXDI=422">
<span>
<strong>Pwn My Ride: Exploring the CarPlay Attack Surface (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oligo exposes Apple CarPlay's security vulnerabilities, focusing on CVE-2025-24132, a stack buffer overflow in the AirPlay protocol that enables remote code execution with root privileges. They detail how wireless CarPlay exposes vehicles to attacks, mainly because most cars rely on weak Bluetooth pairing. Attackers can exploit poor authentication to extract WiFi credentials and launch RCE attacks. Although Apple patched this in the AirPlay SDK, most car manufacturers haven't implemented these fixes, leaving many vehicles exposed.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffellow.ai%2Fgo%2Fsecurity-checklist-tldr%2F%3Futm_source=tldr-infosec%26utm_medium=email-sponsored%26utm_campaign=Q3-tldr-2/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/7dL05DQwiQBIOrX4-KJhkdZZSIpjjA2GXFV8ErbrF-g=422">
<span>
<strong>AI note-takers are creating Shadow IT (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When AI meeting tools quietly train on conversations and store sensitive data without controls, the risks to data security multiply. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffellow.ai%2Fgo%2Fsecurity-checklist-tldr%2F%3Futm_source=tldr-infosec%26utm_medium=email-sponsored%26utm_campaign=Q3-tldr-2/2/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/aGpzkM5OBib5Y3Vu5CI1R6VpQ3fWnlDubrs5lRLDoyE=422" rel="noopener noreferrer nofollow" target="_blank"><span>This free checklist from Fellow</span></a> gives IT and Ops leaders a clear framework to assess vendors on privacy, security, and governance. Before Shadow AI spreads inside your org, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffellow.ai%2Fgo%2Fsecurity-checklist-tldr%2F%3Futm_source=tldr-infosec%26utm_medium=email-sponsored%26utm_campaign=Q3-tldr-2/3/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/j1XFnjk7U_u4DuZhIaTuFugQ5PnVAOtrvIn8TRDIirQ=422" rel="noopener noreferrer nofollow" target="_blank"><span>get the checklist to reduce your risk.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKudaes%2FMFTool%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/SKCZYfoA2uUr1BVYyBZbAcu_z-Ry7VehQHNWkJbObss=422">
<span>
<strong>MFTool (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MFTool is a red team-oriented NTFS parser that bypasses Windows file APIs by directly parsing on-disk Master File Table structures to access locked, deleted, and hidden files. The tool can retrieve sensitive files like SAM, SYSTEM, and pagefile.sys without opening OS-level file handles, effectively circumventing Windows file access controls while requiring administrative privileges. It supports regex-based searches across entire volumes and maintains an encrypted in-memory Master File Table (MFT) cache for stealthy file system operations during red team engagements.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPentHertz%2FRF-Swift%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/jgcxBZsShY5J7J0qJtl1qJIeoXQszLlgurs41M8mIZU=422">
<span>
<strong>RF-Swift (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RF-Swift is a revolutionary toolbox that transforms any computer into a powerful RF testing laboratory without requiring a dedicated operating system. Unlike traditional approaches that force you to sacrifice your primary OS, RF-Swift brings containerized RF tools to your existing environment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.aegisai.ai%2F%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/9nZ45Ac6Q7E3UKpymVfmr1tIhiANylfw2ssrJ2DsFbw=422">
<span>
<strong>Aegis AI (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Aegis AI provides email security through reasoning agents, each of which is a custom-built LLM tuned to a specific threat. Once the orchestrating agent recognizes a threat or potential threat, it calls other agents in the network, and these agents then run the analysis, reason with each other, and respond to the orchestrating agent with a verdict.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F09%2Fgoogle-misled-users-about-their-privacy-and-now-owes-them-425m-says-court%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/GO5snhzb5tmZ4mAUQWXcyuhjowwKz72LTqpWeKrSmOU=422">
<span>
<strong>Google misled users about their privacy and now owes them $425m, says court (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A court ordered Google to pay $425 million in a class action lawsuit after finding it misled 98 million users about its "Web & App Activity" privacy setting, which was supposed to stop data collection but didn't prevent Google from gathering information through its Firebase analytics system. Despite users thinking their activities were private, Google continued collecting data from apps like Uber, Venmo, and Instagram through a separate system, with internal communications revealing Google was "intentionally vague" about data collection practices to avoid alarming users. This adds to Google's history of privacy violations, including recent settlements totaling over $2 billion for misleading location tracking and incognito mode practices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F09%2F08%2Fus_govt_lacks_clarity_infosec_workforce%2F%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/NMGK3QNkDbsgUQiXziRNVVVDhJdNyW8ntWSbwUkYgnM=422">
<span>
<strong>The US government has no idea how many cybersecurity pros it employs (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US government lacks accurate data on the number of cybersecurity workers and contractors it employs, due to the messy, incomplete, and unreliable data across agencies. The GAO found that most departments lack standardized reporting and quality controls, and efforts to fix the situation are stalled, leaving workforce planning and effective cybersecurity policy undermined.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F09%2Fformer-whatsapp-security-boss-sues-meta-for-systemic-cybersecurity-failures%2F%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/tl-tcvctvxSj-wOKYUTBtq8rDsMVPx2yWmizbb3QyUI=422">
<span>
<strong>Former WhatsApp security boss in lawsuit likens Meta's culture to a “cult” (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta's ex-WhatsApp security chief, Attaullah Baig, has sued back, claiming the company ignored and concealed major privacy flaws, allowed over 1,500 engineers uncontrolled data access, and failed to secure and track user data. He asserts Meta retaliated against him for whistleblowing, while Meta counters that he performed poorly and misrepresented ongoing efforts to improve security.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fus-charges-admin-of-lockergoga-megacortex-nefilim-ransomware%2F%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/RVoWNitJLfHOrkEfoB1Owd7FZlZG376nxwEZp2ySUmo=422">
<span>
<strong>US charges admin of LockerGoga, MegaCortex, Nefilim ransomware (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations that collectively caused hundreds of millions of dollars in damages to victims worldwide.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpixel-10-fights-ai-fakes-with-new-android-photo-verification-tech%2F%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/BiZ2Tv8XjmR7JHowd6cx8ctIpIm1J0S86JoVx0cC5kE=422">
<span>
<strong>Pixel 10 fights AI fakes with new Android photo verification tech (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F182063%2Fcyber-crime%2Fkillsec-ransomware-is-attacking-healthcare-institutions-in-brazil.html%3Futm_source=tldrinfosec/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/ol2e0lyr9lqXmm81Cl_toWif8FVOvlh7MgOa5B-J-Uc=422">
<span>
<strong>KillSec Ransomware is Attacking Healthcare Institutions in Brazil (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KillSec Ransomware attacked MedicSolution, a Brazilian healthcare software provider, stealing over 34 GB of sensitive medical data, including lab results, X-rays, and patient records (including minors) from an insecure AWS S3 bucket that was exposed for several months, marking the first notable supply chain incident affecting Brazil's healthcare industry.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/d2DvEfSwPUdGOXSvsfUKmp9KAvMLUcXX9WglAYfy5Z4=422" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/Z8a736WdkfV5oj1SRfhpKvZ3ZIsZiMkkekf-JoERdC8=422" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/0KMpOFJUB0NKg8mp5DX7KBGstcrsBb_ZXaP39sx9whs=422"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/3MqArQtwxBzsga7sbC1U05aos-83570hvTRpOAsrQEQ=422" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/B_DcNT16aIWeHqF0lWfE2cN77oDmXAtd8JnEr1GOd40=422"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/R33DY7BtqDjoKAoexAvaNIqm510iPizcj4DP9qGJajI=422"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/bjH9L8s8NxSib-hesNDCQT1P0Vw8p_3P-l63Q2GgnEQ=422"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/ag7kJKN7bTtfdl3GB-MOPET-Ns-IqMEHnZZyYfGhx7A=422">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=946e41ac-8ed9-11f0-8700-b1fe0682262f%26pt=campaign%26pv=4%26spa=1757595704%26t=1757596035%26s=5692d8120a6bac9a7306c7c400fcb5073b6405201d18cdf4409497d39bffbe67/1/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/KaoN9l3MaJ3XbCduS958fvA4wmKIhPQauiZHLm5Xhjg=422">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019938e32b27-b0db4ad4-3d48-49bd-aac5-3fa4042a572a-000000/1UyczRBB_1nnT11VB-elXyWm69ipdrNJkMz-RwQ4OFg=422" style="display: none; width: 1px; height: 1px;">
</body></html>