<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A stable authenticated 0-click remote code execution exploit against Linux's kernel SMB3 daemon (ksmbd) chains two existing CVEs β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/JENFJlqTqx-F_ObZMejESppezjnyTE2YwRjvMXJY35I=423" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/_ZyDLX-uvfu1h7G31oIf8rJsVKsB_h5LFC86RluNhS4=423" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b391e6ac-92bb-11f0-a238-af73a6e8a7c3%26pt=campaign%26t=1758027990%26s=0cf41c2cadfb9d114da209bc54e332b291a51be99d7e47f60352714f117e4d80/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/-90RwW256p1FXBpQHtO_tdgu8ARtYBPXHeIDzRqXBjQ=423"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FUy5Ibf/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/nVMhYEdP0JxocxJcI5n4a4MdyXRmEW-eJB0mvztpM90=423"><img src="https://images.tldr.tech/threatlocker2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-16</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FUy5Ibf/2/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/N7kE7_OiPPsAz9UmsQFEUWC9bFbxVOOuNYR4FjRuHDw=423">
<span>
<strong>Ready for the next round of Patch Roulette? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Today's software update <em>might</em> go just fine. Or it might brick your ERP and turn Patch Wednesday into Panic Thursday.<p></p><p>Do you spin the wheel and find out?</p><p>Or do you spend days researching, testing compatibility, praying that nothing breaks, then dealing with the fallout when it inevitably does?</p><p>Choose "none of the above" with <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FasPX5y/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/E64NS3bq19WXidUgGolve558yNW3KOiogDCfmLWPs-Y=423" rel="noopener noreferrer nofollow" target="_blank"><span>ThreatLocker Patch Management.</span></a> Their Cyber Hero Team <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FUy5Ibf/3/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/jRPh9Y0OCw5JpqxKGApHP1GOuoKw53vjPSEObCUm7Jk=423" rel="noopener noreferrer nofollow" target="_blank"><span>pre-tests every single update in a controlled environment</span></a>. You get the security benefits of up-to-date software, without the hassle. And you're always in control with Centralized management across all endpoints and policy based-deployment.</p>
<p>Install Patch Management. Forget about patch management. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FUy5Ibf/4/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/HrTou2OyyMDqwPIgwXrTVgZAxQmOdTeZMyRO3-Ydrd4=423" rel="noopener noreferrer nofollow" target="_blank"><span>See how it works</span></a></p>
<p>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fvoidproxy-phishing-service-bypasses-mfa-microsoft-google%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/-518chT82PhqQucJYMCcnUtpErYvIIWM-aatgG6VVyU=423">
<span>
<strong>New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VoidProxy is a new Phishing-as-a-Service platform that uses Adversary-in-the-Middle attacks to bypass multi-factor authentication on Microsoft and Google accounts by intercepting login credentials and session cookies in real-time. The platform leverages compromised email accounts from legitimate providers like Constant Contact to evade spam filters, then redirects victims to perfect clones of login pages where all authentication data is stolen. VoidProxy operates with a sophisticated two-part infrastructure that features disposable front-ends and resilient back-ends, along with anti-analysis features including Cloudflare CAPTCHA protection, making it difficult for security teams to detect and track.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.willsroot.io%2F2025%2F09%2Fksmbd-0-click.html%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/s4IGiHrL7sLxxyCQCBNI-i-1EFI3odNSf_N8ozurFXI=423">
<span>
<strong>Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A stable authenticated 0-click remote code execution exploit against Linux's kernel SMB3 daemon (ksmbd) chains two existing CVEs: CVE-2023-52440 for controlled heap overflow, and CVE-2023-4130 for memory leakage, targeting Linux 6.1.45 with full mitigations enabled. The exploit leverages NTLM authentication flaws to overflow a 512-byte SLUB allocation, then uses an arbitrary free primitive to corrupt a 1KB ksmbd_conn object and hijack a vtable pointer to achieve ROP-based code execution via call_usermodehelper. The technique demonstrates how N-day vulnerabilities can be chained together for reliable exploitation despite modern kernel protections, though it requires authenticated SMB access and is limited by the relative rarity of ksmbd deployments in production environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F09%2F15%2Ffinwise_insider_data_breach%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/7h5_wAf2FTYZ5dfGjfoSxDeL_7a85jzX5DLu65P6Fqs=423">
<span>
<strong>Insider blamed for FinWise data breach affecting nearly 700K (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nearly 700,000 FinWise Bank customers are being notified after a former employee may have accessed or taken personal data post-employment. The breach, detected over a year after it happened, involved customers from American First Finance. FinWise is offering affected individuals free credit monitoring. The case highlights ongoing risks posed by insider threats within financial and tech organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zerosalarium.com%2F2025%2F09%2FDumping-LSASS-With-WER-On-Modern-Windows-11.html%3Fm=1%26utm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/gFfCu82G8NlTExvdrp1Jxlb2qvPlMetJjiq-qgyDurU=423">
<span>
<strong>Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11 (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A red team researcher demonstrated how to bypass LSASS memory protections on Windows 11 by exploiting a vulnerable version of WerFaultSecure.exe from Windows 8.1, which runs with the highest Protected Process Light (PPL) level and can access protected LSASS memory that normal processes cannot touch. The technique uses undocumented parameters to trigger unencrypted crash dumps of the LSASS process, then disguises the output file with PNG magic headers to evade antivirus detection. The attack requires deploying the older vulnerable WerFaultSecure.exe binary alongside a custom loader that launches the tool with proper PPL protections, demonstrating how legacy Windows components can be weaponized against modern security controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ficode4.coffee%2F%3Fp=1047%26utm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/FNJ0PgVSR4X799k3HeMMXQyCv4gCAZOwlaYtkZKbCy4=423">
<span>
<strong>Hacking the Xbox 360 Hypervisor Part 1: System Overview (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This is the first part of a three-part series on hacking the Xbox 360 hypervisor. It provides a comprehensive system overview of the console's security architecture, including the custom Xenon PowerPC CPU with on-die security features like 768 eFuses, 64KB secure RAM, hardware encryption, and protected memory pathways that use per-boot encryption keys and CRC checksums. The hypervisor operates as a 256KB protected process that manages all executable memory allocation and code authentication, with only one known exploit in its history - the "4548 system call handler bug," which was likely caused by a compiler optimization error rather than intentional code changes. In the console's robust security model, where Microsoft must sign all code, hypervisor memory is protected with both encryption and integrity checks. The system uses multiple privilege levels with strict validation to prevent software-only hacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.flomb.net%2Fposts%2Fhttp2connect%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/WebxpVlNrfcFuVdRdPo_IxNKF1HjGlB7cSP729UouxY=423">
<span>
<strong>Playing with HTTP/2 CONNECT (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HTTP/2 CONNECT is an upgrade over the original HTTP/1 CONNECT method, shifting from tunneling entire TCP connections to multiplexing multiple streams within a single connection. This evolution enables more efficient proxying and port scanning by allowing numerous tunnels without the overhead of opening many separate TCP sessions. The protocol's design incorporates features like HPACK header compression and support for modern proxy use casesβincluding WebSocket, UDP, and raw IP proxyingβmaking it highly relevant for security research and next-generation proxy infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbusiness.tryhackme.com%2F%3Futm_source=TLDR%26utm_medium=affiliates%26utm_campaign=TLDR_Newsletter_16Sept25/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/bIpM3NBQCCIyjXExB1QPprmb4Qwf1wj8So89J9N-VYA=423">
<span>
<strong>Run a private CTF for your team - it's easier than you think (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Custom CTFs are a great exercise - and you now have a fast and effortless way to run them. TryHackMe is offering exclusive, <a class="c-link" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbusiness.tryhackme.com%2F%3Futm_source=TLDR%26utm_medium=affiliates%26utm_campaign=TLDR_Newsletter_16Sept25/2/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/m4oR_sJEMsOsqCxLkGYMI1UdUFEop4l2wnok8qUoIcw=423" rel="noopener noreferrer" target="_blank"><span>ready-to-run private events</span></a> covering web, crypto, forensics, and more. Deploy in one day with zero setup. Includes a beginner-friendly security awareness CTF for non-technical staff. <a class="c-link" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbusiness.tryhackme.com%2Fbook-a-demo%3Futm_source=TLDR%26utm_medium=affiliates%26utm_campaign=TLDR_Newsletter_16Sept25/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/RlV53SgcOGE81Ukp9tlZx-bl6LcE_paShuqD0pp7i_k=423" rel="noopener noreferrer" target="_blank"><span>Plan your team's private CTF</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FWorkday%2Fraw-disk-parser%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/Zah4ZCbthDxhGqPxUVBP8Y1UdOsDaYfXq4SS-WtENrA=423">
<span>
<strong>Raw Disk Parser (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Raw Disk Parser is a proof-of-concept Python script that dumps sensitive or restricted files without triggering alerts. It works by reading directly from the disk, then analyzing NTFS filesystem structures to find and read files. This method doesn't use standard Windows file APIs, so it effectively bypasses file access controls, locks, and some EDR/AV monitoring features that rely on hooking high-level file I/O operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSecurity-Onion-Solutions%2Fsecurityonion%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/jP5Vm6crNM5gRpafOz7AkjIGFe3wex3_kkDur0GqQeo=423">
<span>
<strong>Security Onion 2.4 (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security Onion is a free and open platform built by defenders for defenders. It includes features like network visibility, host visibility, intrusion detection honeypots, log management, and case management. In the latest 2.4 release, there are new features like SOC for UniFi dashboard, JA4 support, and many bugfixes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.geordie.ai%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/qe1qxzVAR92Y2PHs_PdbqUObwnR1FK2NIHHm_Dodkho=423">
<span>
<strong>Geordie (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Geordie provides enterprises with real-time visibility and alerts for AI agents, helping organizations track agent actions, detect unexpected behaviors, and securely manage AI agent adoption and risks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4tPlxB/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/lmQh4Kbfk32kXOKC6FkDRQCweDQz3KfBNzdTBVqEXTc=423">
<span>
<strong>Scattered Spider ransomware group abruptly decides to end operations - for now, at least (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fifteen major ransomware gangs, including Scattered Spider, Lapsus, and Shiny Hunters, announced they are "going dark" after claiming they fulfilled their goals and will enjoy their earnings from recent attacks on companies like Jaguar Land Rover, Marks & Spencer, and Salesforce. They posted their farewell on BreachForums, saying they will stop attacking in their name. However, experts doubt this will be permanent, as some members have already been arrested, and the profits of cybercrime may lure them back. The announcement follows a summer campaign where the rebranded "Scattered Lapsus Hunters" targeted over 700 organizations worldwide, mainly through social engineering and data theft rather than ransomware.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffbi-warns-of-unc6040-unc6395-hackers-stealing-salesforce-data%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/VJ-Wx3BX2WHFneqLVAhNB2IVxnwItM6B0aGI2eaKuRQ=423">
<span>
<strong>FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI issued a FLASH alert about cybercriminal groups UNC6040 and UNC6395, which target Salesforce to steal data and extort through methods like voice phishing and OAuth token exploitation. UNC6040 has used social engineering since late 2024 to trick call center staff into connecting malicious apps to Salesforce, while UNC6395 exploited OAuth tokens in August to access customer data and credentials. Major companies such as Google, Adidas, Qantas, Cisco, Louis Vuitton, and Tiffany & Co. have been impacted. The threat actors are linked to ShinyHunters and Scattered Spider, who recently announced they are "going dark."
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dualmedia.com%2Fproton-mail-journalist-accounts%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/sTAoqztcKPHkjuQa2Zyi3oAWZ4YHLj_982ordKnaht8=423">
<span>
<strong>Proton Mail Takes Action: Journalist Accounts Suspended Following Cybersecurity Agency Request (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Proton Mail suspended two journalists' accounts after they published research documenting an intrusion into several South Korean government institutions in Phrack. It contacted the researchers via the disclosure account a week after the print release, notifying them that their account was being suspended, citing a policy violation due to a government cybersecurity organization. The company reversed its decision and restored the accounts following a public outcry over privacy.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fclp%2Ftag-implementing-a-dast-first-appsec-program-with-invicti%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=quick-link-tag-dast-report/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/SPqRvM1lmEUawVHniVMrridlJKCUldDdh-7xZDLk84o=423">
<span>
<strong>Analyst Report: AI-Powered DAST for Security Teams (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Stop overwhelming your teams with alerts that don't align with actual risk. Find runtime-verified, exploitable vulnerabilities in production. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fclp%2Ftag-implementing-a-dast-first-appsec-program-with-invicti%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=quick-link-tag-dast-report/2/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/wPtVgJ7Jn4-VWOrvDTZIIzBn_i4CeGbMOiP4VIDBsh0=423" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Download TAG report from Invicti</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fstrikeready.com%2Fblog%2Fsidewinder-apt-leverages-nepal-protests-to-push-mobile-malware%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/y785tQnkv3UUmt62iOREhdNEtPikgZtyOLg9oRKHdMA=423">
<span>
<strong>Sidewinder APT leverages Nepal protests to push mobile malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers exploited Nepal protests by masquerading as emergency services and officials to trick people into downloading malware and stealing data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F6hZmHu/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/czW112R_awnNWsS-uxaX35nAZeppwQ0oFbkqix18P1o=423">
<span>
<strong>Fairmont Federal Credit Union Data Breach Hits 187,000 in West Virginia (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fairmont Federal Credit Union has informed over 187,000 individuals about a security breach in 2023 that exposed sensitive information, including financial, medical, and personal data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fgoogle-confirms-hackers-gained-access-to-law-enforcement-portal%2F%3Futm_source=tldrinfosec/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/Y4AbLFe80ww9OuIS_ONkU4sqkGmVq9BpM6POWtFyI9I=423">
<span>
<strong>Google confirms hackers gained access to law enforcement portal (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google confirmed hackers from the "Scattered Lapsus$ Hunters" group created a fraudulent account in its Law Enforcement Request System (LERS), used worldwide by police to submit data requests, though no requests were made and no data accessed before the account was disabled.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/hnaRPwR6WII4KqmYUn91hTLG0DfWet5VuIqkYuYxhJU=423" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/kpYtk_7w4dMVGZNCrSfh88kQYXjIOC089uz-D0rKYtc=423" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/c-1Hi_y6oxoTEGOduqgw6nR--e2RWy61R3wJsjtfkIA=423"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/Oxu5wMi0pZ9fb8oDi6A8wMz2KhHF9ceCVqk95_2ONSM=423" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/JiJgkvKyCczteG58wE00bTNeEgQMeupCcEgvtg4rLHE=423"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/jH93CqYx2cIKfAj3eggWidAjAD3vkRK7ESTmyz7AFw4=423"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/uAYO_2A862rCO4RMVaJacINK5j7PywAtmz1SoUqGMOE=423"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/6jA-4rnAIwYuJAuEO1i6p39riz2khFnU1PQ1x1rPEr8=423">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b391e6ac-92bb-11f0-a238-af73a6e8a7c3%26pt=campaign%26pv=4%26spa=1758027683%26t=1758027990%26s=c95aa198eaaa44ef3dd5302e26a0637bc637af465e96beb70f9938d5c5a408bf/1/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/SrSJ8u4xFvOkeLfpanXgIcLcoJeUGBnpA1bqtPVTkFo=423">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019952a24736-f6e97cb3-7de7-41eb-b87c-c7f6331cb1e8-000000/tw4hsKy6ceHY5w4oypk70tQAf8WvYD3iTdCO1pZxrT4=423" style="display: none; width: 1px; height: 1px;">
</body></html>