<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A supply chain attack compromised 40+ npm packages from multiple maintainers, injecting malicious bundle.js code that downloads TruffleHog β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/0uN-z5ql6PEJfNv5TTIntT_oJFulYfj2S2aU0BIvztw=423" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/-YjR3Om5yVwFPiivmbPHGHFrPmNH8blxdVPHCJ_aB8Y=423" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3bf8693c-937d-11f0-87c3-cfafddecb108%26pt=campaign%26t=1758114369%26s=10e9170019696c9264b523ec2dd03fa36b0b9d9c01768fc7b8cf7c724c3dc7c8/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/yMTNNtmtY07wU9Qg8uPONm1u5P1dBn3K3Z3q5y7NeUI=423"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/fP-d42sYmdpT2ss195kv5ZuSgOyUDF7l0VCjsSLYPk4=423"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/2/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/5-zpSr74L5rx1KRG8XLxalw5y-EDp5w3BCkBmEeoa48=423">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing has gone beyond email. Today's attackers use AI-generated voices, videos, and interactive deepfakes of company executives. They can fool almost anyone - including you and your coworkers.<p></p><p>Backed by <strong>$55M+ in funding from OpenAI and a16z</strong>, Adaptive Security is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/3/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/9bL1-wFNF8Fgss_UPE7ooZA-xBJkyTi8qFdMcLBSdng=423" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive keeps employees on their feet with tools such as:</p>
<ul>
<li>Deepfake phishing simulations of company executives in real-world attack scenarios</li>
<li>Interactive, customizable training content tailored for each employee (500+ resources)</li>
<li>AI-driven risk scoring that factors in your publicly available data adversaries can exploit</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/4/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/zPCZED0KmfuH3NTis6eaeyDKpb3zixRvM0a1G44UsUw=423" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>to chat with a custom interactive deepfake of your boss</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/qroCMTA29mj6hSLD2tCa-YSRulEB0oqz_iX_bxA_iLc=423" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a self-guided tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-phoenix-attack-bypasses-rowhammer-defenses-in-ddr5-memory%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/Pw9hL3zJ5uAO5UPepl-a-qzKtYk5ByjhrVOY3vAbNCo=423">
<span>
<strong>New Phoenix attack bypasses Rowhammer defenses in DDR5 memory (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Phoenix attack bypasses Target Row Refresh (TRR) protections in DDR5 memory from SK Hynix by exploiting specific refresh intervals not monitored by existing mitigations using patterns spanning 128 and 2608 refresh intervals with self-correcting synchronization. The attack successfully triggered bit flips on all 15 tested DDR5 memory chips and demonstrated a privilege escalation exploit that gained root access in under two minutes, proving that on-die ECC protection is insufficient as bit flips accumulate over time. Tracked as CVE-2025-6202 with high severity, Phoenix affects all DIMM modules produced between January 2021 and December 2024, with the only current mitigation being to triple the DRAM refresh rate, which may cause system instability and 8.4% performance overhead.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2F40-npm-packages-compromised-in-supply.html%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/ZMz9wH1dfv914UmTV6DzYrgR3amMn27uepxEzrwHfbI=423">
<span>
<strong>40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A supply chain attack compromised 40+ npm packages from multiple maintainers, injecting malicious bundle.js code that downloads TruffleHog credential scanner to search developer machines for secrets like GitHub tokens, AWS keys, and npm tokens. The attack automatically trojanizes downstream packages and exfiltrates stolen credentials to attacker-controlled servers while also creating persistent GitHub Actions workflows that continue harvesting secrets from CI pipelines. A separate phishing campaign targeted Rust crate.io users with fake security emails from rustfoundation.dev attempting to steal GitHub credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-filefix-attack-uses-steganography-to-drop-stealc-malware%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/Onkx99195S9yqFm8K9bddjaTy9Snm_6VzQx1YXAaKUk=423">
<span>
<strong>New FileFix Attack Uses Steganography to Drop StealC Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at Threat Research Unit Acronis discovered a new FileFix campaign that leverages a multi-language phishing page that poses as Meta's support team warning victims that their account will be deleted if they don't view an incident report. The victim is prompted to copy a file path into Windows Explorer, which contains a PowerShell command that downloads an image that includes an embedded script that downloads the StealC infostealer. The malware then steals credentials and authentication cookies from browsers, messaging apps, cryptocurrency wallets, cloud credentials, VPNs, and gaming apps. It features the ability to take screenshots of the desktop.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fnpm-supply-chain-compromise-brian-fox-sonatype-op-ed%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/6pph2Qh6XmrAAUM8tWrOyzWHv_kjz_CJzHt2FMFdoo4=423">
<span>
<strong>When 'minimal impact' isn't reassuring: lessons from the largest npm supply chain compromise (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers successfully compromised 18 popular npm packages with over 2.6 billion weekly downloads by phishing a maintainer with a fake npm support email requesting two-factor authentication updates, then injecting cryptocurrency-hijacking malware into packages like chalk and debug. Although the malicious versions were detected within minutes and only netted about $20 in stolen cryptocurrency, millions of developers downloaded compromised packages during the brief window, highlighting the fragility of open-source infrastructure and the massive potential blast radius of supply chain attacks. The author warns against the "minimal impact" narrative that downplays such incidents, arguing that each successful package takeover should trigger the same urgency as a zero-day exploit, given the thousands of engineering hours required for cleanup and the growing threat of package takeovers by advanced persistent threat groups.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffluxsec.red%2Fhells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/MGzdO0k-yYhEul_VZkwao1jKWXyrMbIrXbs0EmfMSvU=423">
<span>
<strong>Hells Hollow: A New SSDT Hooking Technique (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Alt Syscalls is a highly undocumented feature of the modern Windows kernel that allows for alternative system call handling. This post demonstrates a new attack called Hells Hollow, where an attacker can hook and modify the actual KTRAP_FRAME of all syscalls to disable Event Tracing for Windows (ETW) logging on a device. The attack first obtains the address of the trap from the KTHREAD, modifies the _KTRAP_FRAME, and then modifies the syscall return value.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fshai-hulud-npm-supply-chain-attack%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/PvL0F429OJMyMZKmTq86w4DYRhdGxakDqjWpJBuWkqs=423">
<span>
<strong>Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A sophisticated attack on the npm ecosystem emerged on September 16, where malicious packages spread a worm capable of stealing secrets like GitHub tokens, API keys, and environment variables from developer environments. The malware self-propagates by publishing infected versions of any packages it encounters, broadening its impact across the npm registry. Attackers used these credentials to leak sensitive data to public repositories and trigger harmful GitHub Actions, risking the exposure of private source code and credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/ZdyfOGWML4NtRbyHvc6VOdDgbX7KWRqrgNomcdlmd7c=423">
<span>
<strong>How to secure on-device AI workloads (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is transforming productivityβbut it's also expanding the attack surface. Learn how to build a resilient endpoint strategy that supports on-device AI innovation without compromising data integrity. Develop and deploy AI models on a secure, modern foundation with the latest Dell and Intel AI PCs. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/zYXp6ump1gouoEF_6ojp7CJ-FVq8p7ppUkLyZ0DTSJA=423" rel="noopener noreferrer nofollow" target="_blank"><span>Get the eBook: Endpoint Security for AI</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FTwoSevenOneT%2FWSASS%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/yJgbOionsU0nAw7baqughQEwhw0Y-7JLsvOnVax0dN4=423">
<span>
<strong>WSASS (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WSASS is a tool that uses the old WerfaultSecure.exe program to dump the memory of processes protected by PPL (Protected Process Light), such as LSASS.EXE. It outputs in Windows MINIDUMP format.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.remedio.io%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/7IgYHh-zm-OEty0WVYu51Av51EiRy99iTs5WCLae9fU=423">
<span>
<strong>Remedio (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Remedio provides an AI-powered enterprise security platform for real-time device posture management, continuously finding and fixing misconfigurations to improve compliance, reduce risk, and minimize downtime for organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Finterlynk-io%2Fsbomqs%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/rVOeQvFmY6T5U1PL7DRrfs5XZiz33jw1LVH3ZWLcqxk=423">
<span>
<strong>sbomqs (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sbomqs is a tool for evaluating SBOM quality, ensuring compliance, and managing your software supply chain security. From quality scoring to compliance validation, component analysis to vulnerability tracking, sbomqs provides everything you need to work with SBOMs effectively.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.theregister.com%2Ffeed%2Fwww.theregister.com%2F2025%2F09%2F15%2Fcloud_hypervisor_no_ai_policy%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/fHHllPjrrBonxYp5U1J-tWpSnTLrV9Bu2kMvmyKt0o8=423">
<span>
<strong>Open source Cloud Hypervisor adds (maybe futile) no-AI-code policy (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Cloud Hypervisor project introduced a "No AI code" policy in version 48 to decline contributions generated or derived from large language models, citing concerns about license compliance ambiguity and avoiding legal complications from potential copyright infringement in AI-trained models. Project contributors acknowledge the policy may be "futile" since it's challenging to detect AI-enhanced code, with one suggesting mandatory checkboxes in pull request templates to ensure contributors explicitly acknowledge the policy. The latest version also significantly enhances scalability by increasing maximum supported vCPUs from 254 to 8,192 on x86_64 hosts using KVM while adding Windows 11 guest support and inter-VM shared memory features.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fnorth-korea-kimsuky-group-ai-generated-military-ids%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/MHqNluFYaWvy1Jb3CK7pITupHtjk7KW4Vtn7yPHOq6U=423">
<span>
<strong>North Korea's Kimsuky Group Uses AI-Generated Military IDs in New Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korea's Kimsuky hacking group launched a new phishing campaign using AI-generated fake military ID cards with 98% certainty of being deepfakes, moving away from their previous ClickFix tactics to target South Korean defense personnel with realistic-looking military identification documents. The attack begins with emails appearing to come from legitimate South Korean defense institutions containing ZIP files with fake military IDs, which, when opened, trigger malicious batch files and AutoIt scripts that install persistent backdoors disguised as Hancom Office updates. This campaign represents an evolution in social engineering tactics, demonstrating how North Korean threat actors are leveraging widely available AI tools like ChatGPT to create more convincing decoys for their cyber espionage operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fchatgpts-new-calendar-integration-can-be-abused-to-steal-emails%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/Ci5u8vxibd3AaxJhz9q1DHo6bUI4nCyM_u9FMX33d7A=423">
<span>
<strong>ChatGPT's Calendar Integration Can Be Exploited to Steal Emails (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers can exploit ChatGPT's new calendar integration by sending specially designed invites with malicious prompts. If the victim later asks ChatGPT to check their schedule, the AI can be tricked into searching their email and sharing sensitive information with an attacker, even if they didn't accept the invite. Although this feature requires manual approval and is only accessible in developer mode, the risk highlights the dangers of integrating AI with personal data services.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevents.zoom.us%2Fev%2FAoingeLHt_k9DbM2O_-Y5wmgt_YvIL3H9KdYhoA4mQAynOasq6ck~AgdGDrVmBCjNayOG0Kp6NcvyZ5MrMEDrHGaq-vvyAqQ4g8gvYiz9RJB_-HVQlrP-v1EAe_lzEP8E8QegcS40dOn_Cw%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/m1RKl2ydpA4sEjrckDdHJcCtz0QD2ZfcxRLbaaeoJRA=423">
<span>
<strong>Your security tools are multiplying. Your time is disappearing. Here's the escape plan (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Join CTRL/ACT by Axonius - the 2-day virtual conference where you'll tackle fragmented environments, alert fatigue, AI noise, and rising expectations. Earn up to 6 CPE credits. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevents.zoom.us%2Fev%2FAoingeLHt_k9DbM2O_-Y5wmgt_YvIL3H9KdYhoA4mQAynOasq6ck~AgdGDrVmBCjNayOG0Kp6NcvyZ5MrMEDrHGaq-vvyAqQ4g8gvYiz9RJB_-HVQlrP-v1EAe_lzEP8E8QegcS40dOn_Cw/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/uL1FLFkhO29GEZnMnhXPwqWiqoJ5vou8PlQplduxlIo=423" rel="noopener noreferrer nofollow" target="_blank"><span>Save your spot (free)</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-exchange-2016-and-2019-reach-end-of-support-in-30-days%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/gxmcQH5yPhRseck-4iPhiNAL5sC2rQxSqncSmiDtCzg=423">
<span>
<strong>Microsoft: Exchange 2016 and 2019 reach end of support in 30 days (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft warned that Exchange Server 2016 and 2019 will reach the end of extended support on October 14, after which the company will cease providing technical support, security fixes, and timezone updates, and has urged administrators to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition to avoid potential security risks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F09%2F16%2Fsalesforce-launches-missionforce-a-national-security-focused-business-unit%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/oj0nLombar-0rvYgnUmUeDyhTvWMja6NzF0c533_Ivo=423">
<span>
<strong>Salesforce launches 'Missionforce,' a national security-focused business unit (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Salesforce is expanding its national security initiatives by launching Missionforce, an AI-driven unit focused on modernizing defense operations such as personnel management, logistics, and decision-making led by Kendall Collins, to enhance the efficiency and speed of defense organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fchina-ai-pentest-tool-villager-10k-downloads%2F%3Futm_source=tldrinfosec/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/1yHqpZI8c8illw2jqAQrypMgSEcTI806B-R0VzQsDkQ=423">
<span>
<strong>China-Linked AI Pentest Tool 'Villager' Raises Concern After 10K Downloads (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A China-linked AI penetration testing tool called Villager has garnered over 10,000 downloads in two months on PyPI.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/FIAJnXZdA95x23cxKYYMO0JoR3K7FkTMTCS3qooAZ5s=423" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/xNWrEVldL96g8JC-F4jyxU9Q3wXCqomgNWV1HLAYPZA=423" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/wIQy2cSHGSgij3KTeGMef2TjE8S8qrwhoaHnO_o-AtE=423"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/Gu5b2z9dyftICwg5KNZSWfGOIAiMB1VXNz-m594FXwo=423" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/W_zF_pAKUjZJftnM1hanqXVFN2qdXeNqRDg7LvUyXFo=423"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/ONnLD0vt43lJ55U-6nGXmZyxHSiAsXVATTIm3PGrJjI=423"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/YqomA-1iK82wXYP8dAa3uimvY_GsG0CoobmpII80plU=423"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/6natfXwCjKwQz3GUpfwJhlVDA18OhT5kDamJguu57qg=423">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3bf8693c-937d-11f0-87c3-cfafddecb108%26pt=campaign%26pv=4%26spa=1758114062%26t=1758114369%26s=b3895de4982b51d14ba13bc4ca08363cab908e4a07f60ea6ddffac83306e969d/1/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/WIPVzEQLgb0yAUNzzI8dI46in-ZL_luvz8VsV9ABoL0=423">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019957c84f82-193f012a-e018-47b6-a2b1-c5ad918e93a9-000000/FcLHwx0rwDOlEanP07CxPRSATHZIPu-MCh_RHe8lMAI=423" style="display: none; width: 1px; height: 1px;">
</body></html>