<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Threat actors uploaded two malicious packages, sisaws and secmeasure, to PyPI that typosquat legitimate libraries and deliver the SilentSync RAT </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/pL6ebRXvqCU_7emR7hheSTXvrIEATQ2Q7o_fjNN7_-Q=423" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/oDCMoYECufjq2fypGT1Dnjshk26_KXuxhMbaPJK-6is=423" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d0624988-986b-11f0-8b56-61a8b8b1a938%26pt=campaign%26t=1758632807%26s=6c2b08abb62b0fefffbbbfb5638ea6ffedb9c614da8543fa89c97ff575a92267/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/3MvnWmz14u6eZPY9cWZhsTYYEjq5Z1Es7vryHt1UVmM=423"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/hXMvDtaEjkW_gS5ejqsbk6XqBBqyPV0fRrx0sWzN0EY=423"><img src="https://images.tldr.tech/threatspike2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="ThreatSpike"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-23</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/2/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/3iDw-1peV5Sk6B4Uq3Fba-UZvyB4GG27bAdeQuuDLDA=423">
<span>
<strong>ThreatSpike Red: Unlimited Pen Testing. One Flat Fee. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Paying day rates for pen testing? You know it's a broken model.<p></p><p>With <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/3/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/eIxft3myWzK72-bH32hZwYVJIfOtPZ-ROJj1bHjeZ6Y=423" rel="noopener noreferrer nofollow" target="_blank"><span><strong>ThreatSpike Red</strong></span></a>, you get <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/4/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/CYpLBMcl6vykrO7MLlfiVjqJax2T6WBsSd8kEykFE7c=423" rel="noopener noreferrer nofollow" target="_blank"><span>unlimited, human-led testing for a fixed fee</span></a> — so you can test what you want, when you want, as often as needed.</p>
<p>Red team simulations? Yep. Source code review? Included.</p>
<p><strong>Used by over 200 companies in 90 countries, ThreatSpike is CREST-certified and 5★ rated.</strong>
<br>✔ No scoping delays
<br>✔ No per-test limits
<br>✔ Always-on offensive security</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/5/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/A-eBXtYaojgM8ufv5z9LxjVAfwkiWLAh0pXvknxFLQI=423" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Start pen-testing on your terms.</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fmalicious-pypi-packages-deliver-silentsync-rat%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/ht6ifrioFxA5DcVOvJSLZyJZYKIbkrY8fT6EnAPV8K0=423">
<span>
<strong>Malicious PyPI Packages Deliver SilentSync RAT (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors uploaded two malicious packages, sisaws and secmeasure, to PyPI that typosquat legitimate libraries and deliver the SilentSync RAT. This malware is downloaded from Pastebin and maintains persistence through registry keys, crontab modifications, or launch agents, depending on the operating system. SilentSync communicates with a hardcoded C2 server at 200.58.107[.]25 over HTTP and steals browser data, including credentials, history, autofill data, and cookies from Chrome, Brave, Edge, and Firefox while also enabling remote command execution and file exfiltration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadam.kostarelas.com%2Fblog%2Fgithub-macos-malware%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/_wTm0r7fAEX_hfAVgkm_e6qC30ekrte_8Mwz0qKdK4E=423">
<span>
<strong>GitHub's Reputation Being Exploited by Bad Actors to Distribute Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher explains how they discovered a macOS malware campaign spreading through SEO and GitHub links disguised as a legitimate app. The GitHub page appears legit, featuring a demo and an install command for Terminal. This command downloads malware and clears all xattrs. The page also hosts a dmg with an obfuscated osascript that executes a second script to remove quarantine and run stackprep.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWio2rU/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/PCuyn3QFJE2sXmFxk9I08OXkCzLn3wKzQdWd_cBHzfQ=423">
<span>
<strong>Stellantis Detects Breach at Third-Party Provider for North American Customers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Automaker Stellantis disclosed that a third-party service provider's platform that supports North American customers was breached. Stellantis stated that the exposed data included only basic contact information and not financial information.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzensec.co.uk%2Fblog%2Funmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/Eg2mvgB_uycBrRma8QQGc0mIFCfuJRTUws8ufYpokYI=423">
<span>
<strong>Unmasking Akira: The ransomware tactics you can't afford to ignore (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Based on ZenSec's analysis of over 30 Akira ransomware incidents from 2023 to 2025, the group primarily exploits SSL VPN vulnerabilities (Cisco ASA, SonicWall, and WatchGuard) through missing MFA and unpatched CVEs, then leverages Veeam backup system vulnerabilities for privilege escalation and credential harvesting. Akira operates as a double-extortion group, stealing data via tools like WinSCP and Rclone (often within 3 hours), then encrypting systems at the hypervisor level while using AnyDesk for persistent access. The group targets backup infrastructure for destruction, publishes stolen data via Tor-based leak sites using torrent links, and demonstrates a playbook-driven approach similar to the defunct Conti ransomware operation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fblog%2Fcontinuous-profiling-fourth-pillar%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/c0-SnEpesI32fIIcnx6rHYLthabL5FxWPf8bZeEN1Qk=423">
<span>
<strong>Why Continuous Profiling is the Fourth Pillar of Observability (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Early profilers focused mainly on CPU and needed manually compiled binaries, which caused high performance overhead. Today, profiling has a lower impact and offers diverse signals that can be automatically collected continuously. OpenTelemetry introduced a new category for continuous profiling and considers adding it as a fourth pillar.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fhow-to-automatically-disable-users-in-aws-managed-microsoft-ad-based-on-guardduty-findings%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/0JCD1_SlWRKlIeoFVep8618WgjnVZW1thM3l6DoBKBo=423">
<span>
<strong>How to Automatically Disable Users in AWS Managed Microsoft AD Based on GuardDuty Findings (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Automatically disabling compromised user accounts helps organizations reduce attack fallout. This tutorial demonstrates how to utilize GuardDuty for detecting suspicious activity, triggering an AWS Step Function to retrieve user information, and subsequently disabling the account in AWS Directory Service for Microsoft AD. The last step can also be done on a domain-joined EC2 instance if an organization doesn't use AWS Managed AD.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/-9Cxge0hcBzcKwPWEAytviLwFdZ7iMF2MC3O4XUoM9A=423">
<span>
<strong>Ebook: Securing AI at the endpoint (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
On-device AI has huge benefits, but it also creates new attack paths. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/NFp8NfL3uPjiENb--YddQfu24zIrrkZKBm3BvMZv-iU=423" rel="noopener noreferrer nofollow" target="_blank"><span>Dell and Intel's new eBook</span></a> explains how to position your organization securely to take advantage of AI innovation at the endpoint - including risks to watch out for, attack countermeasures, and best practices for your fleet. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/2/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/sxFhCMGWIpIFmFMbu8dcrxMGrwhgs_vKhhOse_iSSaA=423" rel="noopener noreferrer nofollow" target="_blank"><span>Read the ebook (PDF, ungated)</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FCyb3r-Monk%2FMicrosoft-Vulnerable-Driver-Block-Lists%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/pp3B8EcGD7hYsdjZnYgvL-tosG01AAtrRdx2i378JKE=423">
<span>
<strong>Microsoft-Vulnerable-Driver-Block-Lists (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft no longer provides the vulnerable driver block list in a browsable web page, making it harder to access directly. Instead, the list is only available as a downloadable ZIP file, which complicates its use in SIEM products for lookups and other functions. This project automates the download, extraction, and parsing of the ZIP file, converting the data into CSV and JSON formats for seamless integration with SIEM and security tools.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fopen-policy-agent%2Fregal%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/ofUCr5QwHOPvCF6CX9mfnLzTjP1jKKztMpR-fUpY3zg=423">
<span>
<strong>Regal (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Regal is a linter and language server for the Rego policy language.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fstacklok%2Ftoolhive%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/JV6w72vLPxX6ONBdEEz8fG_d1EK6IMwx6r8LH1FJMOM=423">
<span>
<strong>Toolhive (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Toolhive provides a method to quickly deploy MCP servers that run in isolated containers for added security.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmicrosoft-entra-id-flaw-allowed-hijacking-any-companys-tenant%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/aUmkgAoZsiQ-35wbYw_hoFtfy4wCVGHnJy4k6KC9Yw8=423">
<span>
<strong>Microsoft Entra ID flaw allowed hijacking any company's tenant (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researcher Dirk-jan Mollema found a critical flaw that combined undocumented "actor tokens" from Microsoft's legacy Access Control Service with a bug in the deprecated Azure AD Graph API. This flaw allowed complete takeover of any Microsoft Entra ID tenant with Global Admin rights. The attack exploited unsigned actor tokens that bypass security, generate no audit logs, and stay valid for 24 hours without revocation, letting attackers impersonate users. Microsoft patched the vulnerability CVE-2025-55241 within nine days of disclosure in July. The flaw highlights ongoing risks from legacy authentication systems lacking modern security controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FmRm9aE/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/FkVfAcx9ZlxzPHX4WH18rZWBRcOgNJVA1MnL1XU_Dx0=423">
<span>
<strong>FBI warns bad actors are spoofing the IC3 cybercrime reporting website (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI warns that cybercriminals are creating fake versions of its Internet Crime Complaint Center (IC3) website to steal personal information from victims attempting to report cyber crimes. The spoofed sites use misspelled URLs, alternative domains, and poor graphics to trick users into entering sensitive data, including names, addresses, phone numbers, and banking information. Users should verify they're on the official IC3 site by ensuring the URL is exactly "www.ic3.gov" with HTTPS and avoid clicking on sponsored search results that may redirect to fraudulent sites.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Ftelecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/AHpsM4eV9xSjMDYt86OPBFiFTR23hBIgNT7eg6vrrGo=423">
<span>
<strong>Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AT&T's CISO states hackers use Salt Typhoon's tactics like targeting unprotected platforms, exploiting logging gaps, and using legitimate tools for "living off the land" attacks. The Chinese group's success has inspired threats to target weak spots beyond traditional security, with attackers chaining exploits due to stronger defenses, prompting innovation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.casino.org%2Fnews%2Fteen-suspect-surrenders-in-2023-las-vegas-strip-cyberattack-case%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/wJV22v2137-TRAV5WIPbN8gEKZ2PTWeLy1aGAnFSui0=423">
<span>
<strong>Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A teenage suspect linked to 2023 cyberattacks on MGM Resorts and Caesars surrendered to Las Vegas police, facing six felony charges, including extortion and identity theft.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsoftware%2Fmozilla-now-lets-firefox-add-on-devs-roll-back-bad-updates%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/hKzjT3BVAw_LSjUNu8h4EqPckUDjoKb_wV0ieRCRoG8=423">
<span>
<strong>Mozilla now lets Firefox add-on devs roll back bad updates (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mozilla has introduced a new rollback feature that allows Firefox extension developers to revert to previously approved versions when critical bugs occur, with users automatically receiving the rolled-back version within 24 hours through Firefox's update mechanism.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fai-forensics-europol-track-children-online-abuse-case%2F%3Futm_source=tldrinfosec/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/Rsd0Z2vk9OBXv0auIsjrcif4VVlNZl3DcC_yU-l_btk=423">
<span>
<strong>AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Europol led an international operation across 18 countries using AI-driven forensic tools to analyze over 5,000 pieces of child exploitation material, resulting in the identification of 51 child victims and 60 suspects facing criminal proceedings.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/pL0W4Jzn3bZtxM_BMcTgFcCRSrDETKa6zzLFFcFBMtk=423" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/W9Oa3CXFFEq0ksBrL3NfQs53QYZrYz6xC27wfmfjz-s=423" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/i1SsECxfEE8R-bd62_WJJ0CSLNaw6stIsjScHi7liQg=423"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/pB4n-50_Ti970TuTm8wWrnLh_0wCXQ86SaPrlaJ2zyM=423" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/uig4gvWfCUPOJrR2bYlwnERNa2CAjI44jh2QcVbmrFU=423"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/4YcwSupQOsedjXknxpj2GQ14BMXFNuo_o2TqXdP_iqU=423"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/lmeW3Slx8kZtAng17_Ib_0milmFcCehmJ_YMCF6jHj0=423"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/o1VZU6PLMjoBcVGXZcBb_wT67TeumM05HsFecY5tQEw=423">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d0624988-986b-11f0-8b56-61a8b8b1a938%26pt=campaign%26pv=4%26spa=1758632494%26t=1758632807%26s=162b7ee46f64b3bbe51ad9f79049577b172c5f19aeba78fd9a24d89f142b9407/1/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/eP2vEDndN_JqQN3PwuGV21EjA2QhNCGAz8LgtaBWgmY=423">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019976af0baa-be020f3c-deb8-4361-a7cf-2ec23d88f00c-000000/7oLYSbuUIG2TiHdXE0ZVRpAMEe96aKZHZItsIgdL-fc=423" style="display: none; width: 1px; height: 1px;">
</body></html>