<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Cisco has released security updates for CVE-2025-20352, a high-severity zero-day vulnerability in IOS and IOS XE software β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/cZ4dnw_46R7SxmcufYZoLgDCQ4VTIc8z59KnlCfEPbQ=424" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/9Ndke22RmeuKH0CC17x9vIEzh0UX-NW0-gCvPpgXwe8=424" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ea97cad2-99cc-11f0-8e5e-89b1c215602d%26pt=campaign%26t=1758805666%26s=117ac9b0010be1413df5ead5d584347dfd010541192b3b9c427b3d90287cc6ef/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/ZcZaQmP1gjQTEVFqcu6dAtCy-U47VJ6r1uYJs79Hcs4=424"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fvantacon%3Futm_campaign=vantacon-2025%26utm_source=tldr-infosec%26utm_medium=newsletter/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/voCrrij8lP4xafeAB76pTxHrFcU4xXKD_mTRdbSFfD4=424"><img src="https://images.tldr.tech/vanta50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Vanta"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-25</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fvantacon%3Futm_campaign=vantacon-2025%26utm_source=tldr-infosec%26utm_medium=newsletter/2/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/A7If3Ggp8Hc5dW7I5RUyLOCpf1crH82MQsbt9qW2zUo=424">
<span>
<strong>VantaCon: Join the event in-person or virtually this November (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is fast transforming every aspect of security and complianceβand no aspect of GRC will be left unchanged.<p></p><p>This year at <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fvantacon%3Futm_campaign=vantacon-2025%26utm_source=tldr-infosec%26utm_medium=newsletter/3/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/1G4JViuTeFJKw3Ee9-4iVVppOMYs22tN5szmiE5LfrE=424" rel="noopener noreferrer nofollow" target="_blank"><span>VantaCon</span></a>, join Vanta for a full-day GRC community event!</p>
<p>Be the first to hear exciting product announcements, discover how industry peers and leaders are preparing for big changes while uncovering unique opportunities for growth, and take part in new breakout sessions designed for collaborationβnot just on what's next for GRC, but how we'll write its future together.
<br>
<br>Join Nov 19 live in San Francisco or virtually to:</p>
<ul>
<li>Hear from the GRC and security leaders shaping the industry</li>
<li>Network with the best</li>
<li>Help write the future of GRC</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fvantacon%3Futm_campaign=vantacon-2025%26utm_source=tldr-infosec%26utm_medium=newsletter/4/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/0I4Aa1HY08ptx2dFRxr5M9FVq758CS_2lutdtcmbNZw=424" rel="noopener noreferrer nofollow" target="_blank"><span>Grab your ticket here.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcisco-warns-of-ios-zero-day-vulnerability-exploited-in-attacks%2F%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/0ZZwiHUHbRKOUmzrBWPpN-U3PT2rbBztXw9OAoCJGr0=424">
<span>
<strong>Cisco warns of IOS zero-day vulnerability exploited in attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cisco has released security updates for CVE-2025-20352, a high-severity zero-day vulnerability in IOS and IOS XE software that's being actively exploited in the wild. The flaw stems from a stack-based buffer overflow in the SNMP subsystem, allowing authenticated attackers to trigger DoS conditions or achieve root-level code execution on vulnerable devices. Cisco strongly recommends upgrading to patched versions immediately, as no workarounds exist beyond limiting SNMP access to trusted users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2Fstate-sponsored-hackers-exploiting.html%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/Yjo6OerxqUIj3iSbmmH5JK_bTRntVdyrldrY5A2X_SU=424">
<span>
<strong>State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Libraesva has patched CVE-2025-59689, a command injection vulnerability in its Email Security Gateway with a CVSS score of 6.1, after discovering state-sponsored threat actors were actively exploiting it. The flaw can be triggered by malicious emails, allowing attackers to execute commands on the affected system. Organizations using Libraesva ESG should immediately apply the available security update to prevent exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FgMcudc/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/8akPcyrpNRrLCYpAaLWF62gSKn3FBVYbrRLV-g5d1DA=424">
<span>
<strong>Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers created fraudulent GitHub Pages impersonating over 100 companies (including LastPass, 1Password, financial institutions, and tech firms) using SEO to rank high in search results and trick Mac users into downloading fake software installers. The malicious sites redirect victims through multiple layers to ultimately execute a terminal command that downloads Atomic Stealer malware, which harvests credentials and sensitive data from infected systems. The campaign leverages trusted GitHub infrastructure and creates multiple backup repositories under different usernames to evade takedown efforts while targeting a broad range of high-value software applications.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexploit.az%2Fposts%2Fwor%2F%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/z0TF7LDghTpHNno47JEFU4j2cLgqqsRfHOhTRBb-w5I=424">
<span>
<strong>ReDisclosure: New technique for exploiting Full-Text Search in MySQL (myBB case study) (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers have discovered a new regular expression (regex) injection method that exploits MySQL's Full-Text Search (FTS) boolean mode operators to bypass input sanitization. This technique utilizes characters like * and +, which have different meanings in FTS versus regex. The attack extracts sensitive data without breaking SQL syntax, demonstrated in CVE-2025-48941 in myBB, where attackers could enumerate deleted thread titles by observing search redirects instead of error messages. This is risky because FTS functions are often unsanitized, as developers don't view them as regular expressions, and the payloads can evade WAFs and security scanners.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbughunters.google.com%2Fblog%2F4684191115575296%2Fproject-rain-l1tf%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/9b481qkD9FhC1fWHc0oY6wlRdZ0ZprF_WI8k3PNH7hA=424">
<span>
<strong>Project Rain:L1TF (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
L1TF Reloaded is a complex attack chain that uses half-Spectre gadgets to load data into L1 cache and L1 Terminal Fault to read cross-VM secrets via kernel data structures, breaking KASLR and extracting TLS keys. Google responded with Address Space Isolation (ASI), removing sensitive memory from kernel space during VM execution and mapping it during controlled transitions with buffer clearing. The attack highlights how speculative execution vulnerabilities can bypass privilege boundaries in virtualized environments, emphasizing the need for comprehensive architectural defenses beyond piecemeal mitigations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fbookworm-to-stately-taurus%2F%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/MoVoCMKD_9JynZxuxMF4ZhA-Hrt6aaNmur4OGfWnxZw=424">
<span>
<strong>Bookworm to Stately Taurus Using the Unit 42 Attribution Framework (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Palo Alto Networks' Unit 42 linked the Bookworm malware family to the Chinese APT group Stately Taurus by analyzing shared artifacts, including PDB paths, infrastructure, and targeting of Southeast Asian governments. Using the Admiralty System, they scored evidence reliability, reaching a confidence score of 58.4 based on toolsets, victim profiles, timelines from 2015-2022, and environment fingerprints. This case shows how structured attribution enables evidence-based threat actor identification, improving cybersecurity intelligence.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fsignup%3Ftrk=strongdm-newsletter-trial%26utm_source=strongdm%26utm_medium=newsletter%26utm_campaign=2026-q3-tldr-newsletter%26utm_content=trial/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/h3SnE9Nl9kglC1pe8e8hn34QLcxaEscZkn5eKgH5j4Q=424">
<span>
<strong>IAM stops at login - attackers don't. See how StrongDM governs what happens next (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Legacy PAM can't enforce in-session commands, and developers bypass controls that block productivity. Meanwhile, attackers exploit these gaps to escalate privileges and move laterally. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fsignup%3Ftrk=strongdm-newsletter-trial%26utm_source=strongdm%26utm_medium=newsletter%26utm_campaign=2026-q3-tldr-newsletter%26utm_content=trial/2/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/Guazne_25USuwSPIpIl_jQsXFPp5ot8YJkGVq4-ofF4=424" rel="noopener noreferrer nofollow" target="_blank"><span>StrongDM delivers continuous action-layer authorization</span></a> across cloud-native and ephemeral environments. Zero standing privilege, protocol-native coverage of 100+ resource types, and just-in-time access that doesn't frustrate developers. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fsignup%3Ftrk=strongdm-newsletter-trial%26utm_source=strongdm%26utm_medium=newsletter%26utm_campaign=2026-q3-tldr-newsletter%26utm_content=trial/3/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/woWNjvcRoEC0f3dqfRmpyIIjMGovtlYpR0Jah_DkBc8=424" rel="noopener noreferrer nofollow" target="_blank"><span>Start your 14-day free trial</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fspartancyberultron%2FWAF-Copilot%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/xoZh6RXtq-EITdqheHji_PjlmjBXp0kvBeDSTa50QC8=424">
<span>
<strong>ZAPISEC WAF-Copilot (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ZAPISEC WAF-Copilot is an AI-driven security framework for web applications. It offers a highly configurable and streamlined vulnerability assessment process using AI engines, CVE data correlation and organization, continuous monitoring supported by a database, and a simple, intuitive user interface.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F1upbyte%2FDevious-WinRM%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/1LEd1-RDOzsvhe5t7q9W_HX8hm8RTQFhEafdB0Ti6cE=424">
<span>
<strong>Devious-WinRM (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This tool allows server access via WinRM or PowerShell Remoting, with features for capture the flag and penetration testing. It was developed to address limitations in tools like Evil-WinRM and to contribute to open-source security. Devious-WinRM, built on PowerShell Remoting Protocol, uses WinRM but needs fewer permissions, especially in basic Active Directory environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fkali-linux-20253-released-with-10-new-tools-wifi-enhancements%2F%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/JV5iApBWsaXG5xNGhaQxwxvAMKatDCaq9oV4eQDguFM=424">
<span>
<strong>Kali Linux 2025.3 released with 10 new tools, wifi enhancements (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kali Linux 2025.3 introduces ten new security tools, including Caido web security auditing toolkit, krbrelayx Kerberos exploitation framework, and AI-powered tools like Gemini CLI and llm-tools-nmap for LLM-based network scanning. The release adds Nexmon firmware patching framework support for enhanced Wi-Fi capabilities on Raspberry Pi devices, including Pi 5, enabling monitor mode and frame injection for wireless security testing. Additional updates include Kali NetHunter improvements with Samsung S10 support, CARsenal car hacking features with new UI, and experimental Magisk kernel module installation capabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fbrickstorm-espionage-campaign%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/nW3_OnqsDzDY8eApiBvYB-9De3SU6i4BvecSh_I2A28=424">
<span>
<strong>Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
China-nexus threat actor UNC5221 uses BRICKSTORM backdoors on network appliances and VMware infrastructure to maintain persistent access, averaging 393 days undetected. The actor employs sophisticated tactics, including VM cloning to extract credentials offline, credential harvesting via BRICKSTEAL servlet filters, and legitimate tool abuse to access M365 mailboxes and secret vaults. Organizations should inventory unmonitored appliances, hunt for unusual internet traffic from management interfaces, and monitor for VM cloning activities and suspicious SSH enablement on virtualization platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcisa-says-hackers-breached-federal-agency-using-geoserver-exploit%2F%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/O6HZCUMzF_qkvKKfFkvTzDNXSHPTQeXKPcEfG0RHikc=424">
<span>
<strong>CISA says hackers breached federal agency using GeoServer exploit (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers exploited CVE-2024-36401, a critical GeoServer RCE vulnerability, to breach a US federal agency. They maintained access for three weeks before detection. The threat actors deployed China Chopper webshells, moved laterally to web and SQL servers, and used brute force techniques for privilege escalation and credential harvesting. Organizations should prioritize patching critical vulnerabilities in CISA's KEV catalog and ensure continuous EDR monitoring, as over 16,000 GeoServer instances remain exposed online.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4061929%2Fsolarwinds-fixes-web-help-desk-patch-bypass-for-actively-exploited-flaw-again.html%3Futm_source=tldrinfosec/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/vSRlms2Rb5o_W6iyCdpxWVqlCTqbwFQ-Y9PM72rSizY=424">
<span>
<strong>SolarWinds fixes Web Help Desk patch bypass for actively exploited flaw β again (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SolarWinds issued a third patch for the critical Java deserialization vulnerability in Web Help Desk, CVE-2025-26399 bypasses CVE-2024-28988, which bypassed the original CVE-2024-28986 flaw. This CVE affects the AjaxProxy component, allowing unauthenticated remote code execution. Trend Micro researchers found each patch bypass. Experts warn that patch bypasses are common with blacklist approaches and predict that this could be exploited, given its history of active exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fncg0IY/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/u-ObKnM_QZ1KOQgAec-G7gadZ9znXoJlnoGAS0-oNKs=424">
<span>
<strong>CISA, GitHub take action after massive NPM supply chain compromise (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA issued an alert with eight remediation tips after the Shai-Hulud worm compromised 500+ NPM packages by stealing GitHub tokens and cloud credentials. GitHub responded by enforcing stricter authentication, including mandatory 2FA for publishing and switching to trusted methods with short-lived tokens.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FMjaw4Q/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/wNQ4GptgPR8TKxxxl1a_soF4GTQX59uR1HaNqhvtLJ0=424">
<span>
<strong>Hackers claim German aviation firm, leak customer data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The J Group ransomware gang claims to have breached FAI Aviation Group, a German charter operator, stealing nearly 3TB of sensitive data, including patient records, employee documents, audit files, CVs, and passport copies, and threatening to sell the data after failed ransom talks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FSJh4UU/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/spQ9HRaZwcERt0y7454BWige_PlN4AZNkcE33poA0ck=424">
<span>
<strong>Pokemon fans beg creators to sue the US govt for "gotta catch 'em all" ICE propaganda (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Department of Homeland Security (DHS) made a viral video with PokΓ©mon images, music, and the "Gotta Catch 'Em All" slogan to promote ICE raids, showing detained immigrants as PokΓ©mon cards and outraging fans who called on Nintendo to sue for unauthorized use.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/d2MgRAPxhu3yE7RCNOMZI02OiwvGUXJZz2pu--fgvaM=424" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/Pc0vHrxHM7KwnX4sIskeOYQcuxKkwOntCskZQDmY-3I=424" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/vMn9xE2s8q7Fx9dnnJQR9BYsrDIKK4dsSfo0Xto-7qE=424"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/A4eOVzuhttgPLrvfSXZ8IRUVtpPg84Lo-BRvZjzSW5o=424" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/L-KFwLlE6tBWcdNNY1wRui3QeNdLMpF0vyt9gYrSLzk=424"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/I-4JaWvA8DH2sXdfbdcolfOyYHw_588cg74CFAajjeM=424"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/gU-Yv27lUKW5ME7IAhjFpi0beoqSqC4_SqiIjZseh7A=424"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/Tp1sNOg0U7DPc3KZrh5pIVk0UVoUf_KBKr4FHBOXtHk=424">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ea97cad2-99cc-11f0-8e5e-89b1c215602d%26pt=campaign%26pv=4%26spa=1758805317%26t=1758805666%26s=e28584bdff830bbd5a6729451fcf1b7693cdcce9a1e810a58c3d4382f2b5ff47/1/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/K6GM9W0L1qH4WIQjlqEb-wsAvUBdQGAgz2ow8FKNWVI=424">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019980fca962-06becece-0a53-4f03-b06b-55ac75553cc8-000000/00WZlJ7JwozmiXU7qDtyUroRjK8ZRgEoBuclC0mrpq4=424" style="display: none; width: 1px; height: 1px;">
</body></html>