<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The Python Software Foundation has warned of new phishing attacks using fake PyPI sites at pypi-mirror.org and previously pypj.org β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/Le2bNKPGvvzhdK__h_7DbXULlK_LBktlA1MP_aIzNN0=424" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/diGjmaWLz0F_lNVV9vvodhQ2BWJnA0hFo0KKpGG4Gb8=424" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=652f3d10-9ac3-11f0-962d-bbec04729904%26pt=campaign%26t=1758891992%26s=9465a6ba77c58d9951bcdbc17c19223a2214e68fdb0f0a0b75a534c39c7ab217/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/FLG6o3PKREXHKHmZLEKFwnvKes4LaqKMNDvyUE_mFzI=424"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fresearch%2Fstate-of-email-report-2025%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=state_of_email_report/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/eLeL4SoR-RtG4Fb-G2INaLbh-JbCF0P_9J-KIy6oR94=424"><img src="https://images.tldr.tech/exclaimer.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Exclaimer"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-26</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fresearch%2Fstate-of-email-report-2025%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=state_of_email_report/2/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/cCLBV1aOVHA_TANNwOddbAdnaG1AOmd9cUkzPMZH4F8=424">
<span>
<strong>Signature sprawl is an IT problemβone worth solving (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IT knows that signatures aren't just a branding issueβthey're a governance gap. <strong>92% of IT leaders say well-managed email signatures build trust</strong>, but <strong>80% still rely on manual methods</strong> like native tools, scripts, or self-service updates. The result: inconsistent formats, compliance risk, and non-stop support tickets. <p></p><p>It's not just any <a class="Hyperlink SCXW55012675 BCX4" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fblog%2Fhow-email-signature-updates-became-it-problem%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=email-signature-updates-it-problem/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/hKHfRQQ1iK1hHolQJZPmYrc6dX8OxSvl9Zi1GORxXXY=424" rel="noreferrer noopener" target="_blank"><span>IT problem</span></a>. <strong>35% of IT teams say managing email signatures is one of their top two time sucks</strong>, right alongside spam filtering and storage management. </p>
<p>Read why IT leaders are bringing signature management into the infrastructure layerβand how automation is helping them move from reactive fixes to strategic control. </p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fblog%2Fnative-email-signature-tools-enterprise-it%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=email-signature-tools-ent-blog/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/PwRUmMvxUSpyE2AesNjr3lDHAmAFHm-kGGO7gb68cJM=424" rel="noopener noreferrer nofollow" target="_blank"><span><strong>β </strong></span></a><a class="Hyperlink SCXW55012675 BCX4" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fblog%2Fnative-email-signature-tools-enterprise-it%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=email-signature-tools-ent-blog/2/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/SbtH_mW94BmsF4aIVv5Ai95FAnfCEvarlmmDOHFvENM=424" rel="noreferrer noopener" target="_blank"><span>Why native tools don't work</span></a></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fresearch%2Fstate-of-email-report-2025%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=state_of_email_report/3/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/yh7IDVp4hR9pG5bxOV877r6eTCgMRgSBJbEhsTuPGNg=424" rel="noopener noreferrer nofollow" target="_blank"><span><strong>β </strong></span></a><a class="Hyperlink SCXW55012675 BCX4" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexclaimer.com%2Fresearch%2Fstate-of-email-report-2025%2F%3Futm_medium=via-campaign-referral%26utm_source=tldr_newsletter%26utm_campaign=tldr%26utm_content=state_of_email_report/4/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/XMQjxgXwgJDG99FN39frqwrFZxznitCuSWSIUE3a8YM=424" rel="noreferrer noopener" target="_blank"><span>Download the full report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpypi-urges-users-to-reset-credentials-after-new-phishing-attacks%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/ij-v_Ex3-PcINYzZMKnXfrKZ_Wc3tiiXif0p7KW6vNc=424">
<span>
<strong>PyPI urges users to reset credentials after new phishing attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Python Software Foundation has warned of new phishing attacks using fake PyPI sites at pypi-mirror.org and previously pypj.org, which aim to steal developer credentials through emails claiming to be part of "account maintenance and security procedures." Threat actors attempt to exploit stolen credentials to compromise published Python packages by injecting malware or publishing new malicious packages on the legitimate PyPI repository. The foundation recommends that users reset passwords immediately if they have been compromised, use password managers with domain-based auto-fill, and implement phishing-resistant two-factor authentication, such as hardware keys.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmalicious-rust-packages-on-cratesio-steal-crypto-wallet-keys%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/QKaNqwS-NIPz2AFotoVhbFK1nKqsTkSPX4fLZ1nXick=424">
<span>
<strong>Malicious Rust Packages on Crates.io Steal Crypto Wallet Keys (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Socket detected two Rust crates hosted on the official crates.io repository that were impersonating the legitimate βfast_log' crate to steal crypto wallets. The malicious crates maintained the original functionality but also contained a malicious payload that scans the victim's environment and project source files for Hex strings that look like Ethereum private keys, Base58 strings that resemble Solana keys, and bracketed byte arrays that might hide keys and then sends them to a hardcoded Cloudflare Worker URL.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fcritical-flaw-salesforce-agentforce%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/0YCp73pIZ64sxsz-0yb7BR48RoYVOlu25DW8fslBAcs=424">
<span>
<strong>Critical Vulnerability in Salesforce AgentForce Exposed (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Noma Security identified a critical (CVSS 9.4) vulnerability in Salesforce's AgentForce platform that could allow for data exfiltration via indirect prompt injection. The researchers demonstrated that attackers could embed instructions in Salesforce's Web-to-Lead forms, stored as customer data, which would trigger an indirect prompt injection when an employee later queried AgentForce. Salesforce fixed the vulnerability by enforcing Trusted URLs and re-securing an expired domain.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4061829%2Fwhat-i-learned-extending-zero-trust-to-the-storage-layer.html%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/8J4228OnwOuDxCBgEihrxSsitvWO6JkvQONzbORmrkg=424">
<span>
<strong>What I learned extending zero trust to the storage layer (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Organizations consistently overlook storage when implementing zero trust, leaving critical vulnerabilities that modern ransomware specifically targets by destroying backups and recovery points. The author outlines three key principles: controlling network access to storage APIs, implementing just-in-time identity management with separation of duties, and using write-once-read-many (WORM) immutability to protect recovery data. Real-world incidents, such as those involving Change Healthcare and Maersk, demonstrate that without zero trust at the storage layer, even comprehensive security strategies can fail catastrophically during ransomware attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fsecurity-automonous-ai-threat-response%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/sXBCIrHBp-3Lf1esUFJy65HKG4-X6q8NUg4V4-3I6AU=424">
<span>
<strong>Contain or be contained: The security imperative of controlling autonomous AI (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybersecurity conflicts now operate at machine speed, requiring the removal of humans from tactical response loops, as AI-driven attacks can manipulate critical infrastructure in milliseconds while human-led security operations take hours to recognize coordinated anomalies. The author argues against focusing on making AI "moral" and instead advocates for AI containment strategies that allow probabilistic AI to operate freely within deterministic control boundaries. This approach involves architecting strict interfaces and "digital moats" around AI systems to maintain accountability while leveraging AI's strategic intelligence for defense against machine-speed threats.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdti.domaintools.com%2Finside-salt-typhoon-chinas-state-corporate-advanced-persistent-threat%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/EKXFRidDKFrZKOxc988f59WB__Fev57NSet7x4cYZVc=424">
<span>
<strong>Inside Salt Typhoon: China's State-Corporate Advanced Persistent Threat (26 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Salt Typhoon is a Chinese MSS cyber espionage effort that targets global telecoms via contractor ecosystems like i-SOON, maintaining long-term access (about 393 days) to US carriers like AT&T, Verizon, and T-Mobile to harvest data. It uses advanced tradecraft with custom router implants, firmware tweaks, and edge device exploitation, while hiding behind pseudo-private firms such as Sichuan Juxinhe and Beijing Huanyu Tianqiong. Despite its sophistication, it has OPSEC weaknesses, like predictable domain registration with fake US personas and ProtonMail accounts, exposing over 45 domains linked to campaigns targeting US National Guard, UK infrastructure, and EU telecoms.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fwhy-huntress%2Fpartnerships%2Fhuntress-and-microsoft-better-together%3Futm_source=tldr%26utm_medium=email%26utm_campaign=Cy25-09-camp-platform-global-prospect-iis-x-tldr_newsletter_0926/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/7H1oGhIPZjrkYaVWGKoYEQDd_D6LBJ_7Ax8XUiYFaOc=424">
<span>
<strong>Microsoft shop? Huntress helps you get better ROI from your licenses (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Are you making the most of the security tools you're already paying for? <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fwhy-huntress%2Fpartnerships%2Fhuntress-and-microsoft-better-together%3Futm_source=tldr%26utm_medium=email%26utm_campaign=Cy25-09-camp-platform-global-prospect-iis-x-tldr_newsletter_0926/2/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/5dmxZisycp079gkcruEJhpr2H7mUO2NnfRiE8Y2Z5MM=424" rel="noopener noreferrer nofollow" target="_blank"><span>Huntress Managed EDR and ITDR</span></a> unlocks the power of your Microsoft security tools with 24/7 SOC monitoring and expert threat hunting. As an official Microsoft partner, Huntress has an industry-leading MTTR and reduces false positives, no rip-and-replace needed. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fwhy-huntress%2Fpartnerships%2Fhuntress-and-microsoft-better-together%3Futm_source=tldr%26utm_medium=email%26utm_campaign=Cy25-09-camp-platform-global-prospect-iis-x-tldr_newsletter_0926/3/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/qkSMZGs3Y-2uGfJ18yBEtOiqBFO-VaDhU1tSJz5a-HI=424" rel="noopener noreferrer nofollow" target="_blank"><span>Book a demo</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FNeo23x0%2Fsignature-base%2Fblob%2Fmaster%2Fyara%2Fapt_cn_brickstorm_sep25.yar%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/7BAIGzE2pce85PtijYO72H3pPUX53UpHtc9KrHOGXoE=424">
<span>
<strong>Improved BRICKSTORM YARA Rules (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researcher Florian Roth has revised YARA rules based on Google's report on BRICKSTORM malware. He improved the rules by removing unnecessary regex, clarifying encoding, and simplifying the rule set. Additionally, he added metadata to enhance clarity and reference the source.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fpwnfuzz%2Fdiffrays%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/IBAcJbZDTDNYMOqCOuzCnxQWfgh81rcm9Kz4OJco250=424">
<span>
<strong>DiffRays (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DiffRays is a tool for binary patch diffing designed for vulnerability research, exploit development, and reverse engineering.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkleiton0x00%2FRtlHijack%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/PVQu3vUp-YxSHP2MgjXNd16YkjlY5yGVxm-i31t6aDk=424">
<span>
<strong>RtlHijack (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RtlHijack is a collection of scripts that showcases how Rtl* functions can be abused to create alternative read and write primitives.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.theregister.com%2Ffeed%2Fwww.theregister.com%2F2025%2F09%2F24%2Fciti_pilots_agentic_ai%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/f4-MIzG4-86hyFSI2M5x9n4WnIlmxSAzYgdUT14J2y8=424">
<span>
<strong>US banking giant Citi pilots agentic AI with 5,000 staff (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Citi is piloting upgraded Stylus Workspaces with agentic AI capabilities across 5,000 employees for up to six weeks, enabling automated research, customer profiling, and multi-stage workflow automation using various AI models, including those from Gemini to Claude. The bank's CTO acknowledged that the technology could reduce staffing needs while boosting productivity, although concerns remain about the 30-35% task success rate of agentic AI. This pilot comes as Gartner places agentic AI at the "innovation trigger" stage of its hype cycle while warning that over 40% of such projects may be cancelled by 2027 due to rising costs and unclear business value.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpup-e.com%2Fgoodbye-rubygems.pdf%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/jLaAgHZzpX829gBcUpOwfWYs2wS0lVqlgRC6gNVt_ak=424">
<span>
<strong>Ruby Central's Attack on RubyGems (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ellen Dash (duckinator), a core maintainer of RubyGems, resigned from Ruby Central following a hostile takeover by Ruby Central of the RubyGems GitHub organization. On September 9, a RubyGems maintainer added Marty Haught of Ruby Central to the RubyGems GitHub enterprise, renamed it to Ruby Central, and removed every other maintainer of the RubyGems project before adding them back, leaving Marty Haught as the owner of the GitHub organization before removing them again later in the month. Ruby Central is the organization that runs RubyGems.org, but the RubyGems project and code are open-source and community-owned.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fcisa-emergency-directive-cisco-zero-days%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/zYYWPLHB7cBsdvcRn6JI-oZQUyPyXjicfLT4JeSQqJ0=424">
<span>
<strong>CISA alerts federal agencies of widespread attacks using Cisco zero-days (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA issued a rare emergency directive requiring federal agencies to patch or disconnect Cisco ASA firewalls by Friday due to widespread exploitation of three zero-day vulnerabilities (CVE-2025-20333, CVE-2025-20363, and CVE-2025-20362) by the same China-linked threat group behind the 2024 ArcaneDoor campaign. The attackers, tracked as UAT4356 and Storm-1849, employed advanced evasion techniques, including disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent analysis while maintaining persistent access to compromise government networks. Despite Cisco beginning an investigation of attacks on multiple federal agencies in May, the company waited four months before disclosing the vulnerabilities and providing patches, raising questions about the delayed response timeline.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.youtube.com%2Fwatch%3Fv=Un9a58ciuEI%26utm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/sh-UCk8F8lGaR3wpREk0eGwcXpljGcp5z5f_F7_QVQk=424">
<span>
<strong>Coding With AI (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI coding tools can supercharge your devsβ¦or your security nightmares. Chelle Saunders, Product Manager at Secure Code Warrior, shares LLM insights, prompt engineering tips, and tool strengths. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.youtube.com%2Fwatch%3Fv=Un9a58ciuEI/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/f4zlhqi3G11QZgJXoqA4kUMWVUED0ZdMU2q7wAZqZ6c=424" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fgcore-radar-report-reveals-41-surge-in-ddos-attack-volumes%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/fEVIjB7Xj3ov-pd-bnGU4M30QT_TEJ_hxAlh0J7cGCg=424">
<span>
<strong>Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gcore's Q1-Q2 2025 Radar report shows DDoS attacks rose 41% YoY to 2.2 Tbps, with attackers shifting from gaming to finance and tech sectors using longer, multi-vector strategies to bypass short-term defenses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FLbaApF/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/OjHbDEy0tAxIaro3W6A2X-2uL6_tMkbcUaxt86pXyNU=424">
<span>
<strong>Amazon fined $2.5B for manipulative Prime enrollment tactics "worthy of a Greek Tragedy" (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Amazon agreed to pay $2.5 billion to the FTC for using deceptive practices to trick 35 million consumers into Prime memberships without consent and creating a deliberately complex "Iliad Flow" cancellation process that required four pages, six clicks, and fifteen options to cancel subscriptions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fvietnamese-hackers-fake-copyright-notice-lone-none-stealer%2F%3Futm_source=tldrinfosec/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/ZmeWe-leFFo3wAM-22__3KnYdBSxdVvrSm1CUkt-2z8=424">
<span>
<strong>Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Vietnamese hackers from the Lone None group are using fake copyright takedown notices from law firms in multiple languages to distribute malware.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/Tcj9Yw2DGZZZIXZdkZj-fpXZp97qbgMe3_QizrRebHE=424" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/J8OFj9p8U_kc0PtUzosTw0sqtLI87_vadheQpabFmdc=424" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/3cqz0jvurh6-5Uh2zD-5qITCGP4BN_AvnNX5rodazJo=424"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/pGgbRs3Y0IMxz4QG0VjU1GYd6_gdBlbuzR_PDqT3DX8=424" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/LLBFLV9QEC7bXqdEuzJ2quo13eeA3mmZ1g9MNowhVY0=424"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/PIKhRAjFGNmXVPduaw_tXqhWC-2HVYgY4e9pXK11P10=424"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/gDAtnU4QVVX_yrlhE0b1Kc4sg3nH0JR7Bbi2XSpRpKc=424"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/X2xFgVFVolkJhDl9LDz5GfJJxG14spWSNjfqurR8qRw=424">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=652f3d10-9ac3-11f0-962d-bbec04729904%26pt=campaign%26pv=4%26spa=1758891683%26t=1758891992%26s=1f5c6befe7704fc8a3c83770b2f43bfc478788bb6db366173f511876e77f4b30/1/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/yKT-3DQ3NXBBV2f-oyW0n-kd4_Cc6gtRlOBr8smSiOU=424">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/010001998621e517-522c483d-6175-49bf-9d6c-62fad7808570-000000/SJ7_t_iSoDAPLtAK9SS7y_plFf0bld0Pt95-97veT48=424" style="display: none; width: 1px; height: 1px;">
</body></html>