<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A new ransomware gang called Radiant has hacked a chain of nurseries called Kido and stolen the data of 8,000 children. </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/40jf3vZXtZs-NYQRspQVTXTO5uQ2S3rLDoatBdfwLhg=424" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/_iUdlb1uHdq11bOHZTSgqJSjYGXrZ07pQaL8Kscip0E=424" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8d19240a-9d28-11f0-8d9d-cd00afc3464b%26pt=campaign%26t=1759151234%26s=e6eab4aae86e8a76c3e408b5283551150804d2048e25aabb67d0801deacec62a/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/nEg3GxzkMr_sbUE06AaKsaio9syIHoBTRy-E-i9uZl0=424"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/Dbxe21adWuTpqvB5v1qDu5mNvxHn9LfOsS4aR_EgV1Y=424"><img src="https://images.tldr.tech/threatspike2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="ThreatSpike"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-29</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/2/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/Z97Tr0WrjDLG1KvtvckZZSNUh6XoHqnAQNp4z3CIJkA=424">
<span>
<strong>Pen testing is broken. ThreatSpike Red has the fix (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The traditional pen testing model is slow and expensive: pay thousands per day for a single test, wait weeks for scoping and scheduling, then get one snapshot report that's outdated on arrival.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/3/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/E_ObSG7Rm0CVEJGyN055nEmesZFBEL_KfPEipzfNsPg=424" rel="noopener noreferrer nofollow" target="_blank"><span>ThreatSpike Red</span></a> flips this on its head with unlimited pen testing for a flat subscription fee. Run what you need, when you need it — from web app assessments to full red team exercises.</p>
<p>Unlike automated tools, ThreatSpike Red delivers testing by <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/4/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/hKEm-fO-Q_3A0DA4wQmYG_EVzsztGlaa1eSREUZZvUM=424" rel="noopener noreferrer nofollow" target="_blank"><span>CREST-certified professionals</span></a> who understand your environment. Get continuous, expert-level security testing without the traditional bottlenecks.</p>
<p>Stop renting pen tests. Own them. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatspike.com%2Fthreatspike-red%2F%3Futm_campaign=172284149-27.09%2520Email%253A%2520TLDR%2520Newsletter%26utm_source=email%26utm_medium=email%26utm_content=TLDR/5/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/1EdJ_TK5EdbGmjqg8dCfiD0ShSrhytLb0MrbLiHlmBk=424" rel="noopener noreferrer nofollow" target="_blank"><span>See how ThreatSpike Red works</span></a>.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fc62ldyvpwv9o%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/DlLVpKpQAUvFJ4MgaYAIep4zFkyrAs09lmb0zXw8jKc=424">
<span>
<strong>Children's Names, Pictures, and Addresses Stolen in Nursery Chain Hack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new ransomware gang called Radiant has hacked a chain of nurseries called Kido and stolen the data of 8,000 children. The breached data includes names, pictures, and addresses. The criminals contacted the BBC directly and stated that they hadn't asked for a high ransom and viewed it as compensation for performing a pentest, even though no pentest was authorized.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mimecast.com%2Fthreat-intelligence-hub%2Fscreenconnect-super-admin-credential%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/nuo45rGj7jKBEdv1EgcsTA7S6l-6vOmNTsL9AhDHmT0=424">
<span>
<strong>ScreenConnect Super Admin Credential Harvesting (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mimecast is reporting on a low-volume spear-phishing campaign that has been active since 2022, targeting super admins of ScreenConnect instances. The attackers send an email warning admins of a new login attempt and prompting them to review it, and if they click through, it directs the admins to an EvilGnix phishing page that harvests their credentials. The attackers use the access to deploy compromised clients and ransomware.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ftradingview-scam-expands-to-google-youtube%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/naPPXK29zrpCKFEg5NnxbVIXW_2ZurjteNPE1yfUWSQ=424">
<span>
<strong>Google Ads Used to Spread Trojan Disguised as TradingView Premium (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A malicious advertising campaign offering "free access" to TradingView Premium has expanded from Facebook to Google Ads and YouTube, using over 500 website addresses and hijacking verified business accounts to spread the Trojan.Agent.GOSL spyware. The scammers take control of legitimate YouTube channels, delete the original content, and rebrand them to mimic the official TradingView page, using unlisted videos and paid advertising to avoid detection. The malware is designed to steal sensitive information, including passwords, personal data, and cryptocurrency wallet details. One fake video gathered over 182,000 views in just a few days.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2025%2F09%2F25%2Ftaming-2500-compiler-warnings-with-codeql-an-openvpn2-case-study%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/vYQHSqogIe1O0yy5oAN5K2mJT6ZIajTzHnwsoNw_ZL8=424">
<span>
<strong>Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Trail of Bits created a sophisticated CodeQL query to analyze 2,500 implicit integer conversion warnings in OpenVPN2, filtering them down to 20 security insights through iterative methods, including range analysis, and focusing on user-controlled inputs. Its five-step approach combined compiler warnings with static analysis techniques such as taint tracking and function modeling to differentiate between safe conversions and potential vulnerabilities. Although most conversions were safe, its team concluded that specialized analysis is necessary to identify risky cases. They did not find any exploitable vulnerabilities but did produce a reusable query for C codebases.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.embeeresearch.io%2Fadvanced-cyberchef-techniques-defeating-nanocore-obfuscation-with-math-and-flow-control%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/WcdbTU9tZYWdF-wLFqR8iZSoa67M3GwgtVLagoLJu-4=424">
<span>
<strong>Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers utilized CyberChef to deobfuscate a Nanocore VBS loader, which encoded ASCII characters using mathematical operations and hexadecimal values. They utilized subsection tools and flow control to isolate operators, convert hex, perform calculations, and decode ASCII, demonstrating how advanced techniques can reverse complex obfuscations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/yaSzInrVMd3J8Zo_gjd3_b3nixS0kHHRK6jIG_tW5gI=424">
<span>
<strong>Your AI Models Are Running on Devices Built Before AI Existed – That's a Problem (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cyberattackers are waging war on training data and AI models, but your Windows 10 fleet can't detect threats below the OS. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/rQJAAGgMbJILScnrWfupCKSxmyIr-33i8eMSdDNONt4=424" rel="noopener noreferrer nofollow" target="_blank"><span>Dell AI PCs </span></a>detect BIOS tampering and supply chain attacks at the hardware level, while integrated CrowdStrike and Absolute software enforce zero-trust model access controls. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/2/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/mjlyc9XdNBpE90ceysdGyJjv50ppu0H1UMQdTO2Y0GU=424" rel="noopener noreferrer nofollow" target="_blank"><span>Learn what makes Dell AI PCs the world's most secure</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fnew-regional-internet-traffic-and-certificate-transparency-insights-on-radar%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/aSwc4F3D3fAsXgBf8ejmxWwYgUqEv2dCxBlwQ3QUV3c=424">
<span>
<strong>Introducing new regional Internet traffic and Certificate Transparency insights on Cloudflare Radar (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare Radar added two features: regional traffic insights showing sub-national Internet patterns via administrative divisions, and comprehensive Certificate Transparency (CT) data expanding on the Merkle Town dashboard. The regional insights reveal localized traffic trends, such as mobile vs. desktop usage, and the impacts of weather or infrastructure issues. The CT data provides analysis of certificate issuance, CA activity, and log metrics. These features enhance Radar's goal of detailed Internet health and security visibility through dashboards, APIs, and Radar's Data Explorer.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FZephrFish%2FOmniProx%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/Umj9NYHjcymyxHFYPm908rs2V_qsVOPbp7sbBeAwzuA=424">
<span>
<strong>OmniProxy (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OmniProx is a command-line tool designed for security professionals to deploy and manage HTTP proxies across various cloud providers, including Azure, GCP, Cloudflare, and Alibaba Cloud, through a single interface. It offers IP and header rotation for web scraping, reconnaissance, or privacy, and is designed to utilize free tiers for cost efficiency. However, security teams should be aware that it could be misused for malicious activities such as bypassing rate limits, evading detection, or unauthorized reconnaissance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FM1ndo%2FWerDump%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/En1mOgSxmzGA-Pthh0efJX7RK6czk4FBa2u-6Dg-UAo=424">
<span>
<strong>WerDump (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WerDump is a Beacon Object File (BOF) for Havoc and Cobalt Strike that allows dumping Process Protected Lsass using WerFaultSecure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdutch-teens-arrested-for-trying-to-spy-on-europol-for-russia%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/ZDbVXJG4BRudW-iyTsSFpCFdWXsZZhxIAo0yDL53RBg=424">
<span>
<strong>Dutch teens arrested for trying to spy on Europol for Russia (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Two 17-year-old Dutch teens were arrested near Europol, Eurojust, and the Canadian embassy in The Hague for allegedly using WiFi sniffing devices to spy for Russia. Recruited via Telegram, they were detained after a Dutch intelligence tip, with one arrest occurring at home while the suspect was doing homework, unaware of their activities. Europol confirmed the incident but said its systems weren't compromised, marking a shift from Russian youth recruitment for vandalism to espionage.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fxworm-rat-fake-invoices-office-files%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/DNqEIU_V5Nd1I2M7x_3cRYmbSOZoq65UNpitRxFQIo0=424">
<span>
<strong>Hackers Use Fake Invoices to Spread XWorm RAT via Office Files (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals are distributing XWorm RAT through fake Spanish invoice emails containing malicious .xlam Office files that appear blank when opened but execute hidden shellcode to download additional payloads. The attack chain employs reflective DLL injection and process injection techniques to embed the malware within legitimate processes, thereby enabling complete remote system control, including keystroke logging and file theft, while establishing a connection to a C2 server at 158.94.209.180. This represents a continuation of XWorm campaigns that have compromised over 18,000 devices globally this year, with attackers increasingly leveraging trusted platforms, such as AWS S3, for payload distribution.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fmedusa-ransomware-comcast-data-breach%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/-MTwIRJBZa1KflPYFo5MFphos4ZsAukqqntLNoZ9uuM=424">
<span>
<strong>Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Medusa ransomware group claims to have exfiltrated 834.4 GB of data from Comcast Corporation and is demanding $1.2 million either as ransom for deletion or as a sale price to interested buyers. As proof, the attackers posted approximately 20 screenshots of alleged internal files, along with a listing of 167,121 file entries containing actuarial reports, insurance modeling scripts, claim analytics, and product management data, including files such as Python and SQL scripts related to auto premium analysis. Comcast has not confirmed or denied the breach. It experienced a credential leak in 2015 that affected over 200,000 users. The breach was attributed to credential aggregation and not a system breach.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FLAt9lp%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/1h4VwkjtjPm7kJfi2zxCnUJ6iaKQ9yXdotioKBbiHVk=424">
<span>
<strong>CTRL/ACT: Where AI-Driven Attacks Meet Human-Led Defense (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-driven cyberattacks are rewriting the rules. Join Morgan Stanley's Rachel Wilson at CTRL/ACT to learn why visibility isn't enough and how actionability, automation, and resilience are the new imperatives. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FLAt9lp/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/UBZ1gOLymMyfUVkvR2QtCRv4ojnWq5b0JyugJXngReA=424" rel="noopener noreferrer nofollow" target="_blank"><span>Register now</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-shares-temp-fix-for-outlook-encrypted-email-errors%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/FKcJr8gpKFWoeX8SGyhYp90cYzOpJEZ_wB_stX99BXw=424">
<span>
<strong>Microsoft shares temp fix for Outlook encrypted email errors (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft is investigating a bug that prevents classic Outlook users from opening OMEv2-encrypted emails from external organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Flegal%2Feu-probes-sap-over-anti-competitive-erp-support-practices%2F%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/atPim-DQdo4wr6_itPYw88YXiSqbzUGs31Ljb-85vKE=424">
<span>
<strong>EU probes SAP over anti-competitive ERP support practices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The European Commission launched a formal investigation into SAP for allegedly abusing its dominant market position by forcing customers to purchase uniform support packages, blocking the termination of unused licenses, extending mandatory support periods, and charging substantial reinstatement fees that restrict competition from third-party ERP support providers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fwiz-achieves-fedramp-high-authorization%3Futm_source=tldrinfosec/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/DZuLdh_3Xlc52_t8tCWFlPF-gnMDBzaAu-TNjPKu_ow=424">
<span>
<strong>Wiz achieves FedRAMP High authorization (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wiz now has FedRAMP High authorization, allowing federal agencies and contractors to use its full cloud security features across major cloud providers to protect sensitive government workloads.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/rqOgPMHLmkJJdKoVpkmUibYq9PHK9xcbRde9NSVKjPE=424" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/DYjNZehAbLor6QLVVvmAqATNg9cHGeyOKvBD7FleN3k=424" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/fvMV1U1FwA6V65bX5zs9P3rmvT07BHD6NfbgoeD5Ej8=424"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/yncvYNnn6lewvKfOREsU2boYSRno9G5VN1BcTIOHrcs=424" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/bbystT_K3EYkLVcksDayZhC1b2hryWL5kSpYVzSSTy4=424"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/bjlaiAosGFWY_AWp1HUWQo9sj1wmHAgZ9Sc7PkeproQ=424"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/qSNos4Md6yMA1rPPYRIw05n5vK3FGS9bV8mqQVqPRYU=424"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/6Ybt9zm603uROdvULXlogADSjArhwfXtXi7Xk5uxeMk=424">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8d19240a-9d28-11f0-8d9d-cd00afc3464b%26pt=campaign%26pv=4%26spa=1759150885%26t=1759151234%26s=15dab44c6c0e31c036f723587978022d147253880a390add9bbb4c68d9c10a85/1/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/DmIq2OWj6ae8OzMkOSdqmjaqG6yqCwUJ5ODAJyhAKyw=424">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019995959f92-9d6c312f-7ada-43bb-aa4a-84317ed4abb1-000000/ILJOAeV2ysFRe1d7cbOIDvS9ZJ6IH-EZGNaP24j7P8g=424" style="display: none; width: 1px; height: 1px;">
</body></html>