<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The DragonForce cybercrime group's April attack on UK retailer Co-op resulted in $275 million in lost revenue and weeks of empty shelves โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/LFVJ5pxKdGNcxdIyjlqDdxVkLCiNWCo-Js5Lw17Ozvk=425" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/HE6tYNNxnqdKr7f1MNRawlQQ0yKQGJYJ_1wP6B4Q7ag=425" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4f9ddd26-9dc5-11f0-bda6-ed1a6244838e%26pt=campaign%26t=1759237574%26s=4b90379d1af9f92d4fe3231cf265953a9d044b4afb071fe15e9c62e60289090c/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/yHtTDCF1CddmL7c5E-F_tZX_kHRfEPpmKw6A_InD99Q=425"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configuration%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q3_2025%26utm_content=dac%26utm_term=newsletter/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/5IlTgmTKv3Z9iKLw_TKQ2qTSR5XxU7xblu9VEqL1DMY=425"><img src="https://images.tldr.tech/threatlocker2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-30</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configuration%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q3_2025%26utm_content=dac%26utm_term=newsletter/2/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/qxXeYDWettHAmZtbdIQv0j8n2hdD7IXxTtIfrnvtKiY=425">
<span>
<strong>Hackers โค๏ธ Misconfigurations (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Misconfigurations are the main way attackers break through your defeneses, and they know it. That's why ThreatLockerยฎ built <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configuration%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q3_2025%26utm_content=dac%26utm_term=newsletter/3/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/3_321WOYXEXwCGDQy48kda-szLUjYK-5vrMj8qrYaLQ=425" rel="noopener noreferrer nofollow" target="_blank"><span>DAC โ Defense Against Configuration</span></a>.
<p></p>
<p>DAC continuously scans every machine across your environment, flags risky misconfigurations, and ranks them by severity. The findings show up in visual dashboards and land in your inbox weekly, so nothing gets missed.</p>
<p>Bonus: DAC <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configuration%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q3_2025%26utm_content=dac%26utm_term=newsletter/4/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/JbvLIcQWbMsSyh_W99vX35QAZL4w-9J-Ca_lYDmMXPA=425" rel="noopener noreferrer nofollow" target="_blank"><span>maps every issue to major security frameworks</span></a> - including NIST, HIPAA, and more - and delivers clear, step-by-step remediation guidance.</p>
<p>Get rid of unused admin accounts, inactive firewall rules, and all the other ways attackers sneak in to your environment. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configuration%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q3_2025%26utm_content=dac%26utm_term=newsletter/5/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/DhDCU5yRrPwMe9JHUCYHTUMInzt5OoeOCcRp0TLOBgI=425" rel="noopener noreferrer nofollow" target="_blank"><span>Explore ThreatLocker DAC</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F182713%2Fsecurity%2Fcyberattack-on-co-op-leaves-shelves-empty-data-stolen-and-275m-in-lost-revenue.html%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/j0ilVsLXq53DZL-K80C5n3mIpVWCRf5xcg2tX_-9mqY=425">
<span>
<strong>Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The DragonForce cybercrime group's April attack on UK retailer Co-op resulted in $275 million in lost revenue, weeks of empty shelves, and the theft of data from 6.5 million members, including names, contact details, and dates of birth (though passwords and payment information were not compromised). Co-op initially claimed no customer data was affected, but later confirmed the breach after hackers contacted executives via Microsoft Teams and phone, claiming to possess data on 20 million membership scheme participants. In July, the UK's National Crime Agency arrested four suspects aged 17-20 in London and the West Midlands on charges including Computer Misuse Act offenses, blackmail, money laundering, and organized crime participation, with DragonForce also claiming responsibility for attacks on M&S and an attempted breach of Harrods.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F182662%2Fmalware%2Fmicrosoft-uncovers-new-variant-of-xcsset-macos-malware-in-targeted-attacks.html%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/lzwj8vOFzROOKPlT1MulCzW7cd_GyoJ1Iu_q3BnKd6E=425">
<span>
<strong>Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft has discovered a new XCSSET macOS malware variant being used in targeted attacks. It builds on the 2020 threat with advanced features, including stealing Firefox credentials via a modified HackBrowserData, hijacking cryptocurrency clipboard addresses using regular expressions, and increasing persistence through LaunchDaemon entries with AppleScripts and AES-encrypted C2 configurations. The four-stage infection chain uses modular payloads for info theft (vexyeqj/bnk), file exfiltration (neq_cdyd_ilvcmwx), persistence (xmyyeqjx creates fake System Settings apps and disables updates), and browser data extraction (iewmilh_cdyd targets passwords, cookies, and credit cards in Firefox). Security teams should review Xcode projects before use, deploy Microsoft Defender on macOS with cloud protection and PUA blocking, verify clipboard content before pasting sensitive information, and monitor for malicious LaunchDaemon entries (e.g., com.google.plists) and unusual creation of the ~/.root folder.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fcpq5w324pd3o%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/-17xaYt4ps7hCmJ5Jmr5IknthA4UuTqLVArdPN_8B5E=425">
<span>
<strong>Hackers Contact Harrods After 430K Customer Records Hit by IT Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Luxury department store Harrods was approached by attackers who stole 430,000 customer records. The compromised data contains only basic personal details like names and contact information, along with marketing information such as loyalty card data. Importantly, it does not include passwords or financial information. Harrods has announced that it will not pay the ransom.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐ง </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.stormshield.com%2Fnews%2Fapt35-plays-the-same-music-again%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/ZgZpsTQXnGI034XsCwOMelVNNijgVoBbD3-2TQykpnk=425">
<span>
<strong>APT35 plays the same music again (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Stormshield's CTI team discovered two previously unreported servers (84.200.193[.]20 and 79.132.131[.]184) linked to Iranian APT35 (Charming Kitten) by hunting for a distinctive HTML loading page pattern using ssdeep fuzzy hashing and queries in SilentPush and VirusTotal. The servers, active since July, host 49+ phishing domains impersonating video conferencing services, such as Google Meet, with typosquatting tactics (e.g., meet.go0gle[.]online), primarily targeting Israeli victims based on URL submission patterns. Defenders can track ongoing APT35 infrastructure using simple VirusTotal queries, such as "entity:url url:online/?invitation" or "entity:domain domain:viliam.*", to identify phishing domains that follow consistent naming conventions despite the campaign being publicly documented.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.silentpush.com%2Fblog%2Fdynamic-dns-providers%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/9G9aOG4F_GOTgzNJM18AcgKA7NkDut76_cfw9rkYxtc=425">
<span>
<strong>Silent Push Examines the Dark Side of Dynamic DNS Providers (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Silent Push identified around 70,000 domains offering rentable subdomains (Dynamic DNS providers) exploited by threat actors due to minimal oversight, cryptocurrency payments, no KYC, and ignoring takedown requests. Major APT groups like APT28, APT29, APT33, Gamaredon, and Scattered Spider extensively use these for C2 infrastructure. While individual malicious subdomains can be blocklisted, parent domains often remain active and spawn new threats. The team created data exports (from the Public Suffix List, afraid[.]org, DuckDNS, NoIP) to help security teams implement risk-based blocking or alerting, balancing security with avoiding disruption to legitimate access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdev.to%2Faws-builders%2Fbuilding-an-aws-guardduty-alert-triage-agent-51e9%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/eOtDTRSTy0uig124FOF3-LmzOkvr7iMQj-MN7mvwo2g=425">
<span>
<strong>Building an AWS GuardDuty Alert Triage Agent (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This article explores how to create a GuardDuty triage agent using PydanticAI and Discord. A user can call the agent using !triage in a Discord channel, and it will investigate a specific alert, IAM user, etc, and provide additional context as well as a verdict. The author was impressed with how well the LLM could triage alerts, but definitely felt that there was a lot of engineering effort in creating the tools and fine-tuning the agent.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐งโ๐ป</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/fl62uh9RiMGqj0Yk-ryo1rxfEhRiaHI33KNj4MASmc8=425">
<span>
<strong>The attack surface of on-device AI (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Running AI on your PC is transforming productivity - but like all emerging tech, it comes with some security risk. Learn about the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/SCUOaLrw7tWMq_mwRvU4hLuD8cfsw5P8Wa4ROWSHwKc=425" rel="noopener noreferrer nofollow" target="_blank"><span>tactics attackers use to gain entry</span></a> to your endpoints, and how you can stay secure. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/2/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/KjgTs_cBqy7_FWiMKjZWiU3ZgPecEiKLrqYUuxbc08s=425" rel="noopener noreferrer nofollow" target="_blank"><span>Read the eBook by Dell and Intel</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0xAIDR%2FAIDR-Bastion%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/flWdq0mv452AXsZmhHQli15ZeS9mxyd2iwCRai91egw=425">
<span>
<strong>AIDR Bastion (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AIDR Bastion is an open-source GenAI security system that defends against malicious prompts using five detection methods: regex, vector similarity, static analysis, ML classification, and LLM analysis. It supports standard and custom rules, integrating with SigmaHQ, SOC Prime, and mapping to MITRE ATLAS and OWASP Top 10, enabling configurable blocking, notifications, and logging. Built on FastAPI, it offers real-time protection and attack diagnostics, with tools for converting rules for enhanced detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0xJs%2FEnumEDRs%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/FEuuD-5Xm0_hA745YiIG1QsQmxFsfTtDH4vIHYPMt6A=425">
<span>
<strong>EnumEDR (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EnumEDR is a tool that enumerates EDRs running on a system by enumerating current processes and loaded drivers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fscabench-org%2Fhound%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/eLYP3AHlWjfVHOWM9pmyRx6PNp85RYiHzEDW6Td38h4=425">
<span>
<strong>Hound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hound is a language-agnostic AI code auditor that autonomously builds and refines adaptive knowledge graphs for deep, interactive code reasoning.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbughunters.google.com%2Fblog%2F5364401980899328%2Fhardening-google-cloud-insights-from-the-latest-cloud-vrp-bugswat%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/fAxeGGMt5hwZZWDVakHGTgb4EmfWGOa05sZpBw3i6uE=425">
<span>
<strong>Hardening Google Cloud: Insights from the latest Cloud VRP bugSWAT (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Cloud's record-breaking bugSWAT event brought together 20 elite security researchers who submitted 130 reports, uncovering 91 vulnerabilities across the platform. The event resulted in approximately $1.6 million in bounty rewards (with 100% bonuses applied), pushing Google's total Cloud VRP payouts to ~$2.5M for 2025. High-severity findings included a network egress filter bypass that enabled SSRF attacks and SQL injection vulnerabilities in database connectors, both of which have now been patched.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbreakingdefense.com%2F2025%2F09%2Fdod-issues-replacement-for-risk-management-framework%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/0MZZdZVJvJ6-mOi-cuBYL1eWPLHeA9EjveNHOWiwyjc=425">
<span>
<strong>DoD Issues Replacement for Risk Management Framework (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Department of Defense (DoD) unveiled a new Cybersecurity Risk Management Construct to replace its previous risk management system. The new system defines a five-phased lifecycle which includes: a design phase which incorporates security from the outset, a build phase where secure designs are implemented to achieve Initial Operating Capacity, a test phase where validation and stress testing are performed before Full Operating Capacity, an onboarding phase where automated continuous monitoring is activated, and finally an operations phase where real-time dashboards and alerting mechanisms provide immediate detection and response.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F785544%2Fmicrosoft-windows-10-extended-security-updates-free-europe-changes%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/WjFTCH7HA6JBEUNeOOmC8lydZLaThF9K4-tYB0k1zyY=425">
<span>
<strong>Microsoft Forced to Make Windows 10 Extended Security Updates Truly Free in Europe (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Windows 10 will reach end-of-life on October 14. Microsoft had previously announced that users who enabled Windows Backup would be entitled to a year of free extended security updates. This move drew some controversy due to its requiring the use of OneDrive to receive security updates. Following pressure from the Euroconsumers consumer advocacy group, Microsoft has dropped the Windows Backup requirement for European users, but will still require the use of a Microsoft account.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">โก</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=quick-link-demo/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/EhPI4XuG34IoK2Kd2FK5p77vgaqOc2cnYAE2eRGK_44=425">
<span>
<strong>AI-Powered AppSec (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Predicts which of your websites and applications are most likely to be vulnerable to attacks. Correlates runtime-validated DAST findings with broader ASPM data, evaluating exploitability, reachability, and business and compliance impact. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=quick-link-demo/2/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/xViWI3poWyptvY2BKlUYX06HZeEXReQrEgOrxNiEC_I=425" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Get a demo โ</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F09%2F28%2Fasia_tech_news_roundup%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/CYAJawgoP83QNmIxRd6q5Sik3RAtcdg7Pii-D0SITtg=425">
<span>
<strong>Datacenter fire takes 647 South Korean government services offline (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The fire at South Korea's National Information Resources Service datacenter was sparked by a lithium-ion battery replacement gone wrong.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmicrosoft-edge-to-block-malicious-sideloaded-extensions%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/5EZjiNzPUOSgc1PGvKFJn6ddjiYEBh_fXEyhHXnzLLY=425">
<span>
<strong>Microsoft Edge to block malicious sideloaded extensions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Edge will introduce malware detection in November to automatically identify and revoke malicious sideloaded extensions installed via Developer Mode.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fuk-convicts-bitcoin-queen-in-worlds-largest-cryptocurrency-seizure%2F%3Futm_source=tldrinfosec/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/7Fw0Y2sxN3d80AU9_jt6UKUSrnnzC36afIVoblq7Wgc=425">
<span>
<strong>UK convicts "Bitcoin Queen" in world's largest cryptocurrency seizure (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK Metropolitan Police secured a conviction against Zhimin Qian, also known as "Bitcoin Queen," for a multibillion-pound Bitcoin fraud scheme that defrauded 128,000 Chinese investors between 2014 and 2017 by promising 100 to 300 percent returns.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/Ss4BNwdJ-Z9m9lgvOz9qBeBT5flKTr0VsbzCNxRWqaA=425" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/tR4r7RhHKfxLNVR-7pQvkEcZu3q3xPf67xorFGcu5CA=425" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ๐ฐ
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/1wGmr4dL0wzUEzHj4-L-DimjfnKicXoPOm-lu5kQ2nM=425"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ๐ผ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/_cByoeakLMsLdJGx9nZdNckmoZE0H76vT4cChUeU_bk=425" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/waipHt7JM-gQgPcdITHr-5aBzv_2VCOD0by7bgwYW0g=425"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/xJL8Xy8oJmkLnAcXAuD7oBXeiJii6ABzkIiLozO9l14=425"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/6fBkAKRPlIcPy57YJovP8hYUXmrrcnkISCRpeN3D22g=425"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/C5YdPv2QS10mwnewv219oK6bansRSkeF2SmUpyY_1Ro=425">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4f9ddd26-9dc5-11f0-bda6-ed1a6244838e%26pt=campaign%26pv=4%26spa=1759237258%26t=1759237574%26s=04b3a420dfad831bdc9588940a72361b11e6dc90cf2cedeeda8698d3ce3b52fd/1/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/U5tJJgoSJEDKGtSUPditl2w0-yg3H_0Cd5ynJlCMEmY=425">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/010001999abb0e59-9071f524-f1fd-4f00-ba4e-739712f66974-000000/f92QcQ2DAuskZ_ks3QzcKPUdgnd0dEl1_xGYWQm22dA=425" style="display: none; width: 1px; height: 1px;">
</body></html>