<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Broadcom has patched two high-severity VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) reported by the NSA β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/XYPDqrZkx1Q42Q6ICZ77CiRW6MrOHEqIJTvvri61U7E=425" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/Dl0BzyfR_9qv4qwMDiL7KP5Nzyi5AZhXzZljkvvjUXQ=425" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d7ad40a0-9f80-11f0-9b4b-8f9276cd9166%26pt=campaign%26t=1759411602%26s=7f935781ecc02b5a489792107e6d527952d4698c3eb535743842cc604bfa1902/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/CcNToI5h-I7xXZAF0fv953jFJYq5Ts73KKUf_2RQREU=425"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.org%2Ffor-organizations%2Fworkforce%2Fresources%2Fsecurity-awareness-report%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=SAR25_10.02.25%26utm_campaign=Paper_SecurityAwarenessReport_2025%26utm_rdetail=Global%26utm_goal=Leads%26utm_type=SSA/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/EIqUE40Y255QhhCfo3OlObItuhbgZj5iW9RlPLepCJE=425"><img src="https://images.tldr.tech/sans.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="SANS Institute"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-02</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.org%2Ffor-organizations%2Fworkforce%2Fresources%2Fsecurity-awareness-report%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=SAR25_10.02.25%26utm_campaign=Paper_SecurityAwarenessReport_2025%26utm_rdetail=Global%26utm_goal=Leads%26utm_type=SSA/2/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/DnqH_FdDkkTYKnRyWTPmuGDFc01SC9tQ0H5OltRb5Wg=425">
<span>
<strong>SANS Security Awareness Report: Preparing for the AI-Driven Future (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The 2025 <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.org%2Ffor-organizations%2Fworkforce%2Fresources%2Fsecurity-awareness-report%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=SAR25_10.02.25%26utm_campaign=Paper_SecurityAwarenessReport_2025%26utm_rdetail=Global%26utm_goal=Leads%26utm_type=SSA/3/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/rxwc4xuZ6cfNLNTmWzIPOSbwIbeAcYDHjGnDWc-EV-E=425" rel="noopener noreferrer nofollow" target="_blank"><span>Security Awareness Report</span></a> provides essential benchmarks to measure program maturity, reduce risk, and embed security into your culture. This year's findings spotlight social engineering, AI misuse, and workforce challenges as top human risks.
<p></p>
<p>Want to know what's next? Watch <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.org%2Fwebcasts%2Fimpact-ai-workforce%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=AI_Workforce_Impact_Webinar_10.02.25%26utm_campaign=Paper_SecurityAwarenessReport_2025%26utm_rdetail=Global%26utm_goal=Leads%26utm_type=SSA/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/87r9NkVe2vps2Rd1QuUGWSJlRyD_RvuPd7bTofA5DrY=425" rel="noopener noreferrer nofollow" target="_blank"><span>The Impact of AI on the Cybersecurity Workforce</span></a> webcast for insights on evolving skills demand. Then, explore <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.org%2Ffor-organizations%2Fworkforce%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=WSRT_Home_10.02.25%26utm_campaign=Paper_SecurityAwarenessReport_2025%26utm_rdetail=Global%26utm_goal=Leads%26utm_type=SSA/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/mIMqvvAuoABXjmoTESBszOlQjo-ztTmeKhSwxNA8xzg=425" rel="noopener noreferrer nofollow" target="_blank"><span>SANS Workforce Training & Resources</span></a> to prepare your teams for tomorrow's threats.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fbroadcom-fixes-high-severity-vmware-nsx-bugs-reported-by-nsa%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/7lZuX3p5EM9tdnyb4LNKZlQlLGQ5BzdnoqIhA6yElkI=425">
<span>
<strong>Broadcom fixes high-severity VMware NSX bugs reported by NSA (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Broadcom has patched two high-severity VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) reported by the NSA, both involving username enumeration flaws in password recovery mechanisms that allow unauthenticated attackers to identify valid usernames for potential brute-force attacks. These vulnerabilities affect VMware NSX, a critical networking virtualization solution widely used in enterprise private and hybrid cloud environments, making them attractive targets for state-sponsored hackers and ransomware groups that frequently exploit VMware products. Security professionals should immediately apply the available patches and review their VMware infrastructure for other recent vulnerabilities, as this follows a pattern of actively exploited VMware zero-days throughout 2025, including those used by Chinese state actors and disclosed at security conferences.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fvolvo-group-employee-data-stolen-in-ransomware-attack%2Famp%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/bSUK0vHeiyuy1Jv1lKAgpuCIXd0p-wjMg2knatPJBkQ=425">
<span>
<strong>Volvo Group Employee Data Stolen in Ransomware Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Volvo has reported that a hack of a third-party IT company, MiljΓΆdata, impacted it. The attackers breached the company's Adato support system for rehabilitation and Novi support system for HHR personnel notes. The Volvo Group stated that the incident impacted its employees' names and SSNs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspectrum.ieee.org%2Funitree-robot-exploit%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/SUUllQh2IhpiLHgHIwugqLVTR8nMihaznLJNW7L54Pk=425">
<span>
<strong>Exploit Allows for Takeover of Fleets of Unitree Robots (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers discovered a wormable vulnerability in the Bluetooth Low Energy (BLE) Wi-Fi configuration interface used by several Unitree robots, which could result in remote code execution. Unitree robots utilize an initial BLE connection to facilitate the setup of a Wi-Fi connection. However, the encryption keys for the packets that the robot accepts were published on X. The researchers discovered that if an attacker encrypts the word βunitreeβ with these keys, the robot will allow them to inject arbitrary code masquerading as the Wi-Fi SSID and password, which will then be executed when the robot tries to connect to Wi-Fi.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fredhuntlabs.com%2Fblog%2Fechoes-of-ai-exposure-thousands-of-secrets-leaking-through-vibe-coded-sites-wave-15-project-resonance%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/62-NIed1AoV3FynvKsLzi_mbDxXIy8dnxPiYplDN_LY=425">
<span>
<strong>Echoes of AI Exposure: Thousands of Secrets Leaking Through Vibe Coded Sites (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
1 in 5 websites built on "vibe coding" platforms (no-code/low-code tools) expose sensitive secrets, with 25,000 leaked API keys found across 130,000 scanned sites, including a surge in AI platform credentials (72% Google Gemini, 14% OpenAI) and 16,000+ Firebase backend keys. The root cause is non-technical users following tutorials that embed API keys directly into client-side code without understanding the security implications, creating opportunities for credential theft and unauthorized service usage. Security teams should implement continuous threat exposure management (CTEM) to monitor citizen developer activities, while platforms need pre-publish secret scanning and better secret management features to prevent these exposures.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fakira-ransomware-breaching-mfa-protected-sonicwall-vpn-accounts%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/ARTtyvM8IB6EUzl8VEc--1ID2r_pJk8daVk9mBShyZA=425">
<span>
<strong>Akira Ransomware Breaching MFA-Protected SonicWall VPN Accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In July, BleepingComputer reported that the Akira ransomware operation was exploiting SonicWall SSL VPN devices to breach corporate networks. SonicWall eventually linked the attacks to an improper access control flaw that was patched and disclosed in late 2024. Security firm Arctic Wolf now reports an ongoing campaign against SonicWall firewalls, where threat actors are successfully logging into accounts even when one-time passwords (OTPs) are enabled. Google Threat Intelligence Group suggests that the attackers may have harvested the OTP seeds earlier and waited to use them.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.sekoia.io%2Fsilent-smishing-the-hidden-abuse-of-cellular-router-apis%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/bfOsUum9Wp5cu_QmyJuUS5ezMqlvxiCQNfDwe2sK-3U=425">
<span>
<strong>Silent Smishing: The Hidden Abuse of Cellular Router APIs (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors have been exploiting APIs on over 572 Milesight industrial cellular routers to send smishing campaigns targeting European users since February 2022, with a primary focus on Belgium. The messages impersonate government services, including CSAM (the central system for identity and access management for the government's online services) and eBox. The attackers leverage CVE-2023-43261 and exposed APIs to remotely send SMS messages without authentication, utilizing routers as a distributed infrastructure across multiple countries to evade detection and enable mass phishing campaigns, with over 40,000 messages sent to Swedish and Italian numbers in a single campaign. Security professionals should audit cellular router configurations for exposed SMS APIs, implement authentication requirements, update firmware to versions beyond the vulnerable 32.x and 41.x versions, and monitor for unusual POST requests to /cgi endpoints. Additionally, they should educate users to scrutinize unsolicited SMS messages that contain shortened URLs or use urgent language.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fwebinars%2Fshadow-api-find-test-fix%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=secondary-shadow-api-webinar/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/dpvosPltV7dHf0-xEgXQVztP5_gxWYdtc4s-R-SZM7o=425">
<span>
<strong>Webinar: Unmask and Secure Shadow APIs Before Attackers Do (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Insecure APIs are your highest-risk assets. Invicti discovers and scans what others miss, verifies real vulnerabilities at runtime like BOLA/BFLA, and correlates API business logic errors across SAST, SCA, and DAST. Automate validation and remediation with AI-guided fixesβall in one ASPM layer.<br><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fwebinars%2Fshadow-api-find-test-fix%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=secondary-shadow-api-webinar/2/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/zr1SyfvkU9lNJKsLjSsZgRQbKtauCBrDifcgtBskd1I=425" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Register Now</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmandiant%2Fflare-floss%2Freleases%2Ftag%2Fquantumstrand-beta1%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/X5MGZ2f4Thj4L0n0wQBRiE6VyEDa6GhLIg4j4vcUFyI=425">
<span>
<strong>QuantumStrand (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FLARE team has released a new tool called QuantumStrand (qs) as part of its FLOSS suite. qs is a static string analysis tool that extracts tags and presents strings within the hierarchical context of a file's structure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.descope.com%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/lBfN6NZbyU8A3b6f_-gbsCsWWGJ2Bnp_elK5jHsHOzw=425">
<span>
<strong>Descope (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Descope provides a no-code/low-code external IAM platform that supports user, business customer, partner application, and AI agent identity management, delivering comprehensive visibility and preventing account takeover.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsbomify%2Fsbomify%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/AuKXEHIRuKdD_MgYr8y2X0APQLQWTQXNloJwdfTeUGI=425">
<span>
<strong>sbomify (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sbomify is a Software Bill of Materials (SBOM) and document management platform that can be self-hosted. The platform provides a centralized location to upload and manage your SBOMs and related documentation, allowing you to share them with stakeholders or make them publicly accessible.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4065998%2Fcisa-2015-cyber-threat-info-sharing-law-lapses-amid-government-shutdown.html%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/EaJkxZ62SASHw6oXeI3Q4wzh-Qdei4nGp5p0FyGkJDs=425">
<span>
<strong>CISA 2015 cyber threat info-sharing law lapses amid government shutdown (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Cybersecurity Information Sharing Act of 2015 expired on September 30 due to a government shutdown, removing critical liability protections that enabled private sector cybersecurity threat information sharing with the government and peers. Without these legal safeguards, organizations now face potential antitrust violations, FOIA disclosure risks, and loss of trade secret protections when sharing threat intelligence, significantly reducing real-time threat visibility across critical infrastructure sectors. Security professionals should immediately consult with legal counsel before engaging in any threat-sharing activities and may need to revert to pre-2015 bilateral agreements, where available, as the timing for congressional reauthorization remains uncertain.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fphantom-taurus%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/y2Tkhthx93d0e7rAtn3Gl4ROU8D6Hc2wL0ln5oFLqxU=425">
<span>
<strong>Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phantom Taurus is a Chinese state-sponsored APT group targeting government and telecom organizations across Africa, the Middle East, and Asia for espionage aligned with PRC interests. Evolving from email attacks to database targeting, it utilizes custom tools like the NET-STAR malware suite, which includes three fileless .NET backdoors (IIServerCore, AssemblyExecuter V1/V2), to compromise IIS web servers. It employs evasion tactics such as AMSI and ETW bypasses. Security teams should watch for TTPs such as timestomping, fileless execution within w3wp.exe, and ASPX web shells, including OutlookEN.aspx, while managing threat exposure to detect infrastructure sharing among Chinese APT groups.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fcritical-red-hat-openshift-ai-flaw.html%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/BKVHfXQGbk9TVja24-F22z5AVRoMKUvApxGkyAWfLVg=425">
<span>
<strong>Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical vulnerability (CVE-2025-10725) has been identified in Red Hat OpenShift AI that allows authenticated attackers to escalate privileges and potentially compromise entire cloud environments. Versions 2.19, 2.21, and RHOAI are affected. Red Hat recommends limiting permissions, especially for system groups, and suggests granting job creation rights only to specific users or groups to minimize risk.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fpp%2Fprodview-4owfkqa44ucys%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=100225%26utm_content=babysit_firewall/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/9U4jKXve84w3PJ-21fXB1nkIRrFtuXBYhmwH6ytjULg=425">
<span>
<strong>Intrusion Shield Cloud: AWS firewall that writes the rules for you (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tired of babysitting your firewall? Intrusion Shield for AWS uses 30+ years of threat intelligence to auto-generate rules, block risky traffic, and cut down alert noise. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fpp%2Fprodview-4owfkqa44ucys%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=100225%26utm_content=babysit_firewall/2/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/d8k9zIFc2YQzTU6rt6lDAAUUYm7OGoXIyJ5xkmtRVGY=425" rel="noopener noreferrer nofollow" target="_blank"><span>Get a free trial</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.elcomsoft.com%2F2025%2F09%2Fiphone-17-the-end-of-pwm-flickering%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/PRx3ZkiYc-lKMRkR2Tn1NacawvVKU1qvjDUlu8ClTiU=425">
<span>
<strong>iPhone 17: the End of PWM Flickering? (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple has introduced a "Display Pulse Smoothing" setting in iPhone 17 that addresses PWM flickering-induced eyestrain by enabling DC dimming as an alternative to pulse width modulation for OLED brightness control at low brightness levels below 25%.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBEuzUh/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/jvNd_gGsdLWEUFptMxCSTh1IV8cuArH17dHm-AvOMZU=425">
<span>
<strong>Legislation for extended data privacy protection blocked (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new privacy protection act, aiming to stop the sale of personal information and better shield Americans from stalking and violence, was blocked in the Senate by Ted Cruz.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F10%2F01%2Fdata-breach-at-canadian-airline-westjet-affects-1-2m-passengers%2F%3Futm_source=tldrinfosec/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/yDF1Wh06kHaIZJSGvsuEy7DSmgGWMjPr_YsRvFjef8M=425">
<span>
<strong>Data breach at Canadian airline WestJet affects 1.2M passengers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WestJet, Canada's second-largest airline, experienced a significant data breach exposing the personal information of 1.2 million passengers, including names, birth dates, addresses, and travel documents, in a cyberattack attributed to the Scattered Spider group, known for its social engineering tactics.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/nSU0VPFb5aH9-j3bX7lX-6R3fCngmfvc-btOWk96_GQ=425" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/O6YzNTgF_NNdc9RAS3zJU5qbh18-eLa7tyqvTc_OXFU=425" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/Z3xMjSPFnX1ytqj7HTuVMW0H1xlMXYpest2Q_bu9WCg=425"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/hJRXNsvG3LjDvE76a3ASiCt_aixMmyL7jCjIJXmk5T0=425" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/HElt3xvT1zY52juTWpE-nPfjadJp9RWpQIUb5FJsCmM=425"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/SioeUUxV2TBYllsAoJL_30h_1MCmBSk_AXKK9Xuyvkk=425"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/2vpkK6QuBwG6Q56vbYoXIbM_Zsc9fwFB1MlXnYJHuSk=425"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/OSMhM0VqEZkGH14uFbaxAEwAai0LAR1lRiubbC-NGqA=425">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d7ad40a0-9f80-11f0-9b4b-8f9276cd9166%26pt=campaign%26pv=4%26spa=1759410109%26t=1759411602%26s=dafc8928cb21aa9837aba7a539e77026efa1bd34c44afe8132f42e306956d9e8/1/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/QFFi7H69m37Uw6hbz4jvzgeNd1UwZ-GFBFAXzDNNaJA=425">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199a51a8372-7f8342ad-4cef-4a15-86fb-fa1767fc795e-000000/uF3qi5aWsLca_N3V0KGcSfnpZrJGWGEuCGHGjgY7p7U=425" style="display: none; width: 1px; height: 1px;">
</body></html>