<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Discord suffered a data breach on September 20. The Scattered Lapsus$ Hunters threat group compromised a third-party Zendesk customer service system </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/unJLCMxrProIZ4IDaeZGHrvMzP-EQV2mQ6086J2Lyp4=425" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/RNF3OADnE6lhpf1CEWB7qvk6g5czFwfyBDeM97ELU_8=425" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=06bd0f38-a29c-11f0-8483-77d4c08b1104%26pt=campaign%26t=1759756008%26s=1b71af0a3830019a0ff4852f5ad52cb04eabe69da5e5b9b54dc1147777a916b0/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/0kPRJUhniiWEzYIXjplfhiEvkiGRKY3Azq6NqNblk74=425"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fget-the-primary-source-advantage%3Futm_campaign=Resource_RP_ThreatIntel_SourceAdvantage%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000UeNEMIA3/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/c1p7mCaxDqkmlvnnBrDDYDFANQn9GSHKI5-YucARpvQ=425"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-06</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fget-the-primary-source-advantage%3Futm_campaign=Resource_RP_ThreatIntel_SourceAdvantage%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000UeNEMIA3/2/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Qjn-OAaefyEfbYrG2UrmwJyFXCULcxBQaxn0Sij_l5g=425">
<span>
<strong>Why you should use primary sources for your threat intelligence (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Your threat intelligence is only as good as the data that feeds into it - and no amount of AI will change that. If you're relying on the same static data feeds as everyone else, you're likely to fall into the same traps.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fget-the-primary-source-advantage%3Futm_campaign=Resource_RP_ThreatIntel_SourceAdvantage%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000UeNEMIA3/3/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/tWh60ubJeN2QG_jfVe9O2Zhsp_LmTqU8eVG3-mOGiiA=425" rel="noopener noreferrer nofollow" target="_blank"><span>Primary Source Collection (PSC)</span></a> lets you deliver actionable intelligence for cyber threat investigations, fraud prevention, executive protection, and more. It allows you to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fget-the-primary-source-advantage%3Futm_campaign=Resource_RP_ThreatIntel_SourceAdvantage%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000UeNEMIA3/4/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/a2zEtjDq0neZTuA8ZCShGaU8PCeF1V10Ark-caUQ428=425" rel="noopener noreferrer nofollow" target="_blank"><span>capture threats directly from the source</span></a> - including closed, invite-only, and fringe communities that are inaccessible to most vendors.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fget-the-primary-source-advantage%3Futm_campaign=Resource_RP_ThreatIntel_SourceAdvantage%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000UeNEMIA3/5/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/PHd_TVdaBSRqUR-JICMHeSehWCi5hXwDhLh9bKE7Oc8=425" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more about PSC in this guide by Flashpoint</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdiscord-discloses-data-breach-after-hackers-steal-support-tickets%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Rsh7bgxZjJilgccsRgtNd6KWg4NyGFuAknPGZo_703s=425">
<span>
<strong>Discord discloses data breach after hackers steal support tickets (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Discord suffered a data breach on September 20. The Scattered Lapsus$ Hunters threat group compromised a third-party Zendesk customer service system, stealing personal data, including names, government IDs, partial payment information, and support communications from users who contacted Discord's support teams. The attackers demanded a ransom payment and threatened to leak the stolen data, which security experts warn could be valuable for solving cryptocurrency-related crimes, as many scammers use Discord without proper anonymization. Organizations should review their third-party vendor access controls, implement additional monitoring for customer service platforms, and ensure incident response procedures include immediate isolation of compromised third-party systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F10%2F03%2Fhacking-group-claims-theft-of-1-billion-records-from-salesforce-customer-databases%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/zBIekkHS28v40FSgImue0E5u4L63D1XbMmii06rwJx0=425">
<span>
<strong>Hacking group claims theft of 1 billion records from Salesforce customer databases (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A hacking group known by several names, including Scattered Spider and ShinyHunters, claims to have stolen approximately a billion records from companies using Salesforce cloud databases. The group is extorting victims with threats to leak stolen data unless ransoms are paid. Multiple major companies are affected. Salesforce denies any breach of its platform or vulnerabilities in its systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fresearchers-warn-of-self-spreading.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/kvzeYaZr1APq8qNqizrRbGajXVfDlQjGA9oOns7esu4=425">
<span>
<strong>Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SORVEPOTEL is a self-propagating malware campaign targeting Brazilian users that spreads through WhatsApp by exploiting social trust and sending malicious ZIP file attachments disguised as receipts or health app files. The attack chain begins with phishing messages from compromised contacts, which leads victims to open Windows shortcut files that execute PowerShell scripts to download payloads from external servers and establish persistence via the Windows Startup folder. Once installed, the malware automatically detects active WhatsApp Web sessions and mass-distributes the malicious ZIP files to all contacts and groups, prioritizing rapid propagation over data theft and frequently resulting in account bans due to spam violations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgoogleprojectzero.blogspot.com%2F2025%2F09%2Fpointer-leaks-through-pointer-keyed.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/TkG7lQc8iU_OuahsSkEn8mkb9NTpEJoVceaMev1SzUU=425">
<span>
<strong>Pointer leaks through pointer-keyed data structures (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Project Zero demonstrated a novel technique to remotely leak memory addresses without memory safety violations by exploiting pointer-keyed data structures in Apple's NSKeyedArchiver serialization. The attack works by crafting specific NSDictionary objects with carefully chosen NSNumber keys to control hash bucket placement, then using the serialized ordering of an NSNull singleton (whose hash is its memory address) to determine its location in the shared cache. While theoretical and requiring a deserialize-reserialize attack surface, this technique demonstrates how pointer-based hashing in keyed data structures can leak addresses even without timing attacks. Organizations should audit serialization endpoints and consider using keyed hash functions instead of raw pointer addresses for object hashing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsignal.org%2Fblog%2Fspqr%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/TnP9_mw02jsguxO3Qrof1dcEYocV0-8Gbp209TvpoCA=425">
<span>
<strong>Signal Protocol and Post-Quantum Ratchets (23 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Signal's Sparse Post Quantum Ratchet (SPQR) is part of a new "Triple Ratchet" protocol that combines its existing Double Ratchet with quantum-resistant ML-KEM cryptography to protect against future quantum computing threats while maintaining forward secrecy and post-compromise security. The implementation uses erasure coding and state machines to efficiently transmit large ML-KEM keys (over 1,000 bytes) in small chunks, includes a graceful downgrade mechanism for backward compatibility during rollout, and employs formal verification using ProVerif and F* to ensure protocol correctness. Security professionals should note that this represents a practical approach to post-quantum migration, which preserves existing security guarantees while introducing quantum resistance. The protocol automatically upgrades conversations without requiring user intervention.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhardenedvault.net%2Fblog%2F2025-09-17-dfi-security%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/kOD8flpFHHFNOvdc53ZISKApX75j5CXTO_SSPSAioDY=425">
<span>
<strong>VED 2026: after CFI - data only (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Modern kernel privilege escalation attacks have shifted from traditional control flow methods like ROP to more stealthy, stable data-only attacks that bypass Control Flow Integrity (CFI), prompting the development of advanced defense systems like VED (Vault Exploit Defense). Novel techniques, such as DirtyPipe, cred-jar heap spray, and pipe primitives, exploit weaknesses in kernel memory handling to corrupt authentication data or page buffers, directly overwriting critical structures, including credential jars and pipe buffers, while evading detection by typical CFI solutions. VED counters these threats through multiple integrity measures, including shadow data tracking, hash monitoring, slab poisoning, and specialized protections for core patterns and pipe buffers, aiming to detect stealthy modifications and strengthen kernel security against increasingly sophisticated data-centric exploits while minimizing performance impact.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/gaKu6iK6rWDdsiIDKC_5q2593-ksJTEWNPdLlaKw02w=425">
<span>
<strong>Defending on-device AI workloads: modern devices and an adversarial mindset (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When you're running your AI workloads locally, cyber adversaries can target both the physical devices and the models you're running or training. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/rjnmjkWAXli1ogjxvymM11oM9YJHk9cCF1AeidxQJsc=425" rel="noopener noreferrer nofollow" target="_blank"><span>Learn how to mitigate risk</span></a> by using secure AI PCs and smart endpoint security. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/2/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Co5U9pfuMtXAvtRqBPyciAgQFDRDSxUsAm3x1QPAYUc=425" rel="noopener noreferrer nofollow" target="_blank"><span>Read the ebook by Dell, Intel, CrowdStrike and Absolute</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmentat-is%2Fgulp%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/5up6PQridHNckik05HcCBD5TdqB8K9kUSP0pOpidn-A=425">
<span>
<strong>Gulp (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gulp is a Python-based incident response platform that accelerates security analysis through high-speed data ingestion from multiple sources, SIGMA rule querying across thousands of detection rules simultaneously, and collaborative investigation features with zoomable timelines for event visualization. The tool leverages OpenSearch and Elastic Common Scheme (ECS) formatting for compatibility while providing scalable multiprocessing capabilities that can grow with organizational needs. Security teams can use Gulp to ingest, query rapidly, and collaboratively analyze security events in a unified platform explicitly designed for incident response workflows.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fworkspaceupdates.googleblog.com%2F2025%2F10%2Fsend-gmail-end-to-end-encrypted-emails-in-gmail.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/bxw999Kew89c9VqAMKrvbVWZ0EwAZRPtjMuV2L6hMbc=425">
<span>
<strong>Send Gmail end-to-end encrypted emails to anyone (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gmail's client-side encryption now allows users to send end-to-end encrypted emails to any email provider. External recipients receive a notification and access the message via a guest account, eliminating the need for key exchange or special software. Available for Enterprise Plus with Assured Controls, this feature must be enabled by administrators. It was rolled out on September 30. This feature simplifies cross-platform encrypted communication by removing key management and software barriers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mokn.io%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/G3j_UCPSEZ1QuFFWPK1DMNjO7QTSoT2E-pEcdpaUn-M=425">
<span>
<strong>MokN (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MokN provides identity protection based on honeypots, with ultra-realistic decoy access points, including VPNs and email servers, that replicate the organization's environment. If an attacker attempts to log in to one of these honeypots using a stolen identity, the security team is alerted and can take appropriate action.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F182939%2Fhacking%2Fgreynoise-detects-500-surge-in-scans-targeting-palo-alto-networks-portals.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/2Bq525HKcCAVNtVgDV-lxU9xkjezPZr9a3_OvGgQTnc=425">
<span>
<strong>GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GreyNoise detected a 500% surge in scanning activity targeting Palo Alto Networks login portals on October 3, with over 1,285 IP addresses (93% suspicious and 7% malicious) conducting coordinated reconnaissance that mirrors previous Cisco ASA scanning patterns and shares TLS fingerprints linked to Netherlands infrastructure, potentially signaling upcoming vulnerability disclosures since historical patterns show Palo Alto scan spikes often precede new flaw announcements within six weeks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fcometjacking-one-click-can-turn.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/g9ehRTwzyCopTEXx03_9dd2zb62M2f9pRgs5tMbYHnc=425">
<span>
<strong>CometJacking: One Click Can Turn Perplexity's Comet AI Browser Into a Data Thief (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CometJacking affects Perplexity's Comet AI browser by allowing attackers to use a malicious link to inject hidden prompts and steal sensitive user data, such as emails and calendars, by exploiting the browser's own access. Experts warn that this demonstrates the broader risks of AI-driven browsers and have urged stricter agent prompt security to prevent future data theft campaigns
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fengineering.wealthsimple.com%2Fhow-were-making-app-security-smarter%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/MENspiikW-Vk59KH3a8KmTufWynENw8kM8qI4ssedjk=425">
<span>
<strong>How We're Making Application Security Smarter (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wealthsimple was faced with the common dilemma of having a small security team tasked with reviewing code written by a much larger engineering team in a highly regulated environment. It introduced Semgrep AI to create custom fixes for the specific code under review, augmenting its security team. Semgrep remembers previous decisions on findings and uses that information to auto-triage future findings
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fstudyfree-ios-android-vpn-apps-leak-data%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/3MSGTlFycAS3TgvfXgmenCL858ZKR1Yt3_0gdlNSKgw=425">
<span>
<strong>New Study Warns Several Free iOS and Android VPN Apps Leak Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nearly 800 free VPN apps have serious security flaws, including old Heartbleed bugs, excessive permissions for surveillance, and missing privacy info, posing risks for BYOD policies that should focus on app allowlisting and data protection over just VPN security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fparkmobile-pays-1-each-for-2021-data-breach-that-hit-22-million%2F%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Y1fEkBA2rWglajs3lt2DehzF0A-5YGqbwj_KJjhD9wQ=425">
<span>
<strong>ParkMobile pays... $1 each for 2021 data breach that hit 22 million (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ParkMobile settled a class action lawsuit over its 2021 data breach, which affected 22 million users, by offering victims a meager $1 in-app credit (dispensed as four 25-cent discounts) that must be manually claimed with a promo code and expires in October 2026.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F182918%2Fcyber-crime%2Fshinyhunters-launches-data-leak-site-trinity-of-chaos-announces-new-ransomware-victims.html%3Futm_source=tldrinfosec/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/oVOIaLxo5pBCNyk7ZgSRWjv-IDnR6wQq6On0lurVQGs=425">
<span>
<strong>ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Trinity of Chaos ransomware group, associated with Lapsus$, Scattered Spider, and ShinyHunters, launched a TOR leak site exposing 39 major firms, including Google, Cisco, and Stellantis, after exploiting Salesforce vulnerabilities via vishing and stolen OAuth tokens, threatening to release over 1.5 billion records if ransoms aren't paid.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Mkc5QZ-Xn6FcBoK3H69cuq_ym3QYIjnLJxQ1fIhCZFg=425" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/5zbJ49RJFuEKEeLliLfcyuOhfzYoV7cmA8R4THV4o8g=425" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/lKoTSf92gShlX0TwBVs8lzSv15YBXUIUQicuItCgghA=425"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/osSlQjxgK2ZJbaJrbXb5KNINgcuREau4TtcPdvNQBLc=425" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/Kr9GiEZmWlVWDyTbfhJWAj8srNxQ5lkoVx_Ff43J6Mk=425"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/sStGuc6YSitRkddFgUhK0AblV9_qdaz2980kKKZTHMs=425"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/RaHuQ8Kru4hhpcfnBsMSzG7Exh37SGZ8km5_yH2ed-w=425"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/fIAoPHj0g1zdggeBplQvO-ciaMop5Oh8kbFqr47PXZU=425">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=06bd0f38-a29c-11f0-8483-77d4c08b1104%26pt=campaign%26pv=4%26spa=1759755654%26t=1759756008%26s=332d0a4567b078bbdbe4199075d86ea8ba94c461af08f6d80c940c994834393c/1/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/AywBkYNlK1qLTwxc_WD-FDu2tjG9dxUNeUQoH0p42sQ=425">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199b9a1bbf8-3e9ba930-046b-4049-a6cd-6f102875c8b4-000000/YYEb2BjqSpDWNjfocJgrQwBhhjI_7jjTqIiFU_gq7rc=425" style="display: none; width: 1px; height: 1px;">
</body></html>