<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The Redis security team has released patches for a new critical (CVSS 10/10) vulnerability that could allow attackers to gain remote code execution β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/YnP9-TNk_6-_4F7S9FOJsKEyMdkUeOLhEL402O-nyTE=426" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/unJrF-j2laCkrDRE7MUhRU8-ZuGdM9LX2olV8KwK_Ls=426" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8cf0b9e8-a43a-11f0-b028-e5abd6a799fd%26pt=campaign%26t=1759928803%26s=af5c3cdb0bdda693a4fa331d66ef6fd62642474b6decde24dd238529b6ae6787/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/URpJhgD7sr5EJU-3QqcwVZKy8ZZdsw_ZTAmuRQdn30Y=426"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fno-okta-migration-scale-identity-with-opal-not-overhead%3Futm_medium=paid-ad%26utm_source=tldr-media/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/rTPpA8rru0c44B5CsB7tobggX88-8-EjzZdYXQTIXJA=426"><img src="https://images.tldr.tech/opal.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Opal"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-08</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fno-okta-migration-scale-identity-with-opal-not-overhead%3Futm_medium=paid-ad%26utm_source=tldr-media/2/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/ZehsO8oc8BEr_Sy8zkKIZev4-izxUaIGlbglDBTRaJg=426">
<span>
<strong>Stop replacing IdPs that already work (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
You don't need to migrate off Google Workspace to get stronger access control. If your IdP already handles authentication, the real gaps are after loginβwho (or what) can access what, when, and why. Switching IdPs often adds cost and friction but does little to fix privilege sprawl. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2F%3Futm_medium=paid-ad%26utm_source=tldr-media/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/skgU0AujP92pkSPO2kUUo-e3WMyqXP6oWGYMGJdBkbQ=426" rel="noopener noreferrer nofollow" target="_blank"><span>Opal</span></a> sits on top of your existing stack, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fplatform%3Futm_medium=paid-ad%26utm_source=tldr-media/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/3E96kxyePj_h4e50eTYj88K77mHF7egHGheImuaehtE=426" rel="noopener noreferrer nofollow" target="_blank"><span>automating just-in-time access, audit trails, and review workflows</span></a> so you can enforce least privilege without touching authentication or disrupting users. It's how teams like <strong>Cloudflare</strong>, <strong>Databricks</strong>, <strong>Figma</strong>, <strong>Perplexity</strong>, and <strong>Runway</strong> strengthen identity security with the IdPs they already use.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fno-okta-migration-scale-identity-with-opal-not-overhead%3Futm_medium=paid-ad%26utm_source=tldr-media/3/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/w-UtOpnfEIH5iaFN0BTIgL5OxPWzkv0xRe--7KrRk-E=426" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See how it works</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fdata-breach-at-doctors-imaging-group-impacts-171000-people%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/w02x7G7MwUFyMPmd19ykLxNVaE-QVrMOnxIml3YOqg0=426">
<span>
<strong>Data Breach at Doctors Imaging Group Impacts 171,000 People (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Doctors Imaging Group, a Florida-based radiology provider, reported a breach where hackers accessed their network for several days in November 2024. Over 171,000 people had personal and medical data compromised, including Social Security and account numbers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fredis-warns-of-max-severity-flaw-impacting-thousands-of-instances%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/Zn8ppinbLNuHduc4e8_I7Vhk3p8rgIz2h_EcbUFXA9g=426">
<span>
<strong>Redis Warns of Critical Flaw Impacting Thousands of Instances (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Redis security team has released patches for a new critical (CVSS 10/10) vulnerability that could allow attackers to gain remote code execution. The vulnerability is caused by a 13-year-old use-after-free vulnerability that can be exploited by authenticated threat actors using a specially crafted Lua script. Redis recommends that administrators patch their servers and, to secure their instances further, they can enable authentication, disable Lua scripting and other unnecessary commands, launch Redis as a non-root user, and enable Redis logging.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.reco.ai%2Fblog%2Fthe-salesloft-drift-breach-analyzing-the-biggest-saas-breach-of-2025%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/qSKtSA1JfB0gAx-WI28xy1Weu3_Nj7pd3Xm0jW2Zscc=426">
<span>
<strong>The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025 (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The biggest SaaS security incident in 2025 exploited the integration between Salesloft and Drift, compromising over 700 companies. Attackers abused OAuth tokens and SaaS-to-SaaS connections to move laterally, bypassing traditional security defenses and harvesting sensitive credentials. The supply chain nature of the breach allowed a single compromise to spread rapidly across interconnected apps like Salesforce and Gmail, amplifying its impact.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fiam.cloudcopilot.io%2Fposts%2Ffantastic-aws-policies-and-where-to-find-them%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/Ww2A4ptT2X7yDZmwL-b63sGw0BNCSnMktz0Rj734kc4=426">
<span>
<strong>Fantastic AWS Policies and Where to Find Them (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS presents a large surface of IAM policies that are available across principal policies, resource policies, AWS Resource Access Manager, resource control policies, and IAM Identity Center permission sets. This post provides a listing and explanation of many of these policies, as well as introducing a new tool called iam-collect. iam-collect can download all IAM policies across every account in an organization for analysis and also provides a set of agent instructions that can be used with an LLM to explore the data further.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.elastic.co%2Fsecurity-labs%2Fflipswitch-linux-rootkit%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/NGTNCo05qgGfEI2-9yOzl_YxkRCtGXrBBnauK6b-Zm4=426">
<span>
<strong>FlipSwitch: a Novel Syscall Hooking Technique (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FlipSwitch is a novel Linux rootkit technique that bypasses kernel 6.9's new syscall dispatch mechanism by directly patching machine code in the x64_sys_call function rather than overwriting the traditional sys_call_table. The technique locates specific call instructions within the kernel dispatcher and modifies their 4-byte offsets to redirect syscalls to malicious functions, demonstrating how attackers adapt to kernel hardening measures. This research highlights the ongoing arms race between Linux kernel security improvements and rootkit evolution. Elastic has provided YARA signatures to detect this proof-of-concept implementation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cybervelia.com%2Fp%2Fan-in-depth-research-based-walk-through%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/Zzy2K0bFu2iXGzyEkPih1hvYpL-MbTX3xBUXUGtcdRQ=426">
<span>
<strong>An In-depth research-based walk-through of an Uninitialized Local Variable Static Analyzer (19 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybervelia researchers developed a Binary Ninja engine-based static analyzer that detects uninitialized local variables (ULVs) in stripped binaries by reconstructing stack layouts, tracking read-before-write patterns through Medium-Level IL analysis, and implementing interprocedural taint propagation to trace data flows across function calls. The tool addresses the challenge that modern compiler optimizations obscure ULVs in binaries, despite improved source-level detection, by utilizing techniques such as neighbor-offset heuristics for size inference and proximity-based coverage analysis to identify genuine vulnerabilities. The analyzer integrates IDA Pro symbol importing and Intel PIN execution tracing to reduce false positives and focus on actually executed code paths, demonstrating that ULV detection remains relevant even in modern binaries with recent Linux kernel vulnerabilities serving as examples.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fintrusion-shield-cloud-for-aws-tldr%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=100825/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/-mGbzI29AjO6EkWYeQ4SHYE1q4yxKIVu70nyPdMXpPA=426">
<span>
<strong>πΌ A cloud firewall you don't need to babysit (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Firewall rules get incredibly complex and can become a major distraction (and threat) for leaner teams. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fintrusion-shield-cloud-for-aws-tldr%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=100825/2/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/zBH1U4095gBs8s5bb9YrPLPHh8rJv7qnmD7xdrp9wa4=426" rel="noopener noreferrer nofollow" target="_blank"><span>Intrusion Shield for AWS</span></a> uses decades of trusted threat intelligence to block risky network traffic automatically. Every malicious connection attempt is instantly turned into a firewall rule, with no action required from your team. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fintrusion-shield-cloud-for-aws-tldr%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=100825/3/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/fptLY7jYTBydHlP-BDcPIX2vW0ygiUvtiob_AZx2RE8=426" rel="noopener noreferrer nofollow" target="_blank"><span>Goodbye firewall alerts, hello smart prioritization.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fhackerhouse-opensource%2FSetupHijack%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/0JySULknhma6pA-ZF3Ln1mNyP93eEgvVEbbmgKaXTo4=426">
<span>
<strong>SetupHijack (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SetupHijack is a tool that exploits race conditions and insecure file handling in Windows installer and update processes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffiligran.io%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/n_WhCNDvBZTRNI65DVcgFDwx5Dvskcrm6F7_qJKUxiw=426">
<span>
<strong>Filigran (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Filigran unifies threat intelligence, attack surface, and security risk analysis, featuring OpenCTI and OpenBAS for intelligence operations and adversary emulation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdeepmind.google%2Fdiscover%2Fblog%2Fintroducing-codemender-an-ai-agent-for-code-security%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/Fr-G3zjBGe2seApnh2D2NtopDdgpLqox9EKUgkxgDsY=426">
<span>
<strong>Introducing CodeMender: an AI agent for code security (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CodeMender is a new AI-driven agent developed by Google DeepMind to discover, patch, and prevent software vulnerabilities automatically. The tool addresses threats and proactively secures existing code, enabling developers to build safer software with reduced time spent on manual vulnerability management.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cleafy.com%2Fcleafy-labs%2Fklopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/ymYKZeeLxKD6c-R0-hBGuIVher6U-rN7dV28NtvkW5o=426">
<span>
<strong>Klopatra: exposing a new Android banking trojan operation with roots in Turkey (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Klopatra is a sophisticated new Android banking trojan operated by Turkish-speaking cybercriminals that utilizes commercial-grade Virbox protection and native code libraries to evade detection. The malware targets users in Spain and Italy through fake IPTV apps, exploits Android Accessibility Services for complete device control, and employs both overlay attacks and Hidden VNC capabilities to conduct fraudulent operations while victims are asleep. With over 3,000 compromised devices across two main botnets, Klopatra represents a significant evolution in mobile malware sophistication, demonstrating how threat actors are adopting professional-grade obfuscation techniques typically seen in desktop malware.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fc3w5n903447o%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/26ErKM27zy50fvha5cL2UgU2_E8z5F4uggr1lFrEAhw=426">
<span>
<strong>βYou'll Never Need to Work Again': Criminals Offer Reporter Money to Hack BBC (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A BBC reporter was contacted via Signal by a βreach out managerβ from the Medusa ransomware gang, who offered 25% of the ransom if they gained access to the reporter's corporate device. The reporter played along to gather more information about the gang's tactics, documenting increased pressure from the ransomware actor. Eventually, the actor grew impatient, sending multiple 2FA requests before the reporter could alert the BBC security team, leading to a disconnection from the network.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F791170%2Ficeblock-app-store-removed-by-apple%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/u_ivXAQFaO19CFRn2fWHoi19f8Lp295l6ivDVYCTHhk=426">
<span>
<strong>Apple Pulls ICEBlock From the App Store (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ICEBlock app described itself as βWaze but for ICE sightingsβ and allowed users to report sightings of ICE officials anonymously. AG Pam Bondi stated that Apple removed the app from the App Store after it was requested to be removed because it presents a threat to law enforcement officials, which ICEBlock developer Joshua Aaron has denied, stating it is patently false.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdiscover.securecodewarrior.com%2Fsecure-by-design-whitepaper.html%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/MUGQCxl6p2Dycr-FNItEVD0iGt_ysgGmwm_AZ1HtZ38=426">
<span>
<strong>Two years later, what's been the impact of CISA's Secure by Design guidelines? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The co-founders of Secure Code Warrior, along with expert contributors, interviewed 20 enterprise security leaders about best practices, developer enablement, and security. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdiscover.securecodewarrior.com%2Fsecure-by-design-whitepaper.html/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/hTAIWNWvTvGi3_v0ozaMpa_yfubnDSR-UQlxpxbZNZg=426" rel="noopener noreferrer nofollow" target="_blank"><span>Read the research report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F793362%2Fgoogle-ai-security-vulnerability-rewards%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/HS_su0DFMhXEAYEqqOBAGOi_Pr6oZFIvjyDkQ_gfFe4=426">
<span>
<strong>Google's AI bounty program pays bug hunters up to $30K (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has launched a bug bounty program focused on AI security, rewarding up to $30,000 for discovering vulnerabilities that could cause rogue actions or exploit AI systems through issues such as unauthorized account access or data leaks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdocker-makes-hardened-images-catalog-affordable-for-small-businesses%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/YxfGp_CIWSlgbsC11EU4QPNsv3LNgr3ZsFs9qYsKzWA=426">
<span>
<strong>Docker makes Hardened Images Catalog affordable for small businesses (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Docker launched unlimited access to its Hardened Images catalog for small businesses, offering pre-verified container images with near-zero CVEs, up to 95% reduced attack surface, and a 7-day patch SLA through an affordable subscription model.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fopenai-threat-report-ai-cybercrime-hacking-scams%2F%3Futm_source=tldrinfosec/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/EnbqNZhs7I0QNoVzv6roq5amga2dpGbYneu8OqMyP2s=426">
<span>
<strong>OpenAI: Threat actors use us to be efficient, not make new tools (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI's October threat report indicates that cyber adversaries primarily leverage AI to enhance their existing hacking techniques, with groups from China, North Korea, and cybercriminal organizations utilizing ChatGPT for malware creation, spear phishing, and reconnaissance activities.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/F96JUjLzFhJDYCejxQrFNbq77MZYy6tPpCEfvF1EdSM=426" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/T14B0z-9byqvGj6LYuajsgeA37N66Sg0VReTk6o5E1I=426" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/9MSX9tjMGcNz28jVIgXeFYn58mnQfXN3s-B1LZdIyEQ=426"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/8kbO-HJG7rsaqr10kOCVJ-xjIA2jmLs8mhz3caGZaLI=426" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/vWY9_cYLeziNUEdSxNToPLvtKqdFuo1p9KxYSNJTnXg=426"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/7ryvqxdrg0qh6avW2gfBT0fZgCghcwJN9CpYruk3Fas=426"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/zN3ktKc9b3Z7FfmGlRtpON1mRqktd3s4gqixdJYV5SY=426"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/pnvtnZLTuLydqKRzzF9x1uGHqyMN94Fv0OfPhbMpYIw=426">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8cf0b9e8-a43a-11f0-b028-e5abd6a799fd%26pt=campaign%26pv=4%26spa=1759928487%26t=1759928803%26s=a8c7842723d07d9bfadc2b3b75dd6dee96879d15ed16db9efd2abf5e5bf08504/1/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/lYseSF93oUPv_yM0BBQSHu_0_48093NYsmiEoRTkLd0=426">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199c3ee6272-b817b6b2-8b1b-4a59-bd22-7bee21962506-000000/TQdj2QuJct3YmHhjxengXTenZay_oqI1cKSolE830i0=426" style="display: none; width: 1px; height: 1px;">
</body></html>