<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">DraftKings disclosed a credential stuffing attack where threat actors used stolen username/password combinations from external breaches β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/tWFXfF9H1jiv7CCl0hSlRqDcSDW5JTWnyf2t3J-HfGQ=426" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/CeSm9ephHYL6_L7i0vAhgs3w60GacvcCdTHCdNVEWYg=426" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=699c283a-a4d3-11f0-99da-fd5fc949f751%26pt=campaign%26t=1760015213%26s=a5dce6a64efae0ef3275f21087cc0ad9f96ec47c14a0602d4dd37f9e881c988a/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/E-z4dek4U_lFOCy1kpl3CQzF02yj6FHHLHcRuMFx1aA=426"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/p7GZZs99zaeLCv_KdPA_xGdMJZCqYrcZ2-766y2bE68=426"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-09</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/2/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/jAQmVNOJ_i0rqo0xyFpYqaNSEa19EU_rWwU1bWXLi6w=426">
<span>
<strong>When your CEO calls... will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing isn't just emails anymore. It's AI-generated voices, videos, and deepfakes that sound and <em>look</em> exactly like your executives. They can fool almost anyone - including you and your coworkers.<p></p><p>Backed by <strong>$55M+ in funding from OpenAI and a16z</strong>, Adaptive Security is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/3/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/bC-4Vuzw9QnLe4FhI6pPYUzv60B4g3NnbcO02Wu9yDk=426" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to fight AI-powered social engineering</span></a>. Adaptive <em>rewires</em> instincts. Here's how:</p>
<ul>
<li>Deepfake phishing simulations featuring company executives in real-world attack scenarios</li>
<li>Interactive, customizable training content tailored for each employee (500+ resources)</li>
<li>AI-driven risk engine that uses your publicly available data adversaries can exploit</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/4/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/9VB9yJRYbFk8Fn4lBImkho9f2L6FKRahevml8ewzOAo=426" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>to chat with a custom interactive deepfake of your boss</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/dKbx2R6rM-vRRUrkzbyJukV65hoy0_ydsDwfhWABMuY=426" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a self-guided tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdraftkings-warns-of-account-breaches-in-credential-stuffing-attacks%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/Kocq47ymhCpCRry7z2uwg1yUg6Kj_y6UqImLEnpYvY4=426">
<span>
<strong>DraftKings warns of account breaches in credential stuffing attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DraftKings disclosed a credential stuffing attack where threat actors used stolen username/password combinations from external breaches to gain unauthorized access to customer accounts, exposing names, addresses, phone numbers, email addresses, and partial payment card information. The company is requiring affected users to reset passwords and enable multi-factor authentication. This is DraftKings' second major credential stuffing incident since 2022, when attackers previously stole up to $300,000 from compromised accounts. The attack highlights the ongoing vulnerability of organizations to credential reuse attacks, where users' poor password hygiene across multiple platforms enables account takeovers even when the targeted company's own systems remain secure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Frainwalk-pet-insurance-158-gb-customer-pet-data%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/A2mhayCItKPUbOebmkqYhQcK9oOr82ChDxs48nfqBWk=426">
<span>
<strong>Rainwalk Pet Insurance Exposes 158 GB of US Customer and Pet Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rainwalk Pet Insurance exposed 158 GB of unprotected customer data containing 85,361 files, including pet insurance claims, veterinary bills, customer names, addresses, phone numbers, partial credit card numbers, and pet medical histories with microchip numbers. Security researcher Jeremiah Fowler discovered the misconfigured database and notified the company, but it remained publicly accessible for nearly a month before being secured. The breach creates significant fraud risks as criminals could exploit the combined pet and owner data to submit fraudulent insurance claims, intercept Venmo refunds, or conduct targeted scams using legitimate claim information and emotional manipulation tactics.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F10%2Fsalesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/W4fSS_3fjci0PJcflC8VrLCTbSEE5mxhOZCYlPK7SDU=426">
<span>
<strong>Salesforce says it won't pay extortion demand in 1 billion records breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Salesforce has refused to pay a crime group calling itself Scattered LAPSUS$ Hunters, which claims to have stolen about 1 billion records from major clients. The hackers used social engineering to breach Salesforce portals and threatened to leak customer data unless paid.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fnew-research-ai-is-already-1-data.html%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/tR-kr-UCb5rKpGuOhGsr7hA4zXBYz4avFL8BWDxPcxY=426">
<span>
<strong>New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LayerX research reveals AI has become the #1 corporate data exfiltration channel, with 45% of enterprise employees using generative AI tools and 67% accessing them through unmanaged personal accounts outside IT control. The primary threat vector is the use of copy/paste operations in AI platforms, with employees performing an average of 14 pastes per day via personal accounts, and at least three of these containing sensitive data, such as PII or PCI information. Traditional DLP tools miss this threat entirely since they're designed for file-based environments, while 40% of files uploaded to GenAI tools contain sensitive data, and 77% of employees paste corporate data directly into these platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Func6040-proactive-hardening-recommendations%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/8yrk6Z7o84n558INUGoVtdAH_F1M7KzhRCoLDZ5mBi0=426">
<span>
<strong>Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UNC6040 is a financially motivated threat group that utilizes voice phishing (vishing) to deceive employees into authorizing malicious Salesforce Data Loader applications, thereby enabling large-scale data theft from corporate Salesforce instances. The attackers impersonate IT support personnel to manipulate victims into granting OAuth access to fake connected apps, then systematically exfiltrate sensitive data using legitimate Salesforce tools. Organizations should implement phishing-resistant MFA, restrict API access to approved applications only, enforce network-based login restrictions, and deploy real-time detection rules that monitor for suspicious OAuth authorizations followed by bulk data exports.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.himanshuanand.com%2F2025%2F10%2Flook-mom-hr-application-look-mom-no-job%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/BXGz1erre_CUddplJHEKvP2ef7XJocJBn3n1x7WL12c=426">
<span>
<strong>Look mom HR application Look mom no job (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals are now exploiting trusted collaboration platforms, such as Zoom, to execute highly convincing phishing attacks. By sending what appears to be legitimate HR documents via Zoom, attackers redirect recipients to a fake βbot protectionβ page and then to a Gmail login imitation designed to steal credentials. Credentials entered on this page are exfiltrated in real-time over a WebSocket connection, allowing attackers to validate and use them swiftly.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.n-able.com%2Fcyber-resilience-summit-2025%3Futm_medium=email-paid%26utm_source=-promotion%26utm_campaign=multi-glbl-l-me-tldr_sept_quick_link_promo_2025_cyber_summit-2025-09-15%26utm_content=quick_link/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/NlPaYSX0pPzDv5Ks7Pnh82uiFBBQ-k5vcnO6MJqdYx0=426">
<span>
<strong>Learn to defend your SMB at the N-able Cyber Resilience Summit (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.n-able.com%2Fcyber-resilience-summit-2025%3Futm_medium=email-paid%26utm_source=-promotion%26utm_campaign=multi-glbl-l-me-tldr_sept_quick_link_promo_2025_cyber_summit-2025-09-15%26utm_content=quick_link/2/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/8V7y_lnrvAReQe7xdlT8ICSzSBQsR7rxJq_Uc5MhwO4=426" rel="noopener noreferrer nofollow" target="_blank"><span>Last chance to join</span></a> Francis Odum, Sarah Armstrong-Smith, and top cyber leaders for insider threat intelligence and real-world defense tactics at N-able's Cyber Resilience Summit on October 16th. Learn how businesses of all sizes can apply AI-powered resilience strategies - <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.n-able.com%2Fcyber-resilience-summit-2025%3Futm_medium=email-paid%26utm_source=-promotion%26utm_campaign=multi-glbl-l-me-tldr_sept_quick_link_promo_2025_cyber_summit-2025-09-15%26utm_content=quick_link/3/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/1BVXpyOfS8hdexPOmUBFv1HH1yA5s1bmuOy3GV27SOA=426" rel="noopener noreferrer nofollow" target="_blank"><span>save your spot today</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmitmproxy%2Fmitmproxy%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/0BGyhjk6VUBwbvzyKDJBCwNHfvq5ZhNn6kue5_EgvEI=426">
<span>
<strong>Mitmproxy (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fgabriel-sztejnworcel%2Fpipe-intercept%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/M1ifGRto4X28hFc3Tiiwj59piBhZbYlhvJMbAxnOyGk=426">
<span>
<strong>pipe-intercept (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
pipe-intercept is a tool to intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fradareorg%2Fradare2%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/UymNYiWA-VL8v73aYj08qC9bJRs5aMMmKpBDts7zOZg=426">
<span>
<strong>Radare2 (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UNIX-like reverse engineering framework and command-line toolset.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fmic-e-mouse-attack-computer-mice-conversations%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/vyagHc-0xy_61SAYa-GgkTgIeHkqLWJfbZzuyEenPHQ=426">
<span>
<strong>New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The "Mic-E-Mouse" attack is where high-precision computer mice can function as unintended listening devices by detecting minute desk vibrations caused by sound waves through their sensitive optical sensors. The attack converts mouse movement data into audio signals using machine learning, achieving 42-61% speech recognition accuracy without requiring malware installationβonly access to normal mouse data packets. This side-channel attack illustrates how increasingly sensitive hardware can create unexpected privacy vulnerabilities, particularly as high-DPI gaming mice become more widespread and affordable.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F08%2Fgermany_chat_control_opposition%2F%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/svPdASMyCM6k7d-EG-8yyD4NvC2kENCmK1Db_SuOTXA=426">
<span>
<strong>Germany slams brakes on EU's Chat Control device-scanning snoopfest (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Germany's government has decided to block the EU's Chat Control regulation, which aimed to compel messaging services to scan all user chatsβincluding those on encrypted platformsβfor child abuse material. This stance creates a crucial blocking minority, likely ending the proposal, as it reflects the widespread concerns about privacy, democracy, and digital rights from major tech and privacy advocacy organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FHEsCxf%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/jIG25MPlYU59bo6YiYj759_-zvVlfwnNjgZSXIfkxOA=426">
<span>
<strong>Disrupting malicious uses of AI: October 2025 (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI highlights recent efforts to block malicious use of AI, targeting scams, cybercrime, and manipulation by various threat actors. Most attackers use AI to accelerate existing tactics, rather than invent new attacks, so OpenAI has banned accounts that violate their safe usage policies.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzeronetworks.com%2Flanding%2Fcontainment-island%3Futm_medium=email%26utm_source=tldr%26utm_campaign=containisland%26utm_content=thursday%26cid=701Uc00000kNANiIAO/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/pn_M2iY7wGoH1zizw8JGjZj9qWLqwMKZgE01ISv7-MI=426">
<span>
<strong>π‘οΈSurvive the Breach. Hit the Beach.ποΈ (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzeronetworks.com%2Flanding%2Fcontainment-island%3Futm_medium=email%26utm_source=tldr%26utm_campaign=containisland%26utm_content=thursday%26cid=701Uc00000kNANiIAO/2/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/A9B1pgeJj-y9xJdXqiQtDcJTmeoj-A_-zfE9ix-_1zQ=426" rel="noopener noreferrer nofollow" target="_blank"><span>Join Containment Island</span></a> and compete against other cyber pros in 12 fast-paced, expert-led sessions. Win weekly prizes and a chance to win a trip to paradise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fmicrosoft-links-storm-1175-to.html%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/fH782pgvortF-eu2y525ihDgov4g1tM0dw_IaAxl_SI=426">
<span>
<strong>Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft linked Storm-1175 to exploiting a critical flaw in Fortra GoAnywhere, enabling Medusa ransomware deployment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F794185%2Fapple-bsod-crowdstrike-windows-pc-ad-commercial%3Futm_source=tldrinfosec/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/tpyIX0NDOn07ZyshQThHU59YBnUJ4-_m49dlr0esxGM=426">
<span>
<strong>Apple turned the CrowdStrike BSOD issue into an anti-PC ad (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple released an eight-minute commercial mocking last year's CrowdStrike update that caused a Windows Blue Screen of Death and affected millions of PCs to show how Apple's operating system prevents such kernel-level issues.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FgSRYz9/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/sWXZw-UUzhrc6SjLUymJujr5nRqXxYbx272tZALtBY4=426">
<span>
<strong>Google AI Mode finally made available across Europe (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's AI Mode search feature, launched across Europe in 35 languages after regulatory delays, is now facing antitrust lawsuits from publishers who claim the AI-powered search summaries use their content without consent and reduce traffic to their sites.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/VxTa8g0f0gFshRT3MjZ4F0-PeZMGGMfyMn5RSqAY4Bw=426" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/e5A2Cr-s4Lffq6wbqYre4oOTU2fnzsRC-mZf3W2e-5U=426" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/n-_9KlpTkb6VZp4twdkwusXNZPMejKGavdFOkWFXLXk=426"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/5S63MdfEw60uueY0Cgfsw4WgVGWLHVvUIr7umBQ0tmk=426" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/aTnQDxDCoeCkmGOEscbFpvwAH8p8tciB7ov6Z0bQs4E=426"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/8HF1bcuLA0Nq090XylAksC38ntX4lQeAUvP3FQ-08cw=426"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/uk9flGoJ0275hurqY70KUShTYfCtD_Dcdhi6xKBN8gQ=426"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/k50yBWT9hOEQ5knqCTAPiK6gFP-sWdCsEuPmP53481A=426">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=699c283a-a4d3-11f0-99da-fd5fc949f751%26pt=campaign%26pv=4%26spa=1760014876%26t=1760015213%26s=a10a87a100c43d13429d07ab23eb278834d457176b48dfd9da734ff03af98f8a/1/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/JmnNKfQ7JZaGmyS2w0RXgeFJK39uZVvL_dw05r-jR_I=426">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199c914e511-d7ca0e96-cfc3-4c2b-a794-2c9a2e41e735-000000/TEcQxFF8CIS6lHLteXq3y0C2H53md6r4M1SDidgGnTc=426" style="display: none; width: 1px; height: 1px;">
</body></html>