<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A phishing campaign called Payroll Pirate targets university employees by tricking them into giving up credentials for HR platforms like Workday β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/UIPVmGxfD84Y_2LnxmVj27nvGFAtg-yWPNroiduxu_s=426" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/ASiQq3O5_PjRACAA8lygVcn1oRqyr1dIrrI3YS_CgZs=426" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0f56ed8c-a7f4-11f0-8f5f-9bcb18b2cb28%26pt=campaign%26t=1760360809%26s=dbac46d356c5341419745e3227c353682f43c8a017115b6df29b4d69bd73db9b/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/JqvREkCzZlgyuiWarWPMFwnuywWh4koBRa85hZC8rvc=426"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Felevation-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=elevation_control_q4_25%26utm_content=elevation_control%26utm_term=newsletter/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/jZmBy0LqzxiDmVclk2uduA30eblZDjKbVvpBBQDgPik=426"><img src="https://images.tldr.tech/threatlocker2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-13</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Felevation-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=elevation_control_q4_25%26utm_content=elevation_control%26utm_term=newsletter/2/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/BUHBw5M1mRA_HfFqd_bNh5Q_xHiYdKi6orDTDP4qPcs=426">
<span>
<strong>You (probably) shouldn't be giving users local admin permissions (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Many organizations solve software installation problems by handing out local admin rights. This generally βworksβ in terms of getting software installed, at the cost of creating a massive security threat.<p></p><p>Want to stay efficient without rolling out the red carpet for attackers?</p><p><strong>Elevate applications instead of users</strong> with <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Felevation-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=elevation_control_q4_25%26utm_content=elevation_control%26utm_term=newsletter/3/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/VN12cMDvJqE_QkKeBPnTp7x1Sa8p4xdjgTto0vWn9II=426" rel="noopener noreferrer nofollow" target="_blank"><span>ThreatLocker Elevation Control</span></a> - a policy-based endpoint privilege management that puts IT and security in the driver's seat.</p>
<p>>> Create policies that <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Felevation-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=elevation_control_q4_25%26utm_content=elevation_control%26utm_term=newsletter/4/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/AqMvxY4k96DW1Y2pyI02ncuCtXyUEZTmRiY7zSUHTog=426" rel="noopener noreferrer nofollow" target="_blank"><span>automatically grant higher privileges to specific software</span></a></p>
<p>>> Execute approved software as a local admin without entering credentials</p>
<p>>> Revoke local admin rights from users</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Felevation-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=elevation_control_q4_25%26utm_content=elevation_control%26utm_term=newsletter/5/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/zuGVDAR3E4lwVlLnBvBtebretRKwn9LP00k_gATEbZo=426" rel="noopener noreferrer nofollow" target="_blank"><span>See the ThreatLocker difference</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-inflation-refund-texts-target-new-yorkers-in-new-scam%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/XW-KiVNZe86O_mDP3X96460S21NayCyvQgrsdkjGluw=426">
<span>
<strong>Fake βInflation Refundβ Texts Target New Yorkers in New Scam (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An ongoing smishing campaign impersonates the New York Department of Taxation and Finance to target New Yorkers. The texts prompt victims to enter information on a link or risk losing an βInflation Refund.β The link requests information such as SSNs, names, and addresses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F10%2Fpayroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/27GeirL8y-McdnVAYrzcIUtbIiYFClzG12eBQxO49KQ=426">
<span>
<strong>Microsoft warns of new βPayroll Pirateβ scam stealing employees' direct deposits (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A phishing campaign called Payroll Pirate targets university employees by tricking them into giving up credentials for HR platforms like Workday. Attackers use adversary-in-the-middle methods to bypass multi-factor authentication, alter payroll settings and divert paychecks, and hide their tracks by creating inbox rules and adding their recovery phone numbers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F10%2Fprospect_union_breach%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/dkCawRv5j2vrMatELb0LA8qQYpbxU8AbfNzYnY3K2os=426">
<span>
<strong>UK techies' union warns members after breach exposes sensitive personal details (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UK trade union Prospect has warned members that sensitive personal data, such as contact details, bank account numbers, and, in some cases, information on sexual orientation or disabilities, was exposed following a cyber incident in June. Members were notified months after the attack, and the union offers a year of credit monitoring.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2025%2F10%2Fddos-botnet-aisuru-blankets-us-isps-in-record-ddos%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/0tyhofd7pemAEEpeQ8r9wv68bLlAgejry0SAcc5MoRU=426">
<span>
<strong>DDoS Botnet Aisuru Blankets US ISPs in Record DDoS (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Aisuru is the largest and most disruptive DDoS botnet ever recorded. It is powered mainly by infected IoT devices with weak security settings. Recent attacks have reached unprecedented data volumes, peaking at almost 30 trillion bits per second and causing significant disruptions, especially for online gaming ISPs like those serving Minecraft. The botnet evolved from earlier Mirai malware, exploits zero-day vulnerabilities, and can rent its network as residential proxies for cybercriminals. An international team manages it. Its rapid growth, boosted by the downfall of competing botnets, has highlighted significant gaps in how ISPs mitigate outbound DDoS traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anthropic.com%2Fresearch%2Fsmall-samples-poison%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/J5q1Q2WBRBaYV6UX4WjJ2vZtSWM9zyJG3hqaZAMIAdc=426">
<span>
<strong>A small number of samples can poison LLMs of any size (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic has found that large language models (LLMs) like Claude can be compromised by injecting as few as 250 malicious files into their training data, regardless of the model's size or the total dataset volume. Attackers can create a βbackdoorβ in the model triggered by specific phrases, causing the model to behave unpredictably or output gibberish. This finding overturns the traditional belief that an attacker needs control of a percentage of training data: even a tiny, fixed number of documents might be enough.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.esentire.com%2Fblog%2Fnew-rust-malware-chaosbot-uses-discord-for-command-and-control%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/-g9aWRhTYDeORFw1kgNvaUHbxOKtRAWwY-q1Az0Ul1o=426">
<span>
<strong>New Rust Malware "ChaosBot" Uses Discord for Command and Control (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ChaosBot is a sophisticated Rust-based backdoor that abuses legitimate Discord services for C2 operations. It primarily targets Vietnamese speakers through phishing campaigns with malicious Windows Shortcut files that sideload payloads via legitimate Microsoft Edge components. The malware supports reconnaissance commands (systeminfo, ipconfig, and screenshots), delivers secondary payloads like fast reverse proxy (frp) for persistent network access, and employs evasion techniques including ETW patching and VM detection to bypass security controls. Organizations should monitor for suspicious Discord API traffic, unusual PowerShell execution patterns with UTF-8 encoding prefixes, WMI-based lateral movement from over-privileged service accounts, and unauthorized DLL sideloading in Public user directories.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/PoP7b2rphwsCnBc6BrD67Vk3YKRbBL2I6YxpbERBN74=426">
<span>
<strong>How to secure on-device AI (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
You can improve speed and flexibility by moving AI development to developers' PCs. But did you know you can bolster security as well? Learn how Dell and Intel commercial AI PCs keep you ahead with intelligent built-security and an adversarial mindset. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/8WPZrN-hbt7P0Y-U-Ujab4T3c_plzpXVq24C_KaNJZE=426" rel="noopener noreferrer nofollow" target="_blank"><span>Read the eBook by Dell and Intel</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.safehill.com%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/ubuX4bcltJAuLLIY3OqazH60JCk54_y1kv57wsJe9h0=426">
<span>
<strong>SafeHill (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SafeHill offers a continuous threat exposure management (CTEM) platform. It delivers continuous asset discovery, automated threat exposure assessments, and human-validated penetration testing β effectively continuous pentesting rather than point-in-time pentesting.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fscito%2Fextract_otp_secrets%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/xWuby2W8USH-oVM-xD81sFTtSK4JCNoxwjte02sH5AU=426">
<span>
<strong>Extract_otp_secrets (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmike-engel%2Fjwt-cli%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/z6lPzlmvrFPh8KBYUXfi2ZSX-5_sZ2fah5j3S1VngcQ=426">
<span>
<strong>jwt-cli (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
jwt-cli is a Rust-based command line utility that goes beyond basic JWT decoding by enabling encoding of custom JWTs with flexible header values, arbitrary JSON claim bodies, and custom secrets. Built in Rust for speed and portability across Windows, macOS, and Linux, it offers more flexibility than standard JWT tools. This makes it a practical tool for security testing and development workflows involving JWT authentication.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fapple-now-offers-2-million-for-zero-click-rce-vulnerabilities%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/mMYdNTNNWFnlvnfWM2Wo02Fy-I8NZ97ZheBmQwcAaC0=426">
<span>
<strong>Apple Now Offers $2M For Zero-Click RCE (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple has updated its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent pay structure. With bonuses for lockdown mode bypasses and finding vulnerabilities in beta releases, the maximum reward payout can exceed $5M. One-click remote code execution (RCE), wireless proximity attack, broad unauthorized iCloud access, and WebKit exploit chain leading to RCE all also have $1M payouts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F10%2F10%2Fspyware-maker-nso-group-confirms-acquisition-by-us-investors%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/fqHIiBsMoudg1CXJz6jMsFSrMdapnbJwyiz3dLg6h6o=426">
<span>
<strong>Spyware maker NSO Group confirms acquisition by US investors (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NSO Group, infamous for its powerful spyware, has just been taken over by a group of American investors. Even though new faces are in charge, the company's roots and oversight will stay in Israel. NSO's tools have targeted journalists and officials worldwide, so this takeover is making plenty of people nervous about what comes next and how these technologies might be used.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fhackers-turn-velociraptor-dfir-tool.html%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/K9JsDxNb64-4foG5gHMPpoi-IbvDEE3CBstTVYEQqrI=426">
<span>
<strong>Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors associated with Storm-2603 are weaponizing Velociraptor, a legitimate open-source digital forensics and incident response tool, to facilitate LockBit and Warlock ransomware attacks. The abuse of trusted security utilities allows attackers to evade detection while conducting reconnaissance and lateral movement within compromised networks. Security teams should monitor for unauthorized Velociraptor deployments, implement application whitelisting, and review legitimate DFIR tool usage to distinguish between authorized security operations and malicious activity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/QtS91fN8iXJyfVzm_DwxA47dbuMcIXEd0nOCSb8Ox6o=426">
<span>
<strong>Slack Can Mean 7-Figure Legal Bills, Unless...(Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
You have an easy way to collect & search it for litigation and investigations.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/2/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/I8N5EQ2oUvJ6QZD3c8UOlAaiEgjehZw7gBYaYF0iiks=426" rel="noopener noreferrer nofollow" target="_blank"><span>Learn how one company saves millions each year</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Fhotforsecurity%2Fbreachforums-seized-hackers-will-leak-salesforce-data%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/tDWEg_9jaXpojR6cdd4J_VHp5Bi6o8Z7b4sHaOI0Ook=426">
<span>
<strong>BreachForums seized, but hackers say they will still leak Salesforce data (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Despite law enforcement seizing the BreachForums cybercrime marketplace, threat actors have announced plans to proceed with leaking stolen Salesforce data through alternative channels, demonstrating that platform takedowns alone do not prevent data exposure and highlighting the need for organizations to assume breach, monitor dark web channels, and prepare incident response plans for potential data leaks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Frussian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium%2F%3Futm_source=tldrinfosec/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/5QZ93Yc2SbSa49-ERxkEwbMqn8Dx6km1GoZL84DH17Q=426">
<span>
<strong>Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ClayRat, an Android spyware with over 600 samples detected in three months, spreads via fake TikTok and YouTube apps through Telegram and phishing sites, exploiting Android's SMS handler to bypass permissions and steal messages, calls, and device data, with potential for global expansion as infected devices become attack vectors.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/lSvOL76QDyukS77kGGUZLq2QU4UuB6KRtYvrIg2PmfU=426" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/o3f7ErQqqkpN2FQatOaQKjYXooxtKV0iopldtwJ2md0=426" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/xhKbx9oHiIQWfqiTbtUwyUAyWsyjGxclwhplbaft9j4=426"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/4xpV92Wq0RLiMO0NfRmbGI8hV5YC8EaKkeXVpgtEV2A=426" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/zjwGiipw-3Vg13ct1r0hhbkZcCSHvXRh0X2kueENHd4=426"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/zGsDy-u7Wd0wM5_kOOoRfW3clRK92-vYs8ZLQWuoRwE=426"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/9mcbnYBm8MrqgSf7GwjD_eaP8ohlJ-LIEinWxFIVcMY=426"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/JqzaAE99JbKg5dnTlmD7rbSH5d8uKY9DfRLApa9n17E=426">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0f56ed8c-a7f4-11f0-8f5f-9bcb18b2cb28%26pt=campaign%26pv=4%26spa=1760360465%26t=1760360809%26s=d9d168290cd215bfba774de06ed1463dcb136f5d2572faee453c12fe54606815/1/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/xq8iOVCF7rdOk46HcAIUJeQbG9xEXpSIKlRjfrz5yuM=426">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199ddae442e-71fbdbf2-70f7-4b8b-897c-2fde197927ad-000000/-09mY70Ng0hcHuOiW4JqT937O24KL0LgzJOhVC0ZiVk=426" style="display: none; width: 1px; height: 1px;">
</body></html>