<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A new vulnerability that can lead to Remote Code Execution (RCE) was discovered in Happy DOM. Happy DOM has released a patched version </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/L9Zgi77LZL3g0IrtPrCRNl2Wg2V2P5LLeia0q21eAO4=426" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/Ip7a82efxkmr2yFbGBv4IofmEqldpaL7NkuAN2UAJ-Q=426" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=250fc1d6-a8d9-11f0-8b12-1d3a98b94075%26pt=campaign%26t=1760447166%26s=a23e58d0773fd681190837e9d900b5a289817962aeb5f2d3965e4220e6403ed8/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/0ooRoklzPgmQlATphkzFT1AxOKT2GhsWnFDPQG2lO58=426"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpages.awscloud.com%2Fawsmp-palo-alto-networks-vm-series-ngfw-on-aws-marketplace.html%3Ftrk=96c43644-caae-417b-baeb-74c67b979fc6%26sc_channel=el/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/xbUIkR1nk7XCkWBSwX6syWwKHHLwY-xVmtjfyifE8fQ=426"><img src="https://images.tldr.tech/awsroidna.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="AWS"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-14</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpages.awscloud.com%2Fawsmp-palo-alto-networks-vm-series-ngfw-on-aws-marketplace.html%3Ftrk=96c43644-caae-417b-baeb-74c67b979fc6%26sc_channel=el/2/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/QPF4_IIuHjK7ab5Y7OIjQwKuh1vXi935TWBIgJlaEqg=426">
<span>
<strong>Zero-trust security on AWS with Palo Alto Networks (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As applications scale, securing traffic between pods and services becomes complex. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpages.awscloud.com%2Fawsmp-palo-alto-networks-vm-series-ngfw-on-aws-marketplace.html%3Ftrk=96c43644-caae-417b-baeb-74c67b979fc6%26sc_channel=el/3/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/BnFEYvoljEldKCOFSk1dPsFMFLDFhpN7XIhxXMGnWuk=426" rel="noopener noreferrer nofollow" target="_blank"><span>Palo Alto Networks VM-Series Next-Generation Firewall (NGFW)</span></a> integrates with AWS to simplify the process with automated certificate management in Amazon EKS and dynamic zero-trust policies that adapt to your workloads.
<p></p>
<p>Powered by AI/ML-powered threat prevention, you can stop attacks and malware in real time. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpages.awscloud.com%2Fawsmp-palo-alto-networks-vm-series-ngfw-on-aws-marketplace.html%3Ftrk=96c43644-caae-417b-baeb-74c67b979fc6%26sc_channel=el/4/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/7cNM3RPHdm8HuMsnkwL9G77iZRmGAItxdVL8Vvt3lJM=426" rel="noopener noreferrer nofollow" target="_blank"><span>Explore technical resources</span></a> to see how VM-Series NGFW works with AWS, then start your <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fpp%2Fprodview-3xtziatyes54i%3Ftrk=96cd3d55-defd-4080-8714-23a8f4c3b199%26sc_channel=el/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/RhMxP3G4V4dauRHBE6bsqzWHr4UfitsfD2P4nEydaQ0=426" rel="noopener noreferrer nofollow" target="_blank"><span>free 15-day trial in AWS Marketplace</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F183259%2Fhacking%2Fcve-2025-11371-unpatched-zero-day-in-gladinet-centrestack-triofox-under-attack.html%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/al9KhGsnXoVhbedIyQvI3sLsaC2wFKqN7ZhFIAhJtJg=426">
<span>
<strong>CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors are actively exploiting CVE-2025-11371, an unauthenticated local file inclusion vulnerability in Gladinet CentreStack and Triofox enterprise file-sharing solutions that allows attackers to retrieve machine keys from Web.config files and chain this with a ViewState deserialization flaw (CVE-2025-30406) to achieve remote code execution. At least three customers have been compromised, and while no patch is available, Gladinet and Huntress recommend immediately turning off the temp handler in UploadDownloadProxy's Web.config as a workaround. Organizations using these products should apply the workaround immediately, monitor for suspicious file access patterns, audit exposed instances for compromise indicators, and consider isolating affected systems until patches are released.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fhappy-dom-vulnerability%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/6HY6wEKToo7WFl3TX8nTxbwNAcPIdfC9s_jZryyf_9A=426">
<span>
<strong>Happy DOM Vulnerability Exposes 2.7M Users to Remote Code Execution Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new vulnerability that can lead to Remote Code Execution (RCE) was discovered in Happy DOM. The vulnerability is caused by Happy DOM enabling JavaScript evaluation by default, which allows an attacker to escape Node.js' VM context. Happy DOM has released a patched version that disables JavaScript evaluation by default and exposes a flag to safely enable evaluation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fthreat-actors-weaponize-discord-webhooks%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/0RQbeZ_VTpP-Bb4MZqFN08r_Dp2RdsARlCYS-5F-UEY=426">
<span>
<strong>Threat Actors Weaponize Discord Webhooks for Command and Control With NPM, PyPI, and Ruby Packages (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Socket.dev identified a new malware campaign that uses malicious packages hosted on PyPI, npm, and RubyGeme to exfiltrate data via Discord webhooks. The packages run malicious scripts at install time, which scan for sensitive files and then send them to a hardcoded Discord webhook. This technique is effective as it utilizes a trusted domain that is unlikely to be blocked.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4071098%2Fwhat-to-look-for-in-a-data-protection-platform-for-hybrid-clouds.html%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/avajVDYaMVpS29DS6qyzfdTWN9innL7y6290cyXNqHc=426">
<span>
<strong>What to look for in a data protection platform for hybrid clouds (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
With 60% of corporate data now residing in the cloud and 80% of enterprises adopting hybrid models, organizations require comprehensive data protection platforms that extend beyond basic security to encompass backup and disaster recovery, business continuity, compliance management, and proactive data monitoring across dispersed environments, including IoT devices, endpoints, and multiple cloud providers. Effective platforms must provide data discovery and classification, vulnerability assessment, layered security measures including encryption and immutability, real-time monitoring and analytics, policy-based access control, automated disaster recovery, and scalability without performance bottlenecks. Data Protection as a Service (DPaaS) is experiencing 33% annual growth. It represents the fastest-growing consumption model, with leading vendors including AWS, Cohesity, Commvault, Dell, Druva, IBM, and Rubrik offering solutions ranging from focused security tools to comprehensive managed platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2Ftr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/DspVjn7ay9IyrPXHTiVEPQmuhfUtZnXh-Vlc10Uy8L8=426">
<span>
<strong>Crimson Collective: A New Threat Group Observed Operating in the Cloud (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rapid7 has identified Crimson Collective, a newly emerging threat group conducting data exfiltration and extortion attacks against AWS environments by using TruffleHog to discover leaked long-term access keys in code repositories, then creating new IAM users with AdministratorAccess policies to establish persistence. The attackers perform extensive reconnaissance of EC2 instances, EBS volumes, RDS databases, and S3 buckets, then exfiltrate data by creating snapshots, modifying database passwords, exporting data to S3, and launching permissive EC2 instances to facilitate data theft before sending extortion demands. Organizations should eliminate long-term credentials in favor of temporary role-based access, implement least privilege principles, scan repositories for exposed secrets, monitor for suspicious IAM activity, including unusual user creation and policy attachments, and restrict resource access to known IP addresses where possible.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fedr-freeze-tool-technical-workings%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/k7gFD7mHanLC0lPGj8BUft4LaNxfdm2b1V3vLlWRYLc=426">
<span>
<strong>EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EDR-Freeze is a Windows tool that temporarily disables EDR software without the need for a kernel driver. The tool exploits the Windows Error Reporting (WER) system to suspend all threads while it generates a process dump and then holds the dump in that state for a configurable period of time, effectively suspending the EDR. YARA rules can be used to detect the distinct forensic artifacts left by the tool.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fidentity-lifecycle-management-jml-streamlined%3Futm_medium=paid-ad%26utm_source=tldr-media/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/5uFDLLP5l6uYPIBt5z_jDaqm_2_tvvPNohB7a1mXftY=426">
<span>
<strong>Identity lifecycle management shouldn't feel like a never-ending audit (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When employees join, change roles, or leave, access is often unchecked, creating blind spots and risk. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fidentity-lifecycle-management-jml-streamlined%3Futm_medium=paid-ad%26utm_source=tldr-media/2/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/kao1Ed3FqhAsxvwSZNbu_c6dTbnUVObr9y1G5vdXsFE=426" rel="noopener noreferrer nofollow" target="_blank"><span>Opal automates the JML lifecycle</span></a> across your identity stack, surfacing gaps in real time and enforcing least privilege through intelligent workflows. From onboarding to offboarding, access stays accurate, without burdening IT or slowing teams down.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fblog%2Fidentity-lifecycle-management-jml-streamlined%3Futm_medium=paid-ad%26utm_source=tldr-media/3/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/eIP4wBInR3r3ogWp-VPFLj7Jdk8FbRRsp7KGTTy2HDE=426" rel="noopener noreferrer nofollow" target="_blank"><span>→ See how it works</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.nccgroup.com%2Fresearch-blog%2Fhttp-to-mcp-bridge%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/e8TRMX9dy36I6af1s6q8KKnbEsCpLsLTWbFHsVYpSmQ=426">
<span>
<strong>HTTP to MCP Bridge (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HTTP to MCP Bridge is an open-source tool that enables security testing of Model Context Protocol (MCP) remote servers by translating between standard HTTP requests and MCP's HTTP + SSE (Server-Sent Events) transport mechanism, allowing researchers to use familiar tools like Burp Suite to assess MCP implementations. The bridge establishes SSE connections with target MCP servers while providing a pure HTTP interface that supports session management, JSON-RPC message manipulation, and asynchronous request-response handling for testing MCP capabilities, including tools, resources, and prompts. Security professionals can leverage this tool to conduct security assessments of MCP-enabled AI systems using their existing HTTP testing toolkit, with future updates planned to support client-side capability testing and local MCP server assessments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0xflux%2FWyrm%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/ZoyB2phWlr094EFabQcJinIeinCDnV8msx-8oMMLydk=426">
<span>
<strong>Wyrm (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wyrm is a Rust-based post exploitation tool for testing security controls during red team assessments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fchili-chips-ba%2Fwireguard-fpga%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/EdkMUkzqHE4t7_4IZZ7AKrHinzX_9KDLHa9d95vYuCU=426">
<span>
<strong>Wireguard FPGA (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wireguard FPGA provides a hardware implementation of Wireguard VPN using a low cost Artix7 FPGA and open source toolchain.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fmicrosoft-locks-down-ie-mode-after.html%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/Ed8ysys-HQSunQDsFAsNtAAmndWNjxdDfM0OHTvpgx0=426">
<span>
<strong>Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft has restricted access to Internet Explorer mode in the Edge browser after threat actors exploited zero-day vulnerabilities in the legacy Chakra JavaScript engine to achieve remote code execution and privilege escalation, bypassing modern Chromium security defenses. Attackers used social engineering to trick users into reloading legitimate websites in IE mode, then chained exploits to break out of browser sandboxing for complete device compromise. Organizations must now manually enable IE mode through browser settings and explicitly allowlist sites requiring legacy compatibility, significantly raising the barrier for attackers while maintaining necessary backward compatibility for enterprise applications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FfhKnoy/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/3I9IyhVjmlTN37rGGegT_tLJuNdyctHsJ3bUDJZcohk=426">
<span>
<strong>How to tell if your mobile number has been hacked and what to do next (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SIM swap fraud has surged dramatically, with the UK experiencing a 1,055% increase and US victims losing nearly $50 million, as attackers use stolen personal information to impersonate victims and convince carriers to transfer phone numbers to attacker-controlled SIMs, enabling them to intercept SMS-based two-factor authentication codes and hijack financial accounts. Warning signs include sudden loss of cellular service, unexpected SIM transfer notifications from carriers, account lockouts, unfamiliar login alerts, and unusual data usage or app installations indicating active compromise. Security teams should immediately abandon SMS-based 2FA in favor of authenticator apps or hardware tokens like YubiKey, implement carrier account PINs and port-out protection, enable login history monitoring and alerts across all critical services, and educate employees on recognizing SIM swap attacks with protocols for investigating sudden phone service outages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F798797%2Fuk-ofcom-fines-4chan-online-safety-act%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/WtT-8vH4TUpNpIP76okbvy9EoT7ZKv0FFy-_sbA7pAM=426">
<span>
<strong>UK fines 4Chan over online safety compliance (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK has fined 4Chan £20,000 for failing to provide information required by the Online Safety Act. If 4Chan does not comply, it will be charged an additional £100 per day, up to £6,000, as Ofcom continues its investigation into illegal content and platform risks. 4Chan, meanwhile, is pushing back with legal action against the UK, claiming overreach as a US-based company.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Frare-look-inside-attacker-operation%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-10-camp-platform-global-prospect-iis-x-tldr_newsletter_1014%26utm_content=quick_link/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/JZODIpE07xaWdiQRCQUvfJNQLUD6-EGMTuh7YaxLiOY=426">
<span>
<strong>A rare look inside an attacker's day-to-day operation (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Huntress team tracked a threat actor for 3 months, watching how they refined their processes, incorporated AI into their workflows, and targeted different organizations and markets. 👀 <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Frare-look-inside-attacker-operation%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-10-camp-platform-global-prospect-iis-x-tldr_newsletter_1014%26utm_content=quick_link/2/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/Ue0zsWLxd7QulM1jCHsw-3ORNoc5U8rSjoXTK8Ix5L8=426" rel="noopener noreferrer nofollow" target="_blank"><span>Read the blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fspanish-authorities-dismantle-gxc-team-crime-as-a-service-operation%2F%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/ZhWtrO1IK-9NwstDPru2NM5CLT-g2N5hcgSPnU0oUQw=426">
<span>
<strong>Spanish Authorities Dismantle ‘GXC Team' Crime-as-a-Service Operation (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spanish authorities arrested GoogleXcoder, the alleged administrator of GXC Team, a crime-as-a-service operation that provided phishing kits and Android malware to cybercriminals, disrupting a marketplace that lowered the barrier to entry for conducting attacks and prompting security teams to monitor for customers migrating to alternative platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fckgk21nng0vo%3Futm_source=tldrinfosec/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/nn3qT2e-0TpxAMkI6fhYn8YmnRU7p__YlmmB69_hCP0=426">
<span>
<strong>Dutch government takes control of China-owned chip firm (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Dutch government has intervened to take control of Nexperia, a Chinese-owned semiconductor company, to safeguard Europe's supply of critical chips and economic security.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/_qY1Gycw8CwNnmwoJ2HnsfVNSeY3Xi6NL4xQZHK2nxA=426" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/rEsky78pJDbwWOshNsNDiL9fO7X2OzR7JiSSSjWZ-B4=426" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/YFUGC6QeCYn8a9W4FZlKi9Myg4nRP4bFTzHN6IdAfyU=426"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/iVmRkN4U9nfZiGBO6dwTbud9x_uiJkTZSONisy2_PRA=426" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/MU6k8aqz5iizLmmiUsFsndgwi3p6erfIg0F6QWPiymE=426"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/Mh_4cJQbndP2Y3wnYY4Ox1xozbOUKcP9JAEttAmEvJA=426"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/wL3qbwsEbTStAl5kG9HkGdDCRq_T1vXhPTCFdOisZyw=426"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/U4g1LQCbUQLOGDAAIk4I1QqYfGDNunPr5J4SsDHFWok=426">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=250fc1d6-a8d9-11f0-8b12-1d3a98b94075%26pt=campaign%26pv=4%26spa=1760446862%26t=1760447166%26s=4dc4f6803c7271b14bb01ac972202ce193693f2ed0ff0f32ffe7fe406ad28a09/1/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/5MeDYazHaxexeFIXloP9DQ2QwxDB0mzShN-BoXb7VPY=426">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199e2d3f70b-4a9ac47c-be63-41a5-b424-1914ccda1eae-000000/hTp6YAn2jgW8k0C3cLZ6z4wZVpgK2aiP5oGw57dbedM=426" style="display: none; width: 1px; height: 1px;">
</body></html>