<!DOCTYPE html><html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html charset=UTF-8">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="x-apple-disable-message-reformatting">
<title>TLDR InfoSec</title>
<meta name="color-scheme" content="light dark">
<meta name="supported-color-schemes" content="light dark">
<style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style>
<!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]-->
</head>
<body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Eclypsium researchers discovered that Microsoft-signed UEFI shells on approximately 200K Framework laptops contain dangerous memory modify commands </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document">
<tbody>
<tr>
<td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600">
<tbody>
<tr class="inner-body">
<td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr class="header">
<td bgcolor="" class="container">
<table width="100%">
<tbody>
<tr>
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/sjLAeJASYLA0THSL4j5l75C_-HTvdSi9rR-2nXHXc9g=427" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/dLZvc0ejrUJo6K5Z0YCZTy3PMWqvA3RQbOa9CZG6UB8=427" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5dcb293a-aa63-11f0-8c2b-d115136d9413%26pt=campaign%26t=1760621149%26s=eb079a8892c90680b5cbf34f9377747691ec58acb818f80196504b3f4419710f/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/LvRv2arnwutEyAisAIwzfePQ0KwSv6n5cbJo0hvnrdk=427"><span>View Online</span></a></span>
<br>
</span></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr id="together-with">
<td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251001/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/TmWTunoNexPRhOcweNtMtHh37Xc1o8z8uMzlboTPTwo=427"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-16</span></strong></h1>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr id="sponsy-copy">
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251001/2/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/cQFMsqIstgTZUsI0X2oVDo7EGdVNDDNGCXtWYUV9xKQ=427">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing has gone beyond email. Today's attackers use AI-generated voices, videos, and interactive deepfakes of company executives. They can fool anyone - including you and your coworkers.<p></p><p>Backed by <strong>$55M+ in funding from OpenAI and a16z</strong>, Adaptive Security is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251001/3/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/C3xXKygphfyLH6xY298AHoeqQJNmOuHYyW_NS4cEMZc=427" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive keeps employees on their feet with tools such as:</p>
<ul>
<li>Deepfake phishing simulations of company executives in real-life scenarios</li>
<li>Interactive, customizable training content tailored for each employee</li>
<li>AI-driven risk scoring that factors in your publicly available data adversaries can exploit</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251001/4/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/11-F1Pwymu-cS5eguQmQ6iXqmEX4mf7Ds3wZkn3ekxs=427" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>to chat with a custom interactive deepfake of your boss</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251001/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/s63JSHyGi7eYtywS54LwAvHWQvJ5AdkTIBnbzzpjSsU=427" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a self-guided tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bgcolor="">
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Feclypsium.com%2Fblog%2Fbombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/uT2TR5_DpOK5jVZUQVRCPCWWplnklsuybNRe9Zg9wgY=427">
<span>
<strong>BombShell: The Signed Backdoor Hiding in Plain Sight on Framework Devices (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Eclypsium researchers discovered that Microsoft-signed UEFI shells on approximately 200,000 Framework laptops contain dangerous "mm" (memory modify) commands that can completely bypass Secure Boot protections by overwriting security handler pointers in memory. The attack leverages the implicit trust model, where signed components are automatically trusted, allowing attackers to disable signature verification and load arbitrary malicious code while the system still reports Secure Boot as enabled. Security professionals should prioritize updating UEFI revocation lists (DBX), implementing BIOS passwords, and conducting firmware vulnerability assessments, as commercial cheat providers are already exploiting this technique and could be weaponized by nation-state actors for pre-OS persistence.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F10%2F15%2Fcyber-giant-f5-networks-says-government-hackers-had-long-term-access-to-its-systems-stole-code-and-customer-data%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/7yAVqDPi_LKO4GL_lPfyimbdzwhNwSoEN1LcrtuFgTk=427">
<span>
<strong>Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
F5 Networks revealed that government-backed hackers accessed its systems for an extended period, stealing source code and customer data. The intrusion impacted key product development areas and exposed sensitive customer configurations. While F5 acted to contain the breach and released security patches, over 1,000 companies, including many Fortune 500 firms, may be at risk.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fchinese-hackers-leverage-geo-mapping-tool%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/S0OICzFJbcPd73V2qGeWtKW85lphbHpiZCRdr0poqjU=427">
<span>
<strong>Chinese Hackers Leverage Geo-Mapping Tool to Maintain Year-Long Persistence (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reliaquest researchers uncovered a Chinese hacking campaign that targeted critical infrastructure across Asia and North America. The attackers used spear phishing to access the networks, then downloaded geo-mapping malware that disguised itself as a software component. The malware masked its network traffic to blend in with routine traffic and managed to avoid detection for at least 12 months.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbeelzebub.ai%2Fblog%2Fllm-honeypot-vs-cryptojacking-understanding-the-enemy%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/YiK4sESkvwMtKZ7kHCtVvXe4xJOXfoU0JMxigRQjMGA=427">
<span>
<strong>LLM Honeypot vs. Cryptojacking: Understanding the Enemy (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mario Candela used Beelzebub's LLM network honeypot to detect cryptojacking malware that collected system data, then stopped other miners and started XMR mining via c3pool. The operation earned around $4,126 from 20 XMR across 95 servers. Attackers used 'validator/qwerty' credentials for initial access, then changed root passwords and established persistence. Security experts should note the value of LLM honeypots for behavioral analysis and coordinated disruption, as the author neutralized the threat by reporting the wallet to c3pool, which removed all infected miners.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adversis.io%2Fblogs%2Fblind-enumeration-of-grpc-services%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/zTcQhsRecrgvTg4YTqvOncDrx5RkLJkJFa6s4qPTQak=427">
<span>
<strong>Blind Enumeration of gRPC Services (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Adversis developed grpc-scan to automate service discovery on gRPC endpoints when reflection is disabled and documentation is minimal, exploiting how different gRPC implementations return distinct error codes (UNIMPLEMENTED vs NOT_FOUND) to differentiate between non-existent services and valid services with invalid methods. The tool systematically tests thousands of service/method combinations using common naming patterns and leverages HTTP/2 multiplexing for efficient scanning, revealing common security anti-patterns like legacy services with weaker authentication, method proliferation where newer methods bypass security checks, and "internal" services exposed on public endpoints. Security professionals should recognize that gRPC's opacity often creates a false sense of security through obscurity, and should implement proper service inventory management, consistent authentication across all service versions, and network segmentation rather than relying on undocumented APIs for protection.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.gopenai.com%2Funlocking-llm-jailbreaks-deconstructing-plinys-prompt-and-advanced-evasion-techniques-d29e8b65ca33%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/fe0Z3o7zb-hKkmcig8ZJNRbzGS1oAzAsXGzFq15nwss=427">
<span>
<strong>Unlocking LLM Jailbreaks: Deconstructing Pliny's Prompt and Advanced Evasion Techniques (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pliny the Liberator is a well-known LLM jailbreaker who shares their jailbreaking prompts on GitHub. Pliny's prompts make use of several techniques to effectively jailbreak LLMs, such as instruction prioritization, obfuscation and redirection, guardrail negation, cognitive overload, contextual misdirection, task tunneling, tonal misdirection, and output quantity bias. This post steps through each technique and showcases how the prompt utilizes it.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fai-soc-benchmark-study%3Futm_campaign=25529265-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Secondary%252010-16-25%26utm_source=sponosorship%26utm_medium=newsletter%26utm_content=CSA%2520benchmark%2520study/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/i_HExZOYG2ltNxMZi9xNa6dLCG3YlQdPQtoF9Y6tokc=427">
<span>
<strong>The Industry's First Real AI SOC Benchmark Study (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Cloud Security Alliance partnered with Dropzone AI to measure what actually happens <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fai-soc-benchmark-study%3Futm_campaign=25529265-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Secondary%252010-16-25%26utm_source=sponosorship%26utm_medium=newsletter%26utm_content=CSA%2520benchmark%2520study/2/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/Nm2Xe5QO-L55Udb4EBgyqKnG-3DaesyM3Ba_rzUG7sM=427" rel="noopener noreferrer nofollow" target="_blank"><span>when SOC analysts use AI assistance</span></a>. Real analysts. Real alerts. Real results. No vendor spin. Get the independent data your board needs to make informed AI investment decisions.
<p></p>
<p>👉<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fai-soc-benchmark-study%3Futm_campaign=25529265-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Secondary%252010-16-25%26utm_source=sponosorship%26utm_medium=newsletter%26utm_content=CSA%2520benchmark%2520study/3/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/_zx4tt0WaKi3nlmByy7oq3ZkThPOPlfko3KSUcX9i3U=427" rel="noopener noreferrer nofollow" target="_blank"><span>Download the Study</span></a>
</p>
</span></span></div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fwerf%2Ftrdl%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/-owkplwaaoza6OR10j7qQ3V7QNxV9_KctkGVzFOHw_o=427">
<span>
<strong>trdl (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
trdl (which stands for "true delivery") is an open-source solution providing a secure channel for delivering updates from the Git repository to the end user.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhnsecurity.it%2Fblog%2Fstreamlining-vulnerability-research-with-the-idalib-rust-bindings-for-ida-9-2%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/3ExgIopva5gBY_BClF0h4RaopxUb5zgYRUzAqNZj6gQ=427">
<span>
<strong>Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2 (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post presents three Rust-based IDA Pro 9.2 plugins that leverage Binarly's idalib bindings for automated vulnerability research. rhabdomancer identifies potentially insecure API function calls with severity tiers, haruspex extracts decompiled pseudocode for static analysis tools like Semgrep, and augur organizes string-related code for analysis. The tactical approach focuses on scale and automation, with these headless tools achieving blazing-fast analysis (processing 350KB binaries in under 3 seconds) while integrating with existing vulnerability research workflows through IDE compatibility and static analysis tool chains. Security researchers should adopt this methodology of combining reverse engineering automation with static analysis pipelines.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oneleet.com%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/kd-GGdfo-poXX-_qZ_VOI1x1JlNJ4tFsuhAxQ9GBt-c=427">
<span>
<strong>Oneleet (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oneleet combines attack surface management with code scanning to identify forgotten assets, expose services, and uncover vulnerabilities before they enter production.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F1ZJg5D/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/upGW2dDh3YVY9QS8ok9k8W8D85HCt_NhGN7TYoiIIzg=427">
<span>
<strong>5CA denies third-party Zendesk platform was cause of Discord breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Third-party provider 5CA has publicly denied responsibility for the Discord breach that exposed 5.5 million users' data, including over 70,000 government IDs, contradicting Discord's initial claims that blamed 5CA's Zendesk systems. The breach was carried out by Scattered LAPSUS$ Hunters who gained 58 hours of access starting September 20, stealing 1.6TB of data, including support tickets and partial payment information for 580,000 users. Security professionals should note the discrepancy between the hacker group's claim of 521,000 age-verification tickets versus Discord's reported 70,000 exposed government IDs, highlighting the importance of independent breach assessments and avoiding premature attribution in incident response.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fanatomy-of-an-attack-blacksuit-ransomware-blitz%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/59gD15stZDwyzUQHODfA6j9ITcChAqHnLuAPNZ5R_WU=427">
<span>
<strong>Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment Manufacturer (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 42 assisted a manufacturer targeted by Ignoble Scorpius (BlackSuit ransomware) after attackers used voice phishing to steal VPN credentials, then executed DCSync attacks to compromise domain controllers and exfiltrate 400GB of data before deploying ransomware across 60 VMware ESXi hosts. The incident response strategy involved rapidly expanding Cortex XDR visibility from 250 to 17,000 endpoints and using automated containment through Cortex XSOAR to stop lateral movement, while implementing critical defenses including MFA enforcement, network segmentation, and EFSRPC blocking. Security professionals should prioritize proactive multi-layered defenses, including robust endpoint visibility, automated response capabilities, and strict access controls, as this case demonstrates how a single compromised credential can escalate to a $20 million ransom demand without proper preventive measures.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fsupply-chain-risk-in-vscode-extension-marketplaces%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/MexLhCoR4oalxRex8CRXYWsQwzcODduF-pjpZu6IaoE=427">
<span>
<strong>Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 550 sensitive secrets, including AWS and GitHub tokens, were exposed in public VSCode extensions. This was primarily due to insecure file handling, which attackers could exploit to push malicious updates and launch supply chain attacks. In response, platforms revoked compromised tokens, notified publishers, and improved scanning.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.veeam.com%2Fhalloveeam-de.html%3Fccode=operational_701UG00000TlQw1YAF%26utm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/5GU_0hgoXvlDc6E0I3akYcL5LVH2KxFEP94X4sKFB2c=427">
<span>
<strong>HalloVeeam: The Halloween Special Your IT Team Deserves (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Malware monsters. Defender superheroes. Epic battles for your data. Veeam is making cybersecurity as entertaining as your favorite Halloween movie. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.veeam.com%2Fhalloveeam-de.html%3Fccode=operational_701UG00000TlQw1YAF/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/o_a_wrOUwQEOL4nnSj6X2rumwrCj0L21uu0gjF8n0hQ=427" rel="noopener noreferrer nofollow" target="_blank"><span>Real lessons, zero boredom</span></a>. October 30th, 2-3pm CET. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.veeam.com%2Fhalloveeam-de.html%3Fccode=operational_701UG00000TlQw1YAF/2/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/nRAui1d-kDuKYBlNgRjziUifZB4CW5Jjs8XRIZuMtUM=427" rel="noopener noreferrer nofollow" target="_blank"><span>Don't miss it.</span></a>
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F15%2Fico_fines_capita_14m%2F%3Futm_source=tldrinfosec/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/NC86VJ_9s2Vk7efHYApV2oCrd_itZxMZtqLDkgw-6rw=427">
<span>
<strong>Capita fined £14M after 58-hour delay exposed 6.6M records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Capita was fined £14 million for a cyberattack in 2023 that exposed the data of 6.6 million people, caused a 58-hour response delay, and involved significant security failures affecting hundreds of organizations.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td>
</tr>
<tr>
<td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td>
</tr>
<tr>
<td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/N1l45UfzY2mOv3iQyoi9IhP-iJ8SiF73rWBp_2cLjCA=427" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td>
</tr>
<tr></tr>
<tr>
<td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/DN_Ml2C1A4RWPu3Jjpc7vjsnLUl-c8yVJzKr2mJFWAs=427" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/O-sP1zQSKOsP1AC_h8A7F-nAwrw14w1PJR-fC2eMFH4=427"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/XwOPlBteduBX9aIVHIX5JLP1DPMYY9s0_TYLpA8I7UU=427" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/OZfkoyQKdcWhbWBexUEy7mwZou02O-YC3dIFpKRP9T4=427"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/LLb4BfPaZ356lK1Qc3cygW530hY-qCxYcmm5G6U6DMc=427"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/O-K5YFMfHxf0cPfN5ceeeRD4kr_ngGO3gIVnOvq_AZY=427"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/SBmfFmaXRladKG4cEfSfTdMiT2PgWSRr0fAEDTgg4sU=427">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5dcb293a-aa63-11f0-8c2b-d115136d9413%26pt=campaign%26pv=4%26spa=1760619686%26t=1760621149%26s=d19749af6db492dcba8e2f7cc7fc5c3048421b9c523c6fa9afef8189e7fca720/1/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/UsG2xBaM8TUrlOI5teT5gMpI80AyQ3V6Xo1BRb9Cjo8=427">unsubscribe</a>.
<br>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199ed32bc6e-d733b917-1adc-4757-8d6a-c9f34d20055b-000000/f496RZMS-N7nfzmC_OOJ72QBN5Xueyj8nhewfDKUsK4=427" style="display: none; width: 1px; height: 1px;">
</body></html>