<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Cybercriminals are conducting a phishing campaign targeting password manager users with fake breach notification emails that trick recipients β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/IHeTa8PdwDSpLZPo3gRa1FmLtp1hDOP7acTX4L749rE=427" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/fe9ngQZY2G9Mb_O5yGNALyTn4Laqp6-70afSe4zqwSI=427" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f847b66-ab3f-11f0-8279-71df8ee98038%26pt=campaign%26t=1760706367%26s=28f17df15949955c3bae81685f98ebc2fc5bac9b2e5f05e5d8b9bee4f50faa51/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/kfPf-9NsH_zPEP9AEG11xpnDx8qsrzHXv5fbz0pqaRU=427"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fsolutions%2Fmergers-acquisitions-it-integration%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_enterprise_amer_english_cybersecurity-for-mergers-acquisitions_awareness_2025-10%26utm_content=text%26utm_term=october-17-newsletter-primary/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/gFbPj2aIqAYCNF8DZrX54QjYl8b9FfW7occtBWaZ2F8=427"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fsolutions%2Fmergers-acquisitions-it-integration%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_enterprise_amer_english_cybersecurity-for-mergers-acquisitions_awareness_2025-10%26utm_content=text%26utm_term=october-17-newsletter-primary/2/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/7Jjis7APyHVehYIiCfAQvLj7pk6cq0oSh-rAoRYpwRA=427">
<span>
<strong>Stay secure during M&As with 1Password (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mergers and acquisitions are complex enough without managing a data breach. Unfortunately, more than 1 in 3 CISOs have reported experiencing a breach tied to M&A activity.<p></p><p>Get ahead of the risks and arm your team with tools to:</p><ul><li>Discover inherited shadow IT and AI</li><li>Automate employee onboarding and offboarding</li><li>Eliminate weak and unmanaged credentials</li><li>Find unused and unnecessary SaaS licenses</li></ul><p>With 1Password Extended Access Management, teams can keep M&As secure from Day 1 of integration.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fsolutions%2Fmergers-acquisitions-it-integration%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_enterprise_amer_english_cybersecurity-for-mergers-acquisitions_awareness_2025-10%26utm_content=text%26utm_term=october-17-newsletter-primary/3/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/SR5YJ7ILCa-EE-MNw_e7nzbTbruoYYVeN742bl96cS4=427" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/JsBHEnT51gOUgbj32UhQRKRI13YZOMHrRfLHQ-xYcZM=427">
<span>
<strong>Fake LastPass, Bitwarden breach alerts lead to PC hijacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals are conducting a phishing campaign targeting password manager users with fake breach notification emails that trick recipients into downloading malware disguised as "secure desktop versions" of LastPass and Bitwarden. The malicious downloads install Syncro MSP agent software configured to deploy ScreenConnect remote access tools, giving attackers full control over compromised systems while remaining hidden from users. Security professionals should educate users that legitimate password manager companies never request master passwords via email and that security incidents are always announced through official channels and verified company blogs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/Nft5JUzITgMZobcjckJ6C1cFMrACt8rxcry7lYAPzhc=427">
<span>
<strong>Hackers Exploit Cisco SNMP Flaw to Deploy Rootkit on Switches (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at Trend Micro uncovered a malware campaign that exploits a recently patched remote code execution vulnerability in older Cisco IOS and IOS XE devices to install a Linux rootkit. This flaw leverages the Simple Network Management Protocol (SNMP) and permits attackers with root privileges to execute arbitrary code, bypassing security controls such as Cisco's Authentication, Authorization, and Accounting (AAA) framework and Virtual Teletype (VTY) access control lists. Once active, the rootkit conceals running configurations, manipulates logs, and resets timestamps to evade detection, thereby gaining persistent control over affected devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techradar.com%2Fpro%2Fsecurity%2Fsensitive-customer-info-exposed-in-mango-data-breach-heres-what-we-know%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/ugzTopphgmWYaYG5jo4wuImjcq2MHeiV8CqiZmEpqK8=427">
<span>
<strong>Sensitive Customer Info Exposed in Mango Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spanish fashion retailer Mango reported a data breach after one of its third-party service providers experienced unauthorized access. The breached data includes first names, countries, postal codes, email addresses, and phone numbers. Mango stressed that financial information, IDs, usernames, and passwords were not leaked.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fscotthelme.ghost.io%2Fcve-2025-49844-the-redis-cvss-10-0-vulnerability-and-how-we-responded%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/Kcka5Vf6p1v1wjDaK9LZ3cisx81iViJH07n7cjLsl_0=427">
<span>
<strong>CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Report URI's response to the critical Redis vulnerability demonstrates a layered defense strategy: they immediately implemented ACL restrictions to disable EVAL and EVALSHA commands as a temporary mitigation, then leveraged their recently deployed Redis Sentinel high-availability setup to perform zero-downtime upgrades to the patched version. Their existing security posture, which included network isolation, strict firewall rules, role-based access controls, and comprehensive logging, meant they were already protected from exploitation and could quickly verify that no compromise had occurred through command statistics analysis. Security teams should prioritize defense-in-depth architecture that enables rapid response to critical vulnerabilities, including network segmentation, quickly modifiable access controls, and high-availability configurations that allow for seamless patching without service disruption.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIBI9Jl/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/nI3HMsi1y9akC3RudRcE_dEV8I43QLU7AYIKhbnbyPs=427">
<span>
<strong>Startup Security: Ratios and a 24-Month Hiring Plan (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The author recommends a 1:40 security-to-employee ratio and 1:100 IT-to-employee ratio for startups, based on research from successful companies like GitHub and GitLab. He advocates for organizing security teams into four distinct areas: IT (employee enablement), Security Operations (infrastructure and compliance), GRC (governance and customer-facing security), and Product Security (application security and engineering). The document includes a detailed 24-month hiring plan that scales from 5 security staff at 187 employees to 16 security staff at 600 employees, emphasizing that proper staffing ratios are essential for moving from reactive to proactive security postures.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.infoguard.ch%2Fposts%2Fautomation_of_vhdx_investigations%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/dpeWNRERt_CTdB52C-8wRyCyBll0MZJoLg_yQsEdtYw=427">
<span>
<strong>Automation of VHDX Investigations (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Virtual Hard Disk (VHDX) files are commonly generated by Virtual Desktop Infrastructure (VDI) environments and can be very useful to forensic investigators. Velociraptor is frequently used in investigations but fails to discover or parse the NTUSER.DAT hives in VHDX files without injecting a synthetic ProfileList registry hive or customizing the Windows.Sys.Users artifact to support VHDX discovery logic. To perform this analysis at scale, a single remapping configuration can be used, multiple virtual Velociraptor clients can be launched, or a batch processing approach can be used as a middle ground.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/kbIkLHvVHNrtEWnc4_0l86w7mIOIiHI97NLhXcSuWDY=427">
<span>
<strong>The Hidden Threat in Every Slack Channel (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Slack conversations are discoverableβand exploitable. By treating eDiscovery like risk management, one savvy media company avoided a million-dollar surprise legal bill and strengthened its data security position. Onna makes legal and infosec work together to contain exposure.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/2/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/hZKoVAQzXHcXPE-a143Xa9w_mK4o6NcNqAgu-uJlQeI=427" rel="noopener noreferrer nofollow" target="_blank"><span>See how BENlabs avoids millions in legal fees</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4072584%2Fmcptotal-launches-to-power-secure-enterprise-mcp-workflows.html%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/dMLKRxub_D0xDjfuAmnJtbOdRwT7HqFD_2tAZlLnazE=427">
<span>
<strong>MCPTotal Launches to Power Secure Enterprise MCP Workflows (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MCPTotal launched as the first comprehensive security platform for Model Context Protocol (MCP) implementations, addressing critical vulnerabilities in enterprise AI integrations, including supply chain exposures, prompt injection attacks, rogue MCP servers, and data exfiltration risks that traditional security tools cannot monitor. The platform provides a hub-and-gateway architecture with centralized hosting, authentication, credential vaulting, and AI-native firewall capabilities. It monitors MCP traffic and enforces real-time policies while offering a vetted catalog of secure MCP servers. Security professionals should recognize that MCP adoption creates a new attack surface requiring specialized monitoring and governance, and should evaluate solutions that provide visibility into AI-to-enterprise system connections, implement proper authentication controls, and establish policies for employee MCP usage to prevent shadow IT risks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fanshumanbh%2Fsecurevibes%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/9SpPUXUlkSo0bU3hjq_RiXqHD5GZplXWxruuUenn7D4=427">
<span>
<strong>SecureVibes (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SecureVibes is an AI-native security system for vibecoded applications that uses Claude's multi-agent architecture to find security vulnerabilities in your code base autonomously.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmondoo.com%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/9zPTbWpKCyu-hZn2rc7YY6B1YCIiyKdA0lHrDbjoMWE=427">
<span>
<strong>Mondoo (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mondoo provides an agentic vulnerability management platform enabling organizations to categorize, prioritize, and remediate risks across on-prem, cloud, SaaS, and endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsensiblesecurity.xyz%2Fp%2Fsoc-2-is-dead-long-live-soc-2%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/OPUcbBexpAp5n8lxCx2KeYR9yce-yPhlyv4ralER3hI=427">
<span>
<strong>SOC 2 is dead, long live SOC 2! (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The author argues that SOC 2 and other security compliance frameworks have fundamental flaws: vague control requirements disconnected from specific threats, audit methodologies that only assess current state rather than historical effectiveness, and static reports that quickly become outdated in dynamic environments. He proposes ALCOVE (Assurance Levels for Control Operating Viability & Effectiveness), a new framework inspired by software supply chain security models that would provide continuous monitoring, threat-informed requirements, and real-time dashboards showing historical control effectiveness. The proposal includes integrating cyber insurance incentives to drive adoption, where insurers would receive continuous control data from vendors in exchange for premium discounts, creating better-aligned incentives across all stakeholders.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techtimes.com%2Farticles%2F312223%2F20251008%2Fapple-takes-down-new-ice-app-that-archives-agents-arrest-videos-following-iceblock-removal.htm%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/XaA5Q6PS7BB78EF7jDkNRY6KpSaeNmAuKggGSs06Fz0=427">
<span>
<strong>Apple Takes Down New ICE App That Archives Agents Arrest Videos Following ICEBlock Removal (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple has removed another anti-ICE app on the App Store. The βEyes Upβ app shared location data of arrests that have already happened and holds archives of arrest videos.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F10%2Fhackers-bullet-proof-hosts-deliver-malware-from-blockchains%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/76jDMAoxAmk30VfgLdlmbGF3hqvyZFtB7660E_W67wk=427">
<span>
<strong>Nation-state hackers deliver malware from βbulletproofβ blockchains (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers, including those working for North Korea, are distributing malware using Ethereum and BNB blockchains, making it immune to takedowns and almost impossible to trace. By embedding malicious code in blockchain smart contracts, attackers can bypass traditional security measures, easily update payloads, and use job scams to lure developers into running these contracts as part of the interview process.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Foutbound-traffic-risks-in-your-aws-cloud-network%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=10172025/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/urAYqbcHWLeLIHFfhS-67WAnVUbU5niUJkMIDtnJY0w=427">
<span>
<strong>How attackers exploit outbound traffic to attack AWS environments (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloud security focuses on keeping attackers out<em> - </em>but outbound attack paths can be a blind spot. The network flow approach can be a useful monitoring alternative. Read the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Foutbound-traffic-risks-in-your-aws-cloud-network%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=10172025/2/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/RcJTptjtmox8shHC9SkzPwzoFiViIxTD1GyWKg3q4yU=427" rel="noopener noreferrer nofollow" target="_blank"><span>blog by Intrusion</span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpowerschool-hacker-gets-sentenced-to-four-years-in-prison%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/NRJs8v-bleCiFGmu8Q0UBTcdZhOxilJpI5U9ABrH4IM=427">
<span>
<strong>PowerSchool hacker gets sentenced to four years in prison (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 19-year-old college student received a four-year prison sentence and $14 million restitution order for breaching PowerSchool's systems using stolen subcontractor credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fchinese-threat-group-jewelbug-quietly.html%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/E-qm0Gdeijs9OTJcbJxO-Q2LKbK25B7OkJC4oM6HIjQ=427">
<span>
<strong>Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese threat group Jewelbug conducted a five-month intrusion into a Russian IT service provider from January to May.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F16%2Fsothebys_breach%2F%3Futm_source=tldrinfosec/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/912IzM-vym6qJWLOVPCBr6fZAEVQpUGf3uMOlS2aRxs=427">
<span>
<strong>Auction house Sotheby's finds its data on the block after cyberattack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sotheby's experienced a cyberattack in July.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/VBT2i_PGoiYczepkasgDsgWFWCsIGDfUhenobLL4ZBk=427" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/oJmrLV4fz-UWHHqA5kTUVl6FIpvTOBvZbpZWbGx7nYs=427" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/dMnpENSc15dr_5DR5hwZI17B_9zAVZk7569UEYW-Fw4=427"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/qqM_NhKFFItUIrjIJCmYW5skSf0vevrcHmG6qzSFs0E=427" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/eeGzxOvFYfQK6rLmPKjkHktoB5BT_VEBd7if8hw-vXM=427"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/fdxUoP2P_qW_mqPaZWVOgfwQiOet4FdeYHKcARnXivQ=427"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/rdKSgFG_EPJOn3rpIGOshs1dTZa5mVT3bA4AihDFbvw=427"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/fdayoyoEn0VMvrGJkofIbt-rtvAQBr282wOssaMGapA=427">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f847b66-ab3f-11f0-8279-71df8ee98038%26pt=campaign%26pv=4%26spa=1760706066%26t=1760706367%26s=4968bcfb1ee3dfabd03bd0395d5c87066a7d94e563af5ee2ffc63770a09b9f79/1/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/YCduawgZTdfS5tdct1rBNh9QY5z__HN3Rt9DcrXOWbE=427">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199f247129e-5ca68079-ea78-4ab3-aa23-f2319cc08827-000000/ZLUKyj0Qlv5kpAjvYtp5_Sh92JqxYb4lFQ4UMFprQqY=427" style="display: none; width: 1px; height: 1px;">
</body></html>