<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Researchers discovered 131 malicious Chrome extensions with over 20K active users that inject code into WhatsApp Web to automate bulk spam campaigns </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/WJP7gnA_XccJj8b6p5KWEuLfGRE-Pm46823XC6GIifs=428" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/VzHjXqXxnSxEe4zpxWImFyTsoQwWgXraKZwWenMLPiU=428" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=781b6dd6-ae3c-11f0-9cda-cbddcd7d5e0d%26pt=campaign%26t=1761051994%26s=26f64b03a382d96911c3d926ae9fa74ce8d4ab05879d63dd1301a1140ea44d18/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/OGFtr0sZAvMVaMVtvXrcnDMORVaiNevTNlJh3ESi-B8=428"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fnetwork-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=network_control_q3_25%26utm_content=network_control%26utm_term=newsletter%23faq/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/NV6qaK6xChoXA6XgIIQZSG93jf-aKHX4eQhxgjV63eg=428"><img src="https://images.tldr.tech/threatlocker3.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-21</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fnetwork-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=network_control_q3_25%26utm_content=network_control%26utm_term=newsletter%23faq/2/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/_zoKolZ05NZIYAHfUwo9A1-6sZlFE67T-0gca_kwBvY=428">
<span>
<strong>What comes after the corporate firewall? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The corporate firewall is a relic of bygone times. With employees working from coffee shops, airports, and home networks, traditional perimeter security leaves your endpoints exposed to unmanaged devices and compromised networks.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fnetwork-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=network_control_q4_25%26utm_content=network_control%26utm_term=newsletter/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/6B9e_IYvMmPEvVrDNo5aZhkiMM6Eq7MaDEqG-qZG5f0=428" rel="noopener noreferrer nofollow" target="_blank"><span>ThreatLocker Network Control</span></a> brings the firewall to each endpoint with dynamic ACLs that automatically adjust based on location. Unlike VPNs that route through central points, it creates <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fnetwork-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=network_control_q4_25%26utm_content=network_control%26utm_term=newsletter/2/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/f0m7MFolMGc860ZKFBRlqJWJDA-Vqa0zlJkTl_L00-w=428" rel="noopener noreferrer nofollow" target="_blank"><span>direct, secure endpoint-to-endpoint connections</span></a>.</p>
<p>⚡ Create custom policies to open ports on demand for approved devices and users.</p>
<p>⚡ Ports auto-close within 5 minutes when not in use.</p>
<p>⚡ Manage all endpoint firewalls from one console.</p>
<p>✅ No IT tickets needed.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fnetwork-control%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=network_control_q4_25%26utm_content=network_control%26utm_term=newsletter/3/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/SmNsU6xesSCwIxjK7fF3-svaBAhZYNFhQCLlefGS7Es=428" rel="noopener noreferrer nofollow" target="_blank"><span>See Network Control in action</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2F131-chrome-extensions-caught-hijacking.html%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/7Qk-2K8fvviGJlJEYs7HyYR0h8dZgXYrs0b6RdcDrgA=428">
<span>
<strong>131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Socket researchers discovered 131 malicious Chrome extensions with over 20,000 active users that inject code into WhatsApp Web to automate bulk spam campaigns targeting Brazilian users. The extensions, marketed as CRM tools with names like “YouSeller” and “ZapVende,” share identical codebases and are distributed through a franchise model operated by DBX Tecnologia, violating Google's Chrome Web Store policies. The nine-month campaign aims to bypass WhatsApp's rate limits and anti-spam controls by automating message sending without user confirmation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4074962%2Fforeign-hackers-breached-a-us-nuclear-weapons-plant-via-sharepoint-flaws.html%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/_VcGYgg42QbeR9eD6ZJj1ymYIUnOzvsR7vYlawiskZE=428">
<span>
<strong>Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Foreign threat actors breached the Kansas City National Security Campus, which produces 80% of non-nuclear components for US nuclear weapons, by exploiting unpatched Microsoft SharePoint vulnerabilities CVE-2025-53770 (spoofing) and CVE-2025-49704 (RCE) in July, with attribution disputed between Chinese nation-state groups (Linen Typhoon, Violet Typhoon, and Storm-2603) and Russian cybercriminals. While the breach targeted IT systems rather than air-gapped OT/manufacturing environments, experts warn that even unclassified technical data such as precision requirements, tolerances, and supply chain details could provide adversaries with strategic intelligence about US weapons capabilities and manufacturing processes. Security teams should prioritize patching SharePoint on-premises servers, implement a comprehensive zero-trust architecture across both IT and OT environments as outlined in DoD's emerging OT fan chart framework, establish robust IT/OT segmentation to prevent lateral movement, and recognize that nation-state actors may acquire zero-day knowledge through MAPP program misuse or underground exchanges before patches are available.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2025%2F10%2Femail-bombs-exploit-lax-authentication-in-zendesk%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/N8VSiE_TarCqox0pJPXqJz9xmGhdrIv7F815z3jJGMQ=428">
<span>
<strong>Email Bombs Exploit Lax Authentication in Zendesk (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals are abusing a lack of authentication in the customer service platform Zendesk to flood victims' emails with spam messages that come from hundreds of Zendesk customers. Zendesk customers who do not require verified emails to submit tickets can be abused by spammers to send unwanted emails from the company's domain. Zendesk responded to this campaign by stating that customers are recommended to require verification.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fsecuring-amazon-bedrock-api-keys-best-practices-for-implementation-and-management%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/4pKkrCSV_BhAFf0iVAuuVQSdRt6KMlwBwjWze1ejy4g=428">
<span>
<strong>Securing Amazon Bedrock API keys: Best practices for implementation and management (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS recommends using temporary STS credentials over API keys when possible, but when API keys are necessary, short-term keys with built-in expiration are preferred over long-term keys. Organizations should implement comprehensive monitoring through CloudTrail events, EventBridge rules, and AWS Config to detect API key creation and usage while using SCPs to control or block key creation entirely if not needed. The article provides detailed guidance on identifying, protecting, detecting, and responding to API key security events across the credential lifecycle.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmedium.com%2Fderiv-tech%2Fhow-a-fake-ai-recruiter-delivers-five-staged-malware-disguised-as-a-dream-job-64cc68fec263%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/B0vt70MIfLMDa3jy37HigwJx2XnKf4sa347XLNkG2mY=428">
<span>
<strong>How a fake AI recruiter delivers five staged malware disguised as a dream job (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A sophisticated phishing scheme targets developers by posing as an AI recruiter offering an enticing job. Victims are tricked into cloning and running a malicious code repository as part of a “technical assessment,” which then unfolds the attack over five stages: first, a hidden backdoor is silently activated, followed by advanced JavaScript and Python malware that steals credentials, crypto wallets, and browser data, monitors keystrokes and clipboard, and installs remote-access tools like AnyDesk. The malware uses deep obfuscation and persistence mechanisms to resist removal and detection, ultimately handing attackers full control and ongoing surveillance of the compromised system.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.pixelmelt.dev%2Fkindle-web-drm%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/uIql7uqsDoPLNoQLvYFoL3-Y687CZ5SkT8kGN1uOFns=428">
<span>
<strong>How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Frustrated by Amazon's Kindle app instability and restrictive DRM, this author set out to reverse-engineer Amazon's web obfuscation system. Instead of granting simple access to purchased ebooks, Amazon uses a system where the actual text is encoded as glyph IDs rather than characters, with the mapping randomized for every batch of pages. Overcoming these sophisticated protections required pixel-level glyph matching and leveraging font metrics to reconstruct the book, eventually allowing the owner to access their purchase in a way they controlled.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fplatform-overview%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=secondary-aspm%26utm_content=251015-demo-secondary-text%26utm_term=brand/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/c87Cdkf-WWAzPeDBj0YoViEs8NGOdsHQqNYdDsyV2hA=428">
<span>
<strong>All your AST tools in one AI-powered platform (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Drowning in alerts? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fplatform-overview%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=secondary-aspm%26utm_content=251015-demo-secondary-text%26utm_term=brand/2/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/dTAU906cj3zT4317yT-SBTy_nvAbOgqvFCkfk-YhX2A=428" rel="noopener noreferrer nofollow" target="_blank"><span>Invicti ASPM</span></a> unifies DAST, SAST, SCA, API, container testing, and more under one platform. AppSec leaders see test results in a single view, developers get automated remediation workflows, and organizations track risk with clear KPIs.
<br><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.invicti.com%2Fplatform-overview%2F%3Futm_medium=3rdparty%26utm_source=tldr%26utm_campaign=secondary-aspm%26utm_content=251015-demo-secondary-text%26utm_term=brand/3/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/eZIgVJSfvkXT1VZWVUNdQkGly1Xp7pdnZ56s5oPDU3I=428" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See the platform</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2025%2F10%2F20%2Fnanochat-lets-you-build-your-own-hackable-llm%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/u51jLn0PT4bZcakcVR0jOV0KwlKyfAK1LTsKSEHCpxU=428">
<span>
<strong>Nanochat Lets You Build Your Own Hackable LLM (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Andrej Karpathy's nanochat is an open-source project that enables the creation of a simple ChatGPT clone for approximately $100 using 8,000 lines of minimal-dependency code and a single speedrun.sh script, producing a 1.9 billion parameter model trained on 38 billion tokens in about 4 hours on NVIDIA 8XH100 GPU hardware. The accessible codebase allows security researchers and developers to experiment with LLM architecture, understand model training processes, and test modifications without commercial platform restrictions, with scaling to $1,000 enabling significantly more capable models for math, coding, and reasoning tasks. This transparent, hackable approach provides security professionals with valuable insight into LLM internals for threat modeling, adversarial testing, and understanding AI system vulnerabilities that commercial black-box models obscure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjakejarvis%2Fdomainstack.io%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/-hIg9_8lYt99Ovx3ITJ__CX8CeZZwSAjGSajp8HpNps=428">
<span>
<strong>Domainstack (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Domainstack is an all‑in‑one app for exploring domain names. Search any domain (e.g., github.com) and get instant insights, including WHOIS/RDAP lookups, DNS records, SSL certificates, HTTP headers, hosting details, geolocation, and SEO signals.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.silentpush.com%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/d-LEgoW0a7a8mkQ0DtLSQW3WJCCHb4CpxACJg9kNJbA=428">
<span>
<strong>SilentPush (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Silent Push offers proactive threat intelligence, detecting and mapping malicious infrastructure pre-attack as it supplies “indicators of future compromise” via continuous internet scans. It also supports threat hunting and brand protection, and integrates with existing security tools or can operate standalone.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F183580%2Fsecurity%2Fwinos-4-0-hackers-expand-to-japan-and-malaysia-with-new-malware.html%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/DGzL2vcsYX2P-fjE7p7jcrMMU8SQUWLYIWh3UdlKkUg=428">
<span>
<strong>Winos 4.0 hackers expand to Japan and Malaysia with new malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Winos 4.0 threat actors have expanded operations from China and Taiwan to Japan and Malaysia, deploying HoldingHands RAT through phishing emails with fake Finance Ministry PDFs containing embedded malicious links hosted primarily on Tencent Cloud infrastructure. The sophisticated multi-stage attack chain uses digitally signed executables, anti-VM checks, targets Norton/Avast/Kaspersky for evasion, leverages Windows Task Scheduler for persistence, and injects payloads into taskhostw.exe with process monitoring for re-injection, while newer variants added C2 IP update capabilities via registry (HKEY_CURRENT_USER\SOFTWARE\HHClient). Security teams should monitor for suspicious PDF attachments impersonating government finance documents, block identified C2 infrastructure, including IP 156.251.17[.]9 and domain twczb[.]com, implement behavioral detection for Task Scheduler manipulation and unusual dokan2.dll/TimeBrokerClient.dll activity in System32, and trace Tencent Cloud APPID patterns to identify related phishing infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F183640%2Fdata-breach%2Frussian-lynk-group-leaks-sensitive-uk-mod-files-including-info-on-eight-military-bases.html%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/fVJwf84-kWsMIvGITdOpSAtuP4IsEeykfUzR-oY13DM=428">
<span>
<strong>Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Russian cybercrime group Lynx breached Dodd Group, a UK Ministry of Defence contractor, on September 23, stealing approximately 4TB of data, including sensitive files on eight RAF and Royal Navy bases such as RAF Lakenheath (hosting US F-35 jets and believed nuclear weapons storage), RAF Portreath (NATO radar site), and RAF Predannack (UK Drone Hub). The leaked data includes roughly 1,000 documents containing staff names, emails, phone numbers, vehicle details, visitor logs, security guidance, and construction records marked as “Controlled” or “Official Sensitive,” with the gang publishing data after failed ransom negotiations. Security professionals should prioritize third-party risk management and contractor security assessments, as supply chain compromises continue to expose critical defense infrastructure and personnel data that nation-state actors can leverage for intelligence gathering or future attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/l9qExpEudjMCwNCGFZ0K4uWPzeSjYNWhInr_AuszVqg=428">
<span>
<strong>See How One Company Avoids Million-Dollar Discovery Bills (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When Slack data becomes evidence, costs skyrocket. Onna makes discovery fast, predictable, and secure—transforming liability into manageable risk.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/2/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/11ouQO0bOEAHgK-WsGCQXQedsIcHFSTcB6wpgjQen_Y=428" rel="noopener noreferrer nofollow" target="_blank"><span>Read the case study now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBHCtD6/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/WKdOdSAPbrjyeFCN07gBSNJBgdaMK8lFFJLF8YbtRu8=428">
<span>
<strong>xubuntu.org might be compromised (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Xubuntu.org website's torrent download links are serving malicious ZIP files containing a suspicious Windows executable with a 2026 copyright date (despite being 2025) and no actual torrent file inside.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-october-updates-break-usb-mice-and-keyboards-in-windows-recovery%2F%3Futm_source=tldrinfosec/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/D-P1hEqCJlz-utxy46c5jN5ytkX6nGFbVQ4J3-s8EMk=428">
<span>
<strong>Microsoft: October updates break USB input in Windows Recovery (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's October 2025 security updates (KB5066835) break USB mouse and keyboard functionality in Windows Recovery Environment (WinRE) on Windows 11 24H2, 25H2, and Windows Server 2025.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/uyz_eYTCs6MVE9kzr-WiCgo5TFFf_ef7ExUI0keE4sE=428" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/5uFG1AzTAOTOpJfyRlPVbPvBfRHwTvfvwpRts1OYBnc=428" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/HxoPtqpJmFHBPqirzsXAwApYuinzpygJGRswMxOJGrU=428"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/OaspWvog5HObzdEEnzXGhpm3koXG_aogggjxYonUbRE=428" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/CsM-7XiYGONjAYNEKKXU_Cdm1_-r3A25am02j92_1cE=428"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/010WJ9kTz-ugxwqFqCzBZTgL9Ysi0phqJDQtK_Zo_NY=428"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/p_SRoBWN3-nNbS-_BcmZVSlaL8rKQpMMZr6sw8vCkYY=428"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/w4iW9cevqAqCsZY9w1Uq0Y1hXhiICRYlBHWdBJVmEaY=428">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=781b6dd6-ae3c-11f0-9cda-cbddcd7d5e0d%26pt=campaign%26pv=4%26spa=1761051688%26t=1761051994%26s=88b3f63d8ea9be4032bd29329e3ece05f72e82f35b05734c9a70a6f6986f7772/1/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/OPnw0hu6jqKcA5xOMMn9tDK6XMpI_YeVGjsel1QQfPA=428">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a06e0ea4e-528aa250-799b-4bc4-aa6c-58935dae6745-000000/GPnWMGM5gS77tLMparOs65pZzo9RmXw7Uy980w29P80=428" style="display: none; width: 1px; height: 1px;">
</body></html>