<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The bipartisan Foreign Robocall Elimination Act has passed the Senate Commerce Committee, establishing an FCC-led task force β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/jBJ9aXLR2svbrRKMifUFeazeySDBuZ2e26lE-0SJZM0=428" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/M5j8S4LAweT2bUo8VCz5L5yDCIXgnYzBf5CC53HqXOQ=428" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=96e44ca2-aff8-11f0-91ef-b1610a53e78f%26pt=campaign%26t=1761225233%26s=ef743b7e5a55fdbb97d466703e32b5318de863fa7c1ebbe2ac4d23fb2b1f8852/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/WPAx4iTwtQXQ-YjjE9NjU9U67L2MPuC3tLCz8_nKqus=428"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fblog%2Fgartner-magic-quadrant-privileged-access-management/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/C01Ovsx1IABnFv-tl0E9WiO_L1kKKndYX9vkM3m_fNU=428"><img src="https://images.tldr.tech/strongdm.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="StrongDM"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-23</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fblog%2Fgartner-magic-quadrant-privileged-access-management/2/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/A24vCoTHfBYwKKMK4d57mpaAzcuzBmjgdJjC7MT8JZg=428">
<span>
<strong>StrongDM Debuts in Gartner's Magic Quadrant for Privileged Access Management (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most PAM vendors started with password vaults and bolted on cloud connectors. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fblog%2Fgartner-magic-quadrant-privileged-access-management/3/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/F88cKL5LHXdREuWBEBI9iKJoe5pGu4XIyIcx53pfMJs=428" rel="noopener noreferrer nofollow" target="_blank"><span>StrongDM was built differently</span></a>: a universal access platform that treats authorization, not authentication, as the primary control plane.
<p></p>
<p>Instead of managing static secrets, StrongDM enforces <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fblog%2Fgartner-magic-quadrant-privileged-access-management/4/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/0hqfzVPxGjAR3753OxMQMUxgugK0_iP1CB60tK72pew=428" rel="noopener noreferrer nofollow" target="_blank"><span>continuous, policy-based authorization for every access request</span></a>. It works across databases, Kubernetes clusters, cloud consoles, CI/CD systems, and APIs - evaluating user identity, role, device health, and context in real time.</p>
<p>The result is temporary, least-privilege access without pre-provisioned admin accounts or long-lived credentials - and granular auditing that shows not just who accessed what, but what they did while there.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fblog%2Fgartner-magic-quadrant-privileged-access-management/5/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/RnPEH5dU3BTS664qOuKMJjSeOJikaAz7lZdrv_LXGzo=428" rel="noopener noreferrer nofollow" target="_blank"><span>Read why Gartner recognized StrongDM's modern approach</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fasync-tar-rust-open-source-vulnerability%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/mxLS1iEHFI5sG9-LZb-Z9ybYTwVA5fmCt1MlIe2C1SQ=428">
<span>
<strong>Researchers Uncover Remote Code Execution Flaw in Abandoned Rust Code Library (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2025-62518 is a high-severity boundary-parsing vulnerability (CVSS 8.1) in the abandoned async-tar Rust library that allows remote code execution through file overwriting. The flaw affects critical tools, including the uv package manager, tokio-tar (5+ million downloads), and multiple widely-used forks. The issue highlights the open-source abandonware crisis, where unmaintained code is repeatedly forked, spreading bugs across ecosystems with limited visibility and patchability. Security teams should audit dependencies for async-tar and related forks (tokio-tar, testcontainers, wasmCloud), apply available patches, and establish processes to track abandoned dependencies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ftp-link-warns-of-critical-command-injection-flaw-in-omada-gateways%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/YRMMJCfhdv6KIKlmxJAqNO3GtktCsE2IxIEIUHmhdGY=428">
<span>
<strong>TP-Link Warns of Critical Command Injection Flaw in Omada Gateways (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TP-Link has issued a warning about two command injection vulnerabilities in Omada gateway devices that could allow attackers to execute arbitrary OS commands. One of the flaws has a critical severity rating (CVSS 9.3) and can be exploited by unauthenticated attackers, while the second requires access to the web management interface. TP-Link also disclosed two additional vulnerabilities in a separate bulletin that could allow command injection and root access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FRNF3Nn/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/1K6kggLyHksZV-3rvr0WXZ3I7lV_QeTYYrkr3M38PVk=428">
<span>
<strong>Tykit SVG Phishing Kit Tied to Attacks Targeting M365 Credentials (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from ANY.RUN identified a new phishing campaign using SVG attachments as lures, dubbed the Typical phishing kit or Tykit. The malicious SVG distracts users while embedded JavaScript redirects the victim to a βtrampolineβ page, which then leads to a phishing site mimicking the Microsoft 365 login page. ANY.RUN believes this campaign is operated by a Phishing-as-a-Service (PhaaS) operator.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2025%2F10%2F22%2Fprompt-injection-to-rce-in-ai-agents%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/HEt8X4CoPVWDw3fsE5LMLIEnjQ_UZIDeutmd7FJGJnQ=428">
<span>
<strong>Prompt Injection to RCE in AI Agents (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Trail of Bits discovered argument injection vulnerabilities across three popular AI agent platforms that allow attackers to bypass human approval safeguards and achieve remote code execution. The flaw exploits pre-approved βsafe commandsβ such as git, find, and ripgrep through malicious flag combinations (e.g., git show --format to write files, fd -x=python3 for execution, or go test -exec to run arbitrary code). These one-shot prompt-injections can be embedded in code comments, GitHub repositories, or logs. Researchers note that maintaining allowlists of βsafe commandsβ without sandboxing is fundamentally insecure, as flag filtering is impractical. Security teams should use container-based sandboxing, use argument separators (--), drastically reduce allowlists, and audit against GTFOBINS/LOLBINS for potential abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsaxrag.com%2Ftech%2Freversing%2F2025%2F06%2F01%2FBAWiFi.html%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/5auPbebLuRaW8uneCp-VE1EZLf90UF0l03KtDfDdilo=428">
<span>
<strong>Unlocking Free WiFi on British Airways (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
British Airways offers free βmessagingβ WiFi to frequent flyer members, limited to whitelisted messaging app domains via SNI (Server Name Indication) filtering in TLS handshakes. By simulating traffic to approved domains, researchers found they could tunnel general web activity through the free tier. The method relies on customizing TLS connections and proxying traffic, demonstrating how SNI leaks destination domains even when content is encrypted and how service restrictions can be bypassed with technical knowledge.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fq8AZyX/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/q-CP3cD_siELPuZEIbJw-o4udt9n2qk2UUK2gvzlKFA=428">
<span>
<strong>Verizon: Mobile Blindspot Leads to Needless Data Breaches (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Many organizations overlook mobile security, leaving them exposed as employees transmit attacks from personal devices. Smishing has become more effective than email phishing, with up to half of users failing simulated tests. Despite the availability of strong mobile defenses, most organizations fail to adopt them, leading to increased breach risk, downtime, and regulatory consequences.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/txQPjafcnPqm_unPbSd_ytIv0vnBl9G_aRrEKXBy7SQ=428">
<span>
<strong>Contain Slack Data Before It Costs Millions (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Uncontrolled data equals uncontrolled risk. BENlabs deployed Onna to protect against litigation costs and infosec vulnerabilities hiding in Slack. The result: proactive discovery, predictable costs, and stronger compliance. Onna gives teams the confidence to scale without fear of legal or security fallout.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/2/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/K2T8_6obq8zEgH7Gym4XO8IOmjxmZnFk4_myZDJOl34=428" rel="noopener noreferrer nofollow" target="_blank"><span>Download the full case study</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FWerWolv%2FImHex%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/czyPZrNtVr0OILIvv2jL7dHv4XPasLfl9Z_aKYsikjI=428">
<span>
<strong>ImHex (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Imhex is a modern, high-performance hex editor for reverse engineers and programmers. It features a visually optimized interface, data pattern analysis, and powerful scripting capabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.gravwell.io%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/YDaENmVRxe1tM-0DWMtxbrdnBhhEhnGRiP1muBSfcg8=428">
<span>
<strong>Gravwell (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gravwell is an enterprise analytics and security platform that helps teams centralize logs, accelerate threat hunting, and analyze data from both IT and OT environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fhoneybee-threat-research%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/jIUmV-tSlHkSqKJWQhc7Lnzo4Ri2xA39lCvoDeDBKnE=428">
<span>
<strong>Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wiz has open-sourced HoneyBee, an automation framework that rapidly deploys realistic honeypots by generating intentionally misconfigured Dockerfiles and Docker Compose manifests for popular cloud apps. Each honeypot can include AI-generated misconfigurations, Nuclei validation templates, and optional tcpdump monitoring. Using HoneyBee, Wiz researchers discovered cryptomining campaigns targeting exposed Java Debug Wire Protocol (JDWP) and PostgreSQL, capturing complete attack chains, from XMRig deployment to fileless persistence within hours. Honeybee supports three key use cases: validating detection rules safely, orchestrating honeypot networks with SIEM/CSPM integration, and creating hands-on training environments that mirror real-world misconfigurations
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F10%2Fchinese-gangs-made-over-1-billion-targeting-americans-with-scam-texts%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/QI4YQi3Bhc_6YDahZVKxJ3jZESerlLOkA28YxybG2vI=428">
<span>
<strong>Chinese Gangs Made Over $1B Targeting Americans With Scam Texts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese organized crime groups have generated over $1 billion in just three years through a large-scale SMS scam operation targeting Americans with fake toll, postage, and government refund messages. The campaign has surged 350% since January 2024, with a record 330,000 scam texts reported in a single day. The operation uses US-based SIM farms to send messages, steals credit card data, and bypasses MFA by adding stolen cards to mobile wallets (which banks often trust after first use). The groups also employ 400-500 gig workers and money mules recruited via Telegram to buy and resell high-value goods and gift cards for laundering. Security teams should educate users to avoid unsolicited payment messages, verify messages through official channels, tighten device trust policies for mobile wallets, monitor gift card purchases, and deploy anti-malware solutions with web protection and scam detection capabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fstate-of-cloud-security%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/MBRUfOnOHWglS0P3eXy9M_PU_CvdgxhzRbMxD-t4pqY=428">
<span>
<strong>State of Cloud Security (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog's 2025 State of Cloud Security report shows progress alongside persistent gaps across AWS, Azure, and Google Cloud. IMDSv2 enforcement has increased to 49% of EC2 instances, and federated authentication adoption now covers 79% of organizations. However, 59% of AWS IAM users still have access keys older than one year, and nearly one in five EC2 instances remain overprivileged. While data perimeter adoption and public access blocking have improved, insecure defaults and lingering legacy practices continue to expose organizations to risk.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F10%2Fjaguar-land-rover-struggling-8-weeks-after-most-expensive-uk-cyberattack%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/ubSHgfb_ZhtuWoHfaWfGJNg_7n25kihA9s1DvWnDRYU=428">
<span>
<strong>Jaguar Land Rover Looking at $2.5B Price Tag From Crippling Cyberattack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Jaguar Land Rover suffered one of the most expensive cyberattacks in UK history, disrupting production for weeks and affecting over 5,000 organizations. The attack is estimated to have cost at least Β£1.9 billion in damages and triggered significant supply chain and operational fallout. Government agencies intervened to assist in recovery, but full restoration of systems remains ongoing.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Fwhy-you-need-to-monitor-and-control-outbound-traffic%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_term=10232025/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/YYXq6T2M7adfCE7ybYz5PlPG13h5hvwTmLHAVynBwRM=428">
<span>
<strong>Your firewall is only doing half the job (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Discover how attackers βcall homeβ through your outbound trafficβand how you can stop them before they do real damage. Read the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Fwhy-you-need-to-monitor-and-control-outbound-traffic%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_term=10232025/2/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/RXsR0LfsEIGxCDW-ker3fK9Tc7NMsWrbxz6pYlp7uxI=428" rel="noopener noreferrer nofollow" target="_blank"><span>blog by Intrusion.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fsenate-commerce-robocall-bill-advances-committee-fcc%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/tephekYq3JADnQh-IlI6Mi-iqOUBsn556ffbwlOKb_0=428">
<span>
<strong>Robocalling Task Force Bill Advances in Senate (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The bipartisan Foreign Robocall Elimination Act has passed the Senate Commerce Committee, establishing an FCC-led task force to investigate overseas robocalling operations, recommend countermeasures, and evaluate the effectiveness of STIR/SHAKEN caller authentication protocols.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fover-266-000-f5-big-ip-instances-exposed-to-remote-attacks%2F%3Futm_source=tldrinfosec/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/LlEnHpljEtBecBsqFfGcnHJ9p_YWHTHVboPc02MKzkw=428">
<span>
<strong>Over 266,000 F5 BIG-IP Instances Exposed to Remote Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Shadowserver Foundation has identified over 266,000 internet-exposed F5 BIG-IP instances, nearly half located in the United States.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/rofPyA_s-UnqxaVfrZBI6bTUrBGt3MdL9yT2j-zu5xo=428" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/07z9kZUV5zKDBtkcs_l_MF8Z1YLApf5jprGvrK70Vv4=428" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/YyDWdvfA4PcRCjJ_Svz-DZ4VezinqJO7JbvOqSsWBvg=428"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/Qdz-oQMxmMLAurbSXSMQpElq9SIATGK763LV5LElEi4=428" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/hEW8HE2CnJ70Dc0S46y6VHgJq4WOxYdaUbvEWfibbPU=428"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/SWekFipYF7cflogfpgp8hC-SYGOKynri0C0CaJMroBc=428"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/CbV9Gni1_DirEt4XOwC_ojM_F_JdSXpQv6tiA6H_aUQ=428"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/KRK6rMIxlzJ9qDdqrr25UqvD2Pbe9N4Qjfa4Ls8xfB8=428">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=96e44ca2-aff8-11f0-91ef-b1610a53e78f%26pt=campaign%26pv=4%26spa=1761224480%26t=1761225233%26s=2f12b23e9b0c0afb9557c0d62d62a581cba773cdca2c85205e217f26ec40b2df/1/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/ImsH4rep2W8iaiu6gVeDJ-dpYSeZVapau753n4a5Y5A=428">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a113453c3-bd0df550-492e-45c0-aa86-534a5becc751-000000/rTzbfqGNa1xW6OG57MNlPgkz9_touoljklrO5TiCum8=428" style="display: none; width: 1px; height: 1px;">
</body></html>