<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Endpoint security firm Koi Security uncovered a new self-spreading malware targeting developers, embedded in VS Code and OpenVSX extensions β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/zD5rZ2-fQ8V1p6Uw2W8zHNz8SeS8JpL37aXDB2sIwXY=428" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/_tcvsNyuvGnpYiMTnogX45msb1qC3RYUVYrhnkP9Yfg=428" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=84ba6676-b311-11f0-beb7-833efd24c2db%26pt=campaign%26t=1761570432%26s=3e17e4cbd8eb8ff8530eb0d74dca253a5e24806a6955104f2243c26b1526f3e7/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/X6WAKtQe6yPki81V_X-Thj_cVAaTrjWbJHbR2QXAkGU=428"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=b0fa9db7-2c47-463b-8c44-4a4b158e3a90%26sc_channel=el/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/JQBNkMZry5bKzN4mBqgMXuN-6_FtTWkgdKj_Q1w71Lw=428"><img src="https://images.tldr.tech/awsroidna.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="AWS"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-27</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=b0fa9db7-2c47-463b-8c44-4a4b158e3a90%26sc_channel=el/2/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/AkYagIPU-SlUkecACCKf_g6NInbFBEBYKqZGpSgYRJc=428">
<span>
<strong>AWS security tools with free trials and instant setup (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Explore security tools built specifically for <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=13d21eff-c23c-4e23-ae7c-11966b1ffbfc%26sc_channel=el/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/7o68c2MqvOdX_GclcIHFBov1B2joDDblRtaaELMC3nI=428" rel="noopener noreferrer nofollow" target="_blank"><span>AWS environments</span></a>. Deploy and test advanced solutions in minutes with free trials and pay-as-you-go pricing. From next-gen firewalls to automated compliance tools. Browse the complete collection and <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=dc32602e-43c6-43f7-846c-f837efe6ca9f%26sc_channel=el/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/a1RZJJ3MutZlqNOUzf16ghRmpJL8b2oibeafJgUIjLU=428" rel="noopener noreferrer nofollow" target="_blank"><span>start your free trial today.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ftoys-r-us-canada-warns-customers-info-leaked-in-data-breach%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/w-zd3KUZZci1WjehNpfG7pqlWM3pMRWwcC7gv82zHOc=428">
<span>
<strong>Toys βRβ Us Canada Warns Customers' Info Leaked in Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Toys βRβ Us Canada has sent notices to customers of a security incident in which threat actors leaked data they stole from its systems. The breached data includes full names, physical addresses, email addresses, and phone numbers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fself-spreading-glassworm-malware-hits-openvsx-vs-code-registries%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/93CwyF77gOsL-m9In-zPF5ugoXGODN7DmQXU1HJ0poI=428">
<span>
<strong>Self-Spreading GlassWorm Malware Hits OpenVSX, VA Code Registries (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Endpoint security firm Koi Security uncovered a new self-spreading malware targeting developers, embedded in VS Code and OpenVSX extensions. The malware was pushed via hidden code in compromised extensions, which downloaded an infostealer that stole cryptocurrency wallet data and credentials for GitHub, npm, and OpenVSX accounts. The malware also attempts to infect any extensions it gains access to to self-propagate.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/hrGGUFdO2IbNKzHS3hLEFx35RHc75atQDWmQ6BfWU3Y=428">
<span>
<strong>New CoPhish Attack Steals OAuth Tokens Via Copilot Studio Agents (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DataDog Security Labs identified a new phishing method exploiting Microsoft's Copilot Studio chatbots. Attackers can tailor the Login topic to create convincing phishing pages hosted on copilotstudio.microsoft.com. The attack involves administrators approving permission requests from the application, which can be a βdemo websiteβ that does not need Microsoft's verification.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fneuraltrust.ai%2Fblog%2Fopenai-atlas-omnibox-prompt-injection%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/jmhjCNDg-iBB3q3dLbuR-86LoDMDnnlA2WQvXdgveJM=428">
<span>
<strong>OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agentic browsers like OpenAI Atlas are vulnerable to exploitation if input boundaries are not strictly enforced. Attackers can create strings that look like URLs but contain natural-language commands, which the omnibox might interpret as user intent. This can allow malicious actors to override user commands, leading to unintended or harmful actions, such as opening phishing sites or executing destructive instructions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.magonia.io%2Fblog%2Fmaximizing-the-value-of-threat-indicators-and-reimagining-their-role-in-modern-detection%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/fv30aKOKmGk3KQjwXPfml3gmgELD66eusgZAqSNleVk=428">
<span>
<strong>Maximizing the Value of Indicators of Compromise and Reimagining Their Role in Modern Detection (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
File hashes, IP addresses, and domains are usually seen as indicators of compromise (IoCs), but they have limited value in investigations because adversaries can easily alter them. These IoCs can be more insightful if supplemented with additional contextual data like fuzzy hashes, GeoIP information, and domain reputation. As AI enhances malware developers' abilities, IoCs will no longer serve as standalone alerts but will evolve into data points that help build a comprehensive understanding of a threat actor's behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.talosintelligence.com%2Fusing-llm-as-a-reverse-engineering-sidekick%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/UWbaqY-qOcJGv_sp5LotRD8CYfqKYfEnDKAhgAsRzlQ=428">
<span>
<strong>Using LLMs as a reverse engineering sidekick (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post demonstrates how to use LLMs with Model Context Protocol (MCP) servers integrated into IDA Pro and Ghidra to accelerate malware reverse engineering through automated function analysis, code documentation, and variable renaming. Testing on IcedID malware compared cloud-based Claude Sonnet 3.7 ($2.91-$13.24 per analysis, 18-11 minutes) against local Ollama/Devstral models ($0 cost, 22-46 minutes), with cloud models providing more thorough analysis but at a higher expense. Key limitations include token costs escalating with file complexity, context window truncation causing local models to forget instructions mid-analysis, and security risks from prompt injection, tool poisoning, and potential data exfiltration when using untrusted MCP servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fevent%2Fdatadog-detect-q425%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-datadog-detect-infosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/lSRbsTWZrY5mWVTO5W2LMRssIDXaSqTTR-lqiWFD8is=428">
<span>
<strong>Datadog Detect: Free virtual conference on detection engineering (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Learn how to defend cloud control planes, adapt endpoint detection mindsets to cloud environments, and find the right balance in detection rules. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fevent%2Fdatadog-detect-q425%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-datadog-detect-infosec/2/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/-GuxxX9mCpMwkDYJZXTtPVWhPeMF_6BxxBpfPgud6k0=428" rel="noopener noreferrer nofollow" target="_blank"><span>Datadog Detect</span></a><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fevent%2Fdatadog-detect-q425%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-datadog-detect-infosec/3/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/xx23Q_OkG4eUHvwBpupR2Jav32M3SdsZ__HLFj0SlLA=428" rel="noopener noreferrer nofollow" target="_blank"><span> (October 30, 12PM ET)</span></a> brings together security researchers from Red Canary, Corelight, and Datadog to share practical approaches for building scalable detection and response. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fevent%2Fdatadog-detect-q425%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-datadog-detect-infosec/4/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/ujl5Ggo-oRpIrp_gQKmCg06HNHq50EGLJWMtIcmEy6c=428" rel="noopener noreferrer nofollow" target="_blank"><span>Register now to save your spot</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsoxoj%2Fmaigret%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/-U8P8_AEXzQ-Dj8cgDJEQ8S6jVcF9XQC-8erbyu8DCY=428">
<span>
<strong>Maigret (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Maigret collects a dossier on a person by username alone, checking accounts across a vast number of sites and gathering all available information from web pages. No API keys are required. Maigret is an easy-to-use and powerful fork of Sherlock.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FAdversis%2Fsketchy%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/i_-EpRfngHNHsNzqco0qzct8b7r8y1Rdn6HsafobiHk=428">
<span>
<strong>Sketchy (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sketchy is a cross-platform security scanner that checks for signs that a package, repository, or script might be malicious.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmicrosoft%2FSecRL%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/R1dULM6eJ98EczOF9hRd7ZpfOEaPmIL69OIlAzNhCWk=428">
<span>
<strong>ExCyTIn-Bench (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ExCyTIn-Bench is the first benchmark for evaluating LLM-based agents in threat hunting that uses security-question-answering pairs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fventurebeat.com%2Fai%2Fwhen-your-ai-browser-becomes-your-enemy-the-comet-security-disaster%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/QSZp8ZoH6_OkINuTmvAn07aiLXyV0Hl0FTHN1VSvev8=428">
<span>
<strong>When your AI browser becomes your enemy: The Comet security disaster (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered browsers promise convenience but can unintentionally follow dangerous instructions hidden in web content, risking user security. Comet's recent vulnerability exposed how easily AIs can be manipulated. They are like naive assistants who often cannot distinguish malicious commands from user input. A simple hidden command can hijack and send private data to a thief.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F10%2Fnso-permanently-barred-from-targeting-whatsapp-users-with-pegasus-spyware%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/X7H-pVe4AZs0kT_ytqFlgeQ-8qVJPExJtAqROY1Rdnk=428">
<span>
<strong>NSO permanently barred from targeting WhatsApp users with Pegasus spyware (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A federal judge issued a permanent injunction against NSO, banning it from using Pegasus spyware on WhatsApp users and requiring it to delete illegally obtained data. The ruling, from Meta's lawsuit, revealed that Pegasus infected activists', diplomats', and journalists' devices. Punitive damages were reduced, but the case sets a precedent that enhances privacy protections and makes attacks on encrypted platforms like WhatsApp riskier.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fhow-cloudflares-client-side-security-made-the-npm-supply-chain-attack-a-non%2F%3Futm_source=tldrinfosec/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/YK4t-6k2vrZGxVMTVuTOM4ZWY__jCp_IIUf8wTp66DM=428">
<span>
<strong>How Cloudflare's client-side security made the npm supply chain attack a non-event (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers used phishing to compromise npm maintainer accounts in September, injecting malicious code into 18 popular packages with over 2 billion weekly downloads to steal cryptocurrency and credentials from CI/CD pipelines. Cloudflare's Page Shield, using ML-based analysis of 3.5 billion scripts daily, detected all compromised packages with 98% precision and 90% recall by identifying obfuscated code and changes to wallet interfaces. Organizations should audit dependencies, rotate credentials, pin safe versions, and consider Cloudflare's Client-Side Risk Assessment for supply chain security.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/kov_Rr-_B7Q_1Cx2Vr6RuKdNzlhZW1qd8v6JimsqzYk=428">
<span>
<strong>Slack Can Mean 7-Figure Legal Bills, Unless...(Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
From lawsuits to data leaks, Slack data risk is real. BENlabs used Onna to stabilize costs, contain exposure, and safeguard growth.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.revealdata.com%2Fcase-study%2Fhow-benlabs-avoids-seven-figure-ediscovery-costs-with-onnas-prophylactic-approach%3Futm_campaign=19424793-25Q3%2520BENlabs%2520Case%2520Study%26utm_source=email%26utm_medium=Email%2520ads%26utm_content=tldr/2/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/_txDyu4bhZls_fw2wLLMjRBikEm5p0BlIILlfSsDpws=428" rel="noopener noreferrer nofollow" target="_blank"><span>See the case study now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FFUfcwf/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/vhRmeOTsR2g_ZTSoU7nyg5PgZwszLgK54BStubf8ME4=428">
<span>
<strong>Shutdown Sparks 85% Increase in US Gov't Cyberattacks (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An 85% increase in cyberattacks on US government agencies since October has led to over 555 million projected attacks this month.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F53cx0E/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/6e0uxZAUl-LUaJwxZlaL1zJb3o7oCalQMHcJV9bDdqs=428">
<span>
<strong>Reddit sues Perplexity and others for allegedly stealing data via Google (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reddit sued AI startup Perplexity, Lithuanian firm Oxylabs, SerpApi, and Russian company AWMProxy for allegedly circumventing platform protections by scraping Reddit content from Google search results to train AI models and resell data to companies like OpenAI and Meta.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/GkSPwFrOdiJF_TAt_3EBjLZB-oyvbL3Ef6sTxupZgNA=428" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/aFBSjsJTP19MBrF-LNeYFJAsE8WiIRdcVAFuB4w3Ufo=428" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/0hhQydxmiTrCZljmKq7oW4f29p8Vbau46g-gZ2t6Bvo=428"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/aCEVlaiKWi6ReqvSfQbuy-HWPy-vk5QvziStdq6mnJI=428" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/o3IukY2uTmAY2bl9X17TyrSACg228fOoPSgVgnV3QAc=428"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/A14t-0Zd9oqOEzfkhReRC3T_PgNA1-AxCinPw16Do68=428"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/qW7Ra99FlGrYNdJ2yKzFQMlyqwdXG1cQyDxIasKwxyE=428"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/ZajasNFn8NbHn579_-jlT3aDW3QtYyDPRCGp_14bnuk=428">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=84ba6676-b311-11f0-beb7-833efd24c2db%26pt=campaign%26pv=4%26spa=1761570084%26t=1761570432%26s=e111bb51fa81ab9c19d24699ef7977115ec28560180f4efe3d0589e27b43753f/1/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/MoWz8-ZN6kykAmFdXU43WGmrArWfr8xHo7Xo42aEkWI=428">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a25c7a4e7-25f24f35-3829-44fa-bd7d-005d59a99ebe-000000/UhOZ5xqND8yzxghbhxbPbs444NvtrFoeT3KkexixMjo=428" style="display: none; width: 1px; height: 1px;">
</body></html>