<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">There is a flaw in OpenAI's ChatGPT Atlas browser that allows attackers to inject malicious commands, leading to remote code execution </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/rWiSdxwBmByW_cnVNvpLPZ_q7Hv2EaH2NTRhpS7e-p4=429" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/uF6v6zNrSO-mnOpvjtLqFJZvSNbHF8KxORx96O-Cw1Y=429" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=573e1410-b4b3-11f0-9c09-631063bae119%26pt=campaign%26t=1761743196%26s=d700c906087b0ac777acf3af6ed89b87d6ae09409992c4ec290e26bb8617df37/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/BKwxwJ-EcKupYy97VjUDK96n977pGDchNe0EROmfmxk=429"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fhow-reddit-scales-secure-access%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_reddit-scales-secure-access_consideration_2025-10%26utm_content=text%26utm_term=live-october-29-primary-infosec-newsletter/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/WXG5Dm1BHRaFXK50BMpSwbukAHsqEG6vD_sd1reTSuQ=429"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-29</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fhow-reddit-scales-secure-access%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_reddit-scales-secure-access_consideration_2025-10%26utm_content=text%26utm_term=live-october-29-primary-infosec-newsletter/2/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/iqY12Oo4LGFqSRsmu1aJyZ9eqKifmVQ1LTQ0QGIkQEg=429">
<span>
<strong>Webinar: How Reddit matured access management with 1Password (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Poorly-managed passwords are the #1 cause of breaches, and they leave IT teams struggling with fragmented access management and manual onboarding/offboarding processes. Reddit was dealing with all these challenges, plus a compromised security vendor. They needed a solution that reduced credential risk without slowing down their employees.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fhow-reddit-scales-secure-access%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_reddit-scales-secure-access_consideration_2025-10%26utm_content=text%26utm_term=live-october-29-primary-infosec-newsletter/3/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/r0BQiTZrJ08qo-gjRDIwJyZnY_X0TOhx8BLcLOPYsI4=429" rel="noopener noreferrer nofollow" target="_blank"><span>In this webinar</span></a>, Reddit's Sr. Manager of Enterprise Security & Systems, Nick Fohs, shares the inside story of how his team used 1Password to manage credentials across the entire company. You'll get a first-hand look at the problems they faced, and the impact 1Password has had on security and efficiency.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fhow-reddit-scales-secure-access%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_reddit-scales-secure-access_consideration_2025-10%26utm_content=text%26utm_term=live-october-29-primary-infosec-newsletter/4/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/QmUZEjTcWXgY2idXDg_ZfmB1fczsV9GBzWJrOBNf-zs=429" rel="noopener noreferrer nofollow" target="_blank"><span>Register now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fchatgpt-tainted-memories-atlas-browser%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/0W2xqfCNjumxIfGJ0ZKt9eDL41ElenEKK8QcoQp_sLI=429">
<span>
<strong>'ChatGPT Tainted Memories' Exploit Enables Command Injection in Atlas Browser (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LayerX Security uncovered a flaw in OpenAI's ChatGPT Atlas browser that allows attackers to inject malicious commands, leading to remote code execution and persistent access. The exploit manipulates the browser's AI functions to process hidden malicious instructions, as Atlas provides 90% less phishing protection than Chrome or Edge. Security teams should restrict Atlas for sensitive accounts, monitor endpoints, and await OpenAI patches, treating AI browsers as higher risk with heightened security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fmassive-china-linked-smishing-campaign-leveraged-194000-domains%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/lfgSESW6_MhI4YYoCRiuYtRrTqLwpDGxtxoNF4KD4-Q=429">
<span>
<strong>Massive China-Linked Smishing Campaign Leveraged 194,000 Domains (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An extensive SMS phishing campaign, attributed to a Chinese-speaking group called Smishing Triad, has used over 194,000 domains since early 2024. The attackers impersonated services such as banks and delivery firms to steal personal data via urgent texts. Their tactics include cycling through disposable domains and running a phishing-as-a-service operation, making detection challenging for authorities worldwide.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fia.acs.org.au%2Farticle%2F2025%2Fwestern-sydney-uni-suffers-data-breach--again.html%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/GBuezeHfD2s3Gd_XEDMW9B7FrMBJze-zYl5IfJPJcY4=429">
<span>
<strong>Western Sydney Uni Suffers Data Breach, Again (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Western Sydney University (WSU) reported its third security incident of the year, with an unauthorized user accessing data belonging to staff and students. The breached data includes tax file numbers, bank account details, passport and driver's license details, visa information, health and disability information, addresses, email addresses, phone numbers, names, dates of birth, ethnicities, and student and staff IDs. WSU stated that the breach was caused by a daisy chain of supply chain attacks culminating in a third-party student management system being breached.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2025%2F10%2F27%2Fmaking-a-virtual-machine-look-like-real-hardware-to-malware%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/gSGmjqD9fyXnVLsHLi6lOq5KAF3txQSWBy6tL8t6wkY=429">
<span>
<strong>Making a Virtual Machine Look like Real Hardware to Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Malware can easily detect VirtualBox environments through obvious indicators such as registry keys, file artifacts, MAC addresses, and VirtualBox-specific naming conventions, undermining VM-based malware analysis. Security researchers created vbox_stealth (Bash) and VBoxCloak (PowerShell) tools to mask VM indicators by renaming hardware identifiers, modifying registry entries, and removing VirtualBox-specific processes and files. While these tools improve VM stealth capabilities, sophisticated malware may still employ more subtle detection methods that remain difficult to circumvent.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.latacora.com%2Fblog%2F2025%2F10%2F02%2Fecs-on-ec2-covering-gaps-in-imds-hardening%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/dbD4lyQvQvPn_Am0Qi7OnxvY9NKtHCo5garvQKCxSgk=429">
<span>
<strong>ECS on EC2: Covering Gaps in IMDS Hardening (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When launching AWS ECS tasks on EC2 instances, each task, by default, has access to the Instance Metadata Service (IMDS), which can be used to access credentials of other tasks or to escalate privileges to the instance role. Using IMDSv2 with a hop limit of 1 is not effective for stopping this attack vector, as some networking modes can still access IMDS. The article includes details for blocking IMDS access in each networking mode.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F28%2Fai_browsers_prompt_injection%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/l0Dm4fFV3W2SQjij4X5cQhKvaGJZ4ze6YJeUC2NnJuM=429">
<span>
<strong>AI browsers face a security flaw as inevitable as death and taxes (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prompt injection is an increasingly critical security issue as AI-driven browsers gain agentic capabilities: they can now act on users' behalf, from opening web pages to handling emails and files. This opens up new attack vectors, such as direct injection via URLs or indirect injection hidden within website or document text, allowing attackers to trick bots into performing dangerous actions without user consent. While some countermeasures, such as reduced privileges and human oversight, can lower risks, experts believe prompt injection is unavoidable, not just a bug but a fundamental vulnerability whenever AI interprets untrusted data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fgoogle%2Fosdfir-infrastructure%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/c68w3bv6SlS83d2uQcnMJwxvAUi6wpEx4x0Fhnr0KPA=429">
<span>
<strong>OSDFIR Infrastructure (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OSDFIR Infrastructure is a Kubernetes-based platform that uses Helm charts to simplify the deployment and integration of multiple open source digital forensics tools, including Timesketch, Yeti, OpenRelik, GRR, and others. The platform enables collaborative forensic investigations by providing a unified environment where tools can work together and share data through workflows and integrations. It streamlines the setup process for DFIR teams who want to deploy a comprehensive suite of forensic analysis tools in local or cloud Kubernetes clusters.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsublime.security%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/cKNEVFgQqdIFc4If0E284TyjlXS-zlVUEM_4FYtopm8=429">
<span>
<strong>Sublime Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sublime Security has developed an agentic email security platform that leverages AI agents to analyze messages in search of threats. The platform uses a distributed detection model that conducts intent and behavioral analysis, along with deep content inspection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FOpenNHP%2Fopennhp%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/KL432kqlAMhBkwZJikc9_s4ZwEl6Sp78u1FCk7rp6YA=429">
<span>
<strong>Opennhp (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pymnts.com%2Fcybersecurity%2F2025%2Fnydfs-issues-guidance-on-3rd-party-cybersecurity-risks%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/_ZfJSvg1B-puOhFTMBUyzQBec1vNDbnwVXFGBnv-rlw=429">
<span>
<strong>NYDFS Issues Guidance on 3rd Party Cybersecurity Risks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The New York State Department of Financial Services announced new guidance regarding the use of third-party service providers. Third-party suppliers can cause supply chain attacks if attackers compromise them, and can be the weak link in an organization's security strategy. The new guidance does not impose new regulations or restrictions on regulated organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.security.com%2Fblog-post%2Ftoolshell-china-zingdoor%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/Omj1vkQ3_vnHzg3MnPWFiA1-_AsWjmxSjhx2Lxijb7s=429">
<span>
<strong>ToolShell Used to Compromise Telecoms Company in Middle East (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese threat actors exploited the ToolShell SharePoint vulnerability (CVE-2025-53770) just two days after Microsoft patched it in July, compromising a Middle East telecoms company and multiple government agencies by using the Zingdoor backdoor, the ShadowPad Trojan, and KrustyLoader malware. The attackers demonstrated rapid exploitation capabilities by mass-scanning for vulnerable systems, then deploying sophisticated toolsets, including DLL sideloading techniques, credential-dumping utilities, and the Sliver C2 framework for persistent access. Organizations should prioritize immediate patching of SharePoint servers and monitor for indicators, including the provided file hashes, with particular focus on DLL sideloading activities and connections to the identified AWS-hosted C2 infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.coveware.com%2Fblog%2F2025%2F10%2F24%2Finsider-threats-loom-while-ransom-payment-rates-plummet%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/ht1esw1ywhCeGny4JOC4cOABMlG-Tl1TXr65BZAuqvs=429">
<span>
<strong>Insider Threats Loom while Ransom Payment Rates Plummet (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ransomware groups are adapting as ransom payment rates hit historic lows at just 23% of ransom attacks. Attackers are increasingly using social engineering and insider bribes, like in Medusa's BBC attack, driven by shrinking profits and tougher defenses. Mid-market firms remain the most frequent victims, but larger enterprises face new, targeted extortion methods.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.veeam.com%2Fhalloveeam-de.html%3Fccode=operational_701UG00000TlQw1YAF%26utm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/ny9drkcO9ZBLmwQzh5ZXMUESiWIvfv0lImC6vabfSDw=429">
<span>
<strong>HalloVeeam: The Halloween Special Your IT Team Deserves (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Malware monsters. Defender superheroes. Epic battles for your data. We're making cybersecurity as entertaining as your favorite Halloween movie. Real lessons, zero boredom. October 30th, 2-3pm CET. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.veeam.com%2Fhalloveeam-de.html%3Fccode=operational_701UG00000TlQw1YAF/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/TxGlwsNhkL4Ccvx1Q4V104R-4EhoipqkIqQAu3zoNtU=429" rel="noopener noreferrer nofollow" target="_blank"><span>Don't miss it.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fx-retire-twitter-com-re-register-security-keys%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/jokUPAs7Jr0C8ZuuOIEnTPiiWWTGqbHr48JuZpy1ixo=429">
<span>
<strong>X to Retire Twitter.com, Users Must Re-Register Security Keys by Nov 10 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
X will require users with hardware security keys or passkeys to re-enroll their 2FA devices by November 10, as it is moving from twitter.com to x.com.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Ftech%2F807834%2Fmeta-smart-glasses-privacy-laws-wearables%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/AaFo3cgOGt-Zi2DSqITBZZ4awJBZZIPW7XQpgivRVGk=429">
<span>
<strong>Privacy laws can't keep up with ‘luxury surveillance' (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta's latest smart glasses are pushing wearable surveillance into daily life, challenging both privacy laws and social norms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fgoogle%2Fgoogle-chrome-to-warn-users-before-opening-insecure-http-sites%2F%3Futm_source=tldrinfosec/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/M-1YJ-ACxweKTSyuzDSJatHB_jw-9MdXbmGWRXW03Q8=429">
<span>
<strong>Google Chrome to warn users before opening insecure HTTP sites (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chrome 154 will enable "Always Use Secure Connections" by default in October 2026 to protect against MITM attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/2eFwePel61VAMIdcu6x-7bu1P3Ox5dMOh5wFDgfjOYA=429" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/irwO6KfladgHeor_Y7G6ESZTHxbNWmJB_qPDgdvkRxc=429" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/39kOUhpfHaJePfU_-8xlZboq1MQHpbstpKQjgMlxevg=429"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/HHHuBWtSGLhcI0hUjYH0Q_o4CM8pv5u2noX9BRUS-uo=429" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/wgiyhmCeB8QwiYUQ-3ZA5zossnuoDU0ebCIZbdDUVO0=429"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/mglVqQptDsm_pKQfEAE0yKSBBAs_E0_QJhm7lMKDPw4=429"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/151HmunTaGhgMgMsQLI40ByY4flaxYmnm91-B-wfUZk=429"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/a8Ja5xCUONBMtWBujkQCJ-o95jT2bVtAKG-CP5K0yC8=429">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=573e1410-b4b3-11f0-9c09-631063bae119%26pt=campaign%26pv=4%26spa=1761742888%26t=1761743196%26s=0a78a62ba04c3c9f5518446ed3eba411f7724bab04b2ab4ec3eb868a8c1a4001/1/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/pWZICgZz_dtuK2bWbigDZGnf1z5RAs--1fm5SX1X210=429">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a3013d0be-32b7e368-9a2f-4b38-bbf5-2d2da4bebe11-000000/onBuRCZpYNvX9PJVsHRYNJb-g1vEPlbmY33Izdrm6Q8=429" style="display: none; width: 1px; height: 1px;">
</body></html>