<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">RedTiger, an open-source Python-based infostealer repurposed by cybercriminals, targets Discord gamers to steal authentication tokens β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/wFpjYiCu9V1hVrRMPuFKZshiEBmDePekTKivJJZlgU0=429" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/Oss_eq72Bqd6iPQ10mWGgmNTomT-5fT79J6bde1o_p8=429" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=99a623bc-b579-11f0-bbc3-05e4c99a9207%26pt=campaign%26t=1761829621%26s=5079ea9e8151a44c8728cd1a175eb2202888893343f8a52076cb281e8d770d88/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/wzs5mWRsBVijtv8AMAbb7_Te7gWySJvlW7sxIemKuxo=429"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fairia.com%2F/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/j38cTEG6LvHy5zdLcrRHgaNVC5-hD6MpknQaSLwRMls=429"><img src="https://images.tldr.tech/airia.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Airia"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-10-30</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fairia.com%2F/2/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/FNs2MSwAt2ARb4Pun0ahRfpM6TMDLJvQKwTnjI1xUxg=429">
<span>
<strong>Airia: Enterprise AI Security & Orchestration (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Every AI tool in your organization touches sensitive dataβcustomer names, financial records, and more. One wrong move, and you could be facing a compliance nightmare. With <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fairia.com%2F/3/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/Glrnd-07cAFKMTJ3KH9LnE9dqt6obUhNl6s-0g5-PT4=429" rel="noopener noreferrer nofollow" target="_blank"><span>Airia</span></a>, you don't have to choose between innovation and governance.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fairia.com%2F/4/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/yC9T6qvx0VF-H_zLWhR6qJkkt11GxSsXmAZnwPfonEI=429" rel="noopener noreferrer nofollow" target="_blank"><span>Airia is the enterprise AI platform</span></a> built to protect what matters most. Quickly deploy AI workflows across departments, backed by invisible guardrails and baked-in security.</p>
<p>Features include:</p>
<ul>
<li><strong>Rapid AI Deployment:</strong> Use templates and no-code tools to prototype and launch AI agents quickly.</li>
<li><strong>Bring Your Own Data & Models:</strong> Seamlessly integrate enterprise applications and LLMs with built-in connectors.</li>
<li><strong>Comprehensive Security:</strong> Runtime controls, secure routing, and audit trails ensure airtight compliance.</li>
<li><strong>Lifecycle Optimization:</strong> Manage agent performance and costs with centralized orchestration.</li>
</ul>
<p>Empower your teams to embrace AI responsibly. <a class="text-primary dark:text-inherit underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fairia.com%2F/5/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/FZUIEBI6VFTFv4TAkdQKoF80x3Oh7XP3vXJmZli744s=429" rel="noopener noreferrer nofollow" target="_blank"><span>Get a demo</span></a> today. Let's make AI your competitive edge, without sacrificing security.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fredtiger-malware-discord-tokens-webcam-images%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/61TW5_nItSMawFxKXklpoRa6XAujNbHX0W5SYBeAcj8=429">
<span>
<strong>RedTiger Malware Steals Data, Discord Tokens, and Even Webcam Images (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RedTiger, an open-source Python-based infostealer repurposed by cybercriminals, targets Discord gamers (especially French-speaking users) to steal authentication tokens, payment information, browser credentials, cryptocurrency wallets, and webcam images while modifying Discord to maintain persistent access even after password changes. The malware evades detection by shutting down when it detects security tools, employs "mass file and process spamming" (creating 100 random files and launching 400 programs to hinder forensic analysis), and exfiltrates stolen data via GoFile with Discord webhook notifications to attackers. Security professionals should implement multi-factor authentication on Discord accounts, avoid downloading software from unverified sources, and recognize that legitimate security testing tools are increasingly weaponized for credential theft campaigns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F10%2F28%2Flg-uplus-is-latest-south-korean-telco-to-confirm-cybersecurity-incident%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/16fRQmBXJklLRMvjMw78epsdECsNst93NBsBkmXDCsw=429">
<span>
<strong>LG Uplus is latest South Korean telco to confirm cybersecurity incident (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LG Uplus, one of South Korea's largest telecom operators, has reported a suspected data breach to Korea's national cybersecurity watchdog KISA, but did not say when the results of its investigation would be available. All three major Korean telcos have faced recent cyber incidents, raising concerns about the country's digital defenses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fad-and-pr-giant-dentsu-says-hackers-stole-merkle-data%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/1gDDXW3cGcxjWpIbWNtrnShx1ddzvpUDh2YNPyQmqhM=429">
<span>
<strong>Ad and PR Giant Dentsu Says Hackers Stole Merkle Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Japanese advertising giant Dentsu has revealed that its subsidiary, Merkle, suffered a data breach that exposed sensitive information about clients, suppliers, and employees. The breach was detected following abnormal activity on Merkle's network, leading to some systems being shut down.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcc-sw.com%2Fleveraging-machine-learning-to-enhance-acoustic-eavesdropping-attacks-part-1-of-4%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/BDk88g64OpAAoFQlrZdV2KIGI65LK3bKEqtinYno_mQ=429">
<span>
<strong>Leveraging Machine Learning to Enhance Acoustic Eavesdropping Attacks (Part 1 of 4) (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers demonstrated that machine learning can significantly enhance acoustic side-channel attacks by analyzing keyboard typing sounds to reconstruct typed text with high accuracy, exploiting acoustic emanations from physical keystrokes captured via microphones or smartphones. The attacks leverage ML models trained on keystroke audio patterns to classify individual key presses, achieving reconstruction rates that pose realistic threats to password and sensitive data entry in shared or public spaces. Security professionals should educate users about acoustic eavesdropping risks in public environments, consider acoustic shielding for sensitive areas, and promote authentication methods less vulnerable to acoustic side-channels like biometrics or hardware tokens, rather than typed passwords.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjoshua.hu%2Fllm-engineer-review-sast-security-ai-tools-pentesters%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/n9I6jIZRPijD6gPtdICYGzeVe9umsavsMp_A0NP2DT8=429">
<span>
<strong>Hacking With AI SASTs: An Overview of βAI Security Engineersβ/βLLM Security Scannersβ for Penetration Testers and Security Teams (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An exploration of Almanax, Corgea, and ZeroPath Security's AI SAST capabilities. The post uses three steps in its evaluation: code retrieval and indexing, code scanning, and false positive detection, deduplication, and severity rating, along with some miscellaneous items like the ease of using the UIs. The author concludes that ZeroPath is the best out of the products tested, followed by Corgea and Almanax.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdreadnode.io%2Fblog%2Flolmil-living-off-the-land-models-and-inference-libraries%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/spEYBvi82ian6WCh6c8Uj5UxtIN6UxPH8HlWYqRhIFE=429">
<span>
<strong>LOLMIL: Living Off the Land Models and Inference Libraries (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PromptLock is a proof-of-concept malware developed by NYU researchers to operate autonomously using an LLM hosted by the researchers. The author of this post wanted to experiment with building a post-exploitation tool that leverages the LLM included in Microsoft's Copilot+ PCs to create malware that's not dependent on a Command and Control (C2) Server. By providing the malware with tools to identify, modify, and restart vulnerable services, they were able to exploit two services using the LLM in a test environment.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_gen_ds_wf-idv_tldr-wf-idv-lp/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/2X2F6Mp2z4uqnHj4GO1xlA3uQzKrkIDMJkUXTA46xBI=429">
<span>
<strong>Deepfake attacks surged 50x. Are your security defenses ready? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
At Persona, we've seen deepfake attacks surge 50x, yet 85% of CISOs say they lack GenAI-ready incident response plans. Workforce security is no longer about <em>if</em> you'll be targeted, but whether you're prepared.<p></p><p>Persona verifies employees, contractors, and vendors in seconds β automating identity checks to eliminate manual work and stop impersonation attacks before they spread. Integrate Persona's Workforce IDV solution with your existing security tech stack to verify who's actually behind every login, device, and network. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_gen_ds_wf-idv_tldr-wf-idv-lp/2/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/VdbKc2aQSvvpZ6vFqap4VtvVq0UuOE65KHsrROmsMeI=429" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more now</span></a>.
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fbootstrap-mtc%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/nXCAFCUWZy68N7UTe9PAIIEQdMq30elZB1pB9V3qKh4=429">
<span>
<strong>Keeping the Internet fast and secure: introducing Merkle Tree Certificates (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare and Chrome are testing Merkle Tree Certificates (MTCs) to improve post-quantum signature performance, which are 20 times larger than current ECDSA signatures (ML-DSA-44 signatures are 2,420 bytes vs 64 bytes for ECDSA-P256). MTCs reduce TLS handshakes to one signature, one public key, and one Merkle inclusion proof by batching certificates into Merkle trees with signed tree heads sent out-of-band to clients, compared to today's five signatures and two public keys per handshake. The deployment will use "bootstrap certificates" from trusted CAs to validate MTCs via certificate transparency, starting early 2026 with some Cloudflare and Chrome users to assess performance and ossification issues.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FYeeb1%2FSockTail%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/4YN9he-dA41jwwC4fFIiHeiBbSX_n86Dk4MQxniloIY=429">
<span>
<strong>SockTail (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SockTail is a compact binary that connects a device to a Tailscale network and provides a local SOCKS5 proxy on port 1080. It is designed for red team operations, enabling network access to a target system without the need for complex port forwarding, persistent daemons, or noisy tunnels.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cyber-ridge.com%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/ZSqdOpokZFRpGi0qU4KNuXfwpC0LEybd5mSLNny3ud4=429">
<span>
<strong>CyberRidge (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CyberRidge has developed a plug-and-play photonic encryption system that transforms transmitted data into encrypted optical noise. This shields data from interception, quantum analysis, and βharvest now, decrypt laterβ attacks, aiming for post-quantum secure data transmission.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbeelzebub.ai%2Fblog%2Fssh-llm-honeypot-caught-a-real-threat-actor%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/DTMyLZqyjwK7DAPw9ND6uqUSalsCKXHO7xjt4X2WCV0=429">
<span>
<strong>SSH LLM Honeypot caught a real threat actor (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Beelzebub LLM-powered SSH honeypot successfully detected a genuine threat actor who downloaded Perl backdoor scripts from a compromised Joomla site. The attacker attempted to establish IRC-based command-and-control (C&C) connections using "rootbox PerlBot v2.0" on Undernet channels #rootbox and #c0d3rs-TeaM. Their tactics, techniques, and procedures (TTPs) included downloading malware to /tmp, attempting to escalate privileges with sudo, and deploying botnet agents that connected to ix1.undernet.org:6667 for C&C operations. Security teams can utilize LLM honeypots to gather real-time threat intelligence and disrupt botnets by analyzing malware configurations and reporting C&C infrastructure to hosting providers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F29%2Fgermany_exchange_support%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/Jj0uKSL2NLW3xHz9KO7maaOnjPcCnTKHTfhMCYLhAOQ=429">
<span>
<strong>9 in 10 Exchange servers in Germany still running out-of-support software (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Germany's cybersecurity agency warns that over 90% of Exchange servers in the country are using software that no longer receives support or updates. This leaves thousands of organizations, including hospitals and public institutions, vulnerable to critical security threats and ransomware. Microsoft offers extended updates for a limited time, but officials urge urgent upgrades or migration to avoid total network compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fnfc-relay-malware-clone-tap-to-pay-android%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/osFopkoOKdxh602SBtIktKoqjlKssjGW3b41C8UZKRk=429">
<span>
<strong>Hackers Use NFC Relay Malware to Clone Tap-to-Pay Android Transactions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zimperium researchers discovered over 760 malicious Android apps exploiting NFC and Host Card Emulation features to relay payment card data in real-time to attackers via 70+ command-and-control servers and Telegram bots, with fake banking apps impersonating Google Pay, VTB Bank, and Santander across Russia, Poland, Brazil and other countries to enable fraudulent tap-to-pay transactions without physical card access, prompting recommendations to download apps only from Google Play Store and implement stronger NFC permission controls.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fintrusion.com%2Fblog%2Fwhy-you-need-to-monitor-and-control-outbound-traffic%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251030/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/8YVW6LJRy8NEzrawIIRrnPP05QQse787fncUh3osNxQ=429">
<span>
<strong>Is outbound network traffic your blind spot? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security tends to look at threats trying to enter your network - but malicious outbound traffic can undo your entire security stack. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fintrusion.com%2Fblog%2Fwhy-you-need-to-monitor-and-control-outbound-traffic%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251030/2/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/rYa8DLm7dC5ln1up3eh7M9nL39DPN1cWhu1wq4BsGPs=429" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Read the blog from Intrusion</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fus-teen-indicted-764-network-case-crimes%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/yAjKvn4Wp4vlBSVShHIFgSibDe768u7byTL71gogSfo=429">
<span>
<strong>US Teen Indicted in 764 Network Case Involving Exploitation Crimes (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 19-year-old California man faces federal charges for alleged involvement in the extremist "764" network, a Nihilistic Violent Extremist group focused on exploiting minors and collapsing social norms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcanada-says-hacktivists-breached-water-and-energy-facilities%2F%3Futm_source=tldrinfosec/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/Wj97uuabU44WFmxxYrIcdTVC5fM7jptvUO3OYddxDPo=429">
<span>
<strong>Canada says hacktivists breached water and energy facilities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Canadian authorities report multiple opportunistic hacktivist breaches of internet-exposed Industrial Control Systems at critical infrastructure facilities.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/FzKYx-48gEYbLp6DcTxf0MzC5LdVJqS7GrUBAz2n3Uk=429" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/_L5Uedo1rkEQoNcua7UWh1BUiASWbvDKUdhVxAnZl_Q=429" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/jtPe4s9UQXUGKPcyLE1XzeMs2Pz4STZyl_To3Fa6UeE=429"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/d7OBNWKRX2l69z5ldv9mS60MMrDTd1PWfUftBl9D7ZU=429" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/TWnOVd4wfzN29GEeBxyYnDZCpP3yabGtlxacT5naqKo=429"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/9x0trlOTFdkctHVLAO837lC1HO0Wtkx09MpbTLfzPlU=429"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/6Biu6u4xP02BQ3N7o8-grr7Zd9UPy2xXQIMSbqT_znc=429"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/7I8bziqtlgozRAYnNv0CjP_wec-It0Wb4eQWY8oThBc=429">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=99a623bc-b579-11f0-bbc3-05e4c99a9207%26pt=campaign%26pv=4%26spa=1761829290%26t=1761829621%26s=b4bdc67945c32ad2cf9f27c79211806d22e188a3017d74566f76553a8a578cbf/1/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/PxPSotWCcmV35Jx309UYCoWz9djD6rOzDIQaefJJffs=429">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a353a8df3-67c933c0-cb88-4a80-a99b-a05f79ae4e85-000000/A6-rKJhOkNtopxhNKAD_c3k-Oo3QABCI52VTw9SUHoQ=429" style="display: none; width: 1px; height: 1px;">
</body></html>