<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">EY accidentally left a massive, unencrypted 4TB SQL Server backup file publicly accessible online, exposing sensitive data that included API keys β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/io6J1zQnENBTyarWgHiNEW-ryQUJbnsv6VBgxU9TLYI=429" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/unQAWT24Rses1TlX7oqKtHpoHTzuXkS0R7Z9mg3QbFU=429" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a982f4be-b87f-11f0-999f-d12007a2af73%26pt=campaign%26t=1762180082%26s=fe3b34513bd761294a2054192dd11e5977b5be2544c5468027a1bdd94bf456dd/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/u7p8tiOdmtjzSKyVQdYdTPZxbSJlbMqTEzSAgxyCSGk=429"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.iru.com%2F%3Futm_source=tldr%26utm_medium=paid-media%26utm_campaign=tldr_secondaryarticle_202511/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/WRwgBROHzUsxs8mQvRFW5nipcfXzDxw8lCUKZt9o5Fw=429"><img src="https://images.tldr.tech/iru.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Iru"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.iru.com%2F%3Futm_source=tldr%26utm_medium=paid-media%26utm_campaign=tldr_secondaryarticle_202511/2/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/TqiTIZAP5XOHEln_vn-IqXOar2s2rJc9g1FQzHqyGfY=429">
<span>
<strong>Collapse your security stack (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Iru is the AI-powered platform used by the world's fastest-growing companies to secure their users, apps, and devices. With Iru, you can secure Mac, Windows, & Android, enable passwordless single sign-on to every app, and stay audit-ready for SOC 2 and ISO 27001. Iru collapses the stack and gives IT & Security time and control back. Find out more at <a class="sh-color-blue sh-color" href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Firu.com%2F/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/pK5YIchu_VJu-AyapGJcyVQy3N575M8YgDJB09jbe-U=429" rel="noopener noreferrer" target="_blank"><span>iru.com</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-herodotus-android-malware-fakes-human-typing-to-avoid-detection%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/9_XQHswlbMqrit2nn5Y-_GSkGEQPnMp1nopkvI1orNk=429">
<span>
<strong>New Herodotus Android Malware Fakes Human Typing to Avoid Detection (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat Fabric has detected a new Android malware-as-a-service (MaaS) dubbed Herodotus that is being used in campaigns targeting Italian and Brazilian users through smishing. The malware uses a novel randomized delay of 0.3 to 3 seconds when typing to mimic human typing and evade behavioral detections. Herodotus also provides clients with a control panel to customize the SMS message, as well as the ability to overlay pages mimicking banking and crypto pages to steal credentials, overlay opaque pages to hide malicious behavior, an SMS stealer for MFA interception, and screen recording.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Foffensive-we-got-hacked-emails-sent-in-penn-security-incident%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/P8IzXwpYwKjbTz54mlegv51NqtgHMJezBDm75lVl9yM=429">
<span>
<strong>βWe got hackedβ Emails Threaten to Leak University of Pennsylvania Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This past Friday, students and alumni of the University of Pennsylvania received a series of offensive emails from various university email addresses stating that their data had been leaked. The university reported that its incident response team is addressing the issue, but hasn't released more specifics. The article includes a copy of the email, which appears to be politically motivated.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F29%2Fey_exposes_4tb_sql_database%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/Bz6yO24mNw74Qs5RGroSjfVZ25hiSdJKFFxF10XI4VE=429">
<span>
<strong>EY exposes 4TB+ SQL database to open internet for who knows how long (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EY accidentally left a massive, unencrypted 4TB SQL Server backup file publicly accessible online, exposing sensitive data that included API keys, passwords, and credentials. The database became accessible due to a misconfigured cloud bucket. The breach's duration is unknown. EY responded swiftly after being alerted and resolved the issue within a week, likely preventing further damage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fescape.tech%2Fblog%2Fmethodology-how-we-discovered-vulnerabilities-apps-built-with-vibe-coding%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/C4QYAcGihb-kuXDq56aPguO_TrBmOYa3CuFvV54Rqhg=429">
<span>
<strong>Methodology: How we discovered over 2k high-impact vulnerabilities in apps built with vibe coding platforms (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Platforms that enable anyone to build applications without prior coding experience are surging in popularity, but they also introduce serious security concerns. Escape's research analyzed over 5,600 publicly available applications created with these βvibe codingβ tools and found more than 2,000 vulnerabilities, along with hundreds of exposed secrets and personal data. Many issues arose from inexperienced users misconfiguring security, particularly when platforms automatically integrated third-party services, such as Supabase, without strict access controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fprivileged-account-monitoring%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/c9WC6OaWPNlFM2Z4_vq8pjR-LsnxVKN1k1qyPNqdI4s=429">
<span>
<strong>Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant uses a three-pillar approach to privileged account monitoring (PAM). The prevention pillar focuses on identifying all identities that can change system state, alter security policy, or reach sensitive data and tiering them into a hierarchy of privileged access. The detection pillar focuses on distinguishing PAM-related detections from regular abuse. The response pillar focuses on ensuring that break-glass accounts work and customizing an incident response plan for privileged accounts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frohannk.com%2Fposts%2FCode-in-the-Middle%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/RG6SWQeQPLOt07CUWXCT7IF-xUkfcORzYGSDZOZJgpY=429">
<span>
<strong>Code-in-the-Middle: An Introduction to IR (23 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Traditional EDR evasion methods, such as runtime packers and post-compilation obfuscation, are increasingly ineffective due to high-entropy signatures and recognizable patterns, prompting a shift toward compile-time obfuscation using the LLVM Intermediate Representation. This approach applies transformations like control flow flattening and API call hashing during compilation, rather than after. IRvana is a tool that leverages LLVM IR for fileless execution by using lli.exe to directly interpret obfuscated IR files directly. It achieves strong static detection bypass while acknowledging that dynamic behavioral detection remains challenging. Security teams should focus their detection efforts on behavioral analysis and process injection techniques, rather than relying solely on static signatures, as IR-based evasion makes traditional binary analysis significantly more challenging.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Fhow-ip-address-reputation-informs-network-security%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=11032025/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/5C3RjcPBpJMBnVDw4xKkij8dU1uogK2eoz7cI_Qi32U=429">
<span>
<strong>How to Use IP Reputation to Reduce Dwell Time, Stop Data Exfiltration, and Minimize Alert Fatigue (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Used effectively, IP reputation can reduce noise, improve detection accuracy, and support zero trust initiatives. But its real value depends on how it's applied. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Fhow-ip-address-reputation-informs-network-security%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=11032025/2/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/IShfiOmJx1Ij3XmPuYrixeV-UL6Riwa0tiEffGQ6EIQ=429" rel="noopener noreferrer nofollow" target="_blank"><span>Read Intrusion's guide</span></a> to learn how to wield it to your advantage β within context, in real time, and as part of a broader security strategy. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intrusion.com%2Fblog%2Fhow-ip-address-reputation-informs-network-security%2F%3Futm_campaign=22505002-AWS_Launch_2025%26utm_source=TLDR%26utm_medium=11032025/3/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/W9_dNByEdsyJWnFABxudp83nOpMIzI64vRC1uEqA9WE=429" rel="noopener noreferrer nofollow" target="_blank"><span>Read the blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQS8qrT/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/Ir0nGDEvWV4qzoM-8916m_Dj1sYwwdVjppV5sDFnTs4=429">
<span>
<strong>Introducing Aardvark: OpenAI's agentic security researcher (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Aardvark is OpenAI's new autonomous security research agent. Now in private beta, it is designed to help developers and security teams find and fix vulnerabilities. It continuously scans code repositories, prioritizes risks, and proposes targeted patches using AI-powered reasoning.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fbunkerity%2Fbunkerweb%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/_lz_X2zXDZkmLIcNMNOJxplcevrHByx-QB2Pukc8Mgo=429">
<span>
<strong>BunkerWeb (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Open-source and next-generation Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them secure by default.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcisco-ai-defense%2Fmcp-scanner%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/jk_stSJw6JVRnaTpjaTO1AAldzpMrifYaEffZvb9WBo=429">
<span>
<strong>MCP Scanner (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A tool from Cisco AI Defense that scans MCP servers and tools for potential findings using the Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Faustralia-warns-of-badcandy-infections-on-unpatched-cisco-devices%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/r1GRoO8x1t4Zt7AUjFobH-MVrcwWEdiOvxvpXliILQw=429">
<span>
<strong>Australia warns of BadCandy infections on unpatched Cisco devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Australia's ASD reported that over 400 Cisco IOS XE devices have been compromised with BadCandy webshell malware since July, exploiting CVE-2023-20198, a critical vulnerability that allows remote attackers to create administrative accounts and deploy Lua-based webshells with root privileges. The webshell persists until the device is rebooted, but can be easily reintroduced on unpatched systems, allowing attackers to detect its removal and re-exploit the same endpoints. Organizations must immediately patch affected Cisco IOS XE devices and follow the vendor's hardening guidelines, as state-sponsored actors, including Salt Typhoon, continue to exploit this two-year-old vulnerability for persistent network access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F10%2Feclipse-foundation-revokes-leaked-open.html%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/arajc_0jcH4DMMkSw_5beYXiA3Fw-fU6eHnya4E2lto=429">
<span>
<strong>Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Eclipse Foundation revoked a small number of leaked Open VSX tokens after Wiz discovered some Visual Studio Code extensions exposing access tokens in public repositories. The investigation showed that the leaks were due to developer mistakes, not a compromise. Eclipse has introduced new token formats, tightened security, improved revocation procedures, and is scanning for malicious patterns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F10%2F28%2Fcisco_citrix_vpn_ransomware%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/n7O9q8TpRP0RRu4vyIhehH4qztzS06BDQa_VnJcGnqw=429">
<span>
<strong>Firewalls and VPNs Are So Complex Now, They Can Actually Make You Less Secure (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Organizations using Cisco or Citrix VPNs are nearly seven times more likely to experience a ransomware attack. This is due to the growing complexity of properly securing on-premises VPNs. SonicWall VPN users were the second most likely to be breached, with a 5.8 times increased rate of incidence.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configurations%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q4_25%26utm_content=dac-%26utm_term=newsletter/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/dIhnpQRjPgS25E6Y83Otq6N1fJt6XbUUat3AGhhojqQ=429">
<span>
<strong>Eliminate the niggling misconfigurations that are chipping away at your security posture (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unused admin accounts. Mysterious firewall rules. Default Windows settings that weaken your defenses. ThreatLocker Defense Against Configurations (DAC) finds these problems and maps them to your compliance and security requirements. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configurations%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q4_25%26utm_content=dac-%26utm_term=newsletter/2/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/RRzvlBkh_fwNDxVsPi0sR-eZfYFduPnppJjyBf8mGUo=429" rel="noopener noreferrer nofollow" target="_blank"><span>See how</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJw8otm/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/WbHn3lbsPQaP1OjY1qOeHNpUTUEu0mW0q6y9XZK5tYo=429">
<span>
<strong>BTC bridge flagged for laundering money got hacked (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A protocol called Garden, which facilitates the swapping of bitcoin across blockchains, suffered a $11 million hack just days after announcing a major milestone.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.allaboutcircuits.com%2Fnews%2Farm-opens-access-to-chiplet-architectures-and-ai-platforms%2F%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/tCEi8YAMA5-Ixtuvh79DmrHg9ay7ndWPqZzeGlxRny4=429">
<span>
<strong>Arm Opens Access to Chiplet Architectures and AI Platforms (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Arm contributed its Foundation Chiplet System Architecture (FCSA) specification to the Open Compute Project, joined the OCP board alongside AMD and Nvidia, expanded its Total Design ecosystem from 20 to over 50 partners, and added its Armv9 Edge AI platform to its Flexible Access licensing program, enabling startups and smaller teams to prototype with production-grade IP at low or no upfront cost.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fit4sec.substack.com%2Fp%2Fble-chip-leaks-aes-keys-through-rf%3Futm_source=tldrinfosec/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/LL3M93W9nANOj_vvUQxMMaRIEofv3AQencWOi83hHn4=429">
<span>
<strong>BLE chip leaks AES keys through RF signals: a successful remote side-channel attack (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers demonstrated a remote RF-based side-channel attack on Nordic Semiconductor's nRF52832 BLE chip, recovering 128-bit AES keys at one meter using 2.4 GHz radio frequency analysis, raising security concerns for automotive and industrial systems.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/aU5yOgnUCGfoQgkk2hJBTnlp02xhN3s9i8oLtKYrpN8=429" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/9zS4mjyKQ1wn5jesEhZHdU4H0U2i7MlRvdmUUnsw0T4=429" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/aiuvZBXxzZQ4zCqCWRHHQgjlquLO5XWz3svddpmmZgY=429"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/DnOECEvLpSITHFggXtzn9ftTcEQqfERH7PmHN7V83Ek=429" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/ne286ooQyaB3OlxsnFGJJhsNksnDLC_FmI51UXTTrqk=429"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/bK5n3c9okmfJxMcqkB3oO3qJxCt4lFR0U3vCW98xzGg=429"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/a9BZwk2V_heq1qr1KOAEDyXFbEZs1W14mSi8QNgua28=429"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/S58CCzX19E3aFKgpLi4MkX7TirU_EeFjyaHp16x8cws=429">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a982f4be-b87f-11f0-999f-d12007a2af73%26pt=campaign%26pv=4%26spa=1762178492%26t=1762180082%26s=9b3f756cc728ed7200944c949be101fa177e83192587b57a6722add2f4d99edc/1/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/IU6jBotXPVyatVNnAGnYiDMNrhuDSMwojUBdmozDRiA=429">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a4a1e2a94-edfc8974-5df7-4232-8638-461f8ca3e9a8-000000/YZAHIl39Rz5FNss_lx9F0S3pkr8RHTM4Eo9Ow2IODOE=429" style="display: none; width: 1px; height: 1px;">
</body></html>