<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CISA has added a 2024 use-after-free vulnerability to the known exploited vulnerabilities (KEV) list after it was observed being exploited β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/7JMi0RabqGRpKo4siyCyDN9ck0B5eSbgq14U8S6sks4=430" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/eTxfyw6xAMra0cNabaMCG5AVx9oG5NUJ9i_YkvWFrv0=430" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b7482d10-b949-11f0-a419-61201a4f431a%26pt=campaign%26t=1762265173%26s=b4416dc2a9f911208b69da0a16a9b81a826e194bf9fc3f3fa0841ac0e42a2151/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/7xhyMjMPtj8vZc6Tut3MZWytg0if_s7NlmPtcnOeHqM=430"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/umAVlGE3_IFfbYpdJko5F9ITH8jrE2aihiCUqyoFeZk=430"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-04</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/2/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/3c7m1_f05aArKUQqHgUAiK7mRkUqG4b3_SRQX4xd5wc=430">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing has gone beyond email. Today's attackers use AI-generated voices, videos, and interactive deepfakes of company executives. They can fool almost anyone - including you and your coworkers.<p></p><p>Backed by <strong>$55M+ in funding from OpenAI and a16z</strong>, Adaptive Security is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/3/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/qiBSveSPiRn8K2GZZoVX70qp4s5fsAxLiIGLrY_npCo=430" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive keeps employees on their feet with tools such as:</p>
<ul>
<li>Deepfake phishing simulations of company executives in real-world attack scenarios</li>
<li>Interactive, customizable training content tailored for each employee (500+ resources)</li>
<li>AI-driven risk scoring that factors in your publicly available data adversaries can exploit</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fadaptive-security-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/4/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/_KZWEn8OMJgnd8bGxZZNT95e8gjjeCeiyheFYKTifG0=430" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>to chat with a custom interactive deepfake of your boss</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250917/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/kC6Q--OnmtGPvcnbnQxMIdBaeI1RRICFRmSPYbDWzyc=430" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a self-guided tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.polskieradio.pl%2F395%2F7786%2FArtykul%2F3602083,poland-hit-by-another-major-cyberattack-as-hackers-steal-users'-data-from-loan-platform%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/MfiG-KSMncg2Q1eRT-qHzMlsaBFvYydsuwJf__Ut_48=430">
<span>
<strong>Poland Hit By Another Major Cyberattack As Hackers Steal Users' Data From Loan Platform (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Polish authorities are investigating a large-scale cyberattack that compromised personal data belonging to clients of the SuperGrosz online loan platform. Poland's Deputy Prime Minister Gawkowski reported that the attackers stole names, national identification numbers, ID card details, email and home addresses, phone numbers, nationality, bank account numbers, and other sensitive personal information. Affected users are advised to exercise caution, change passwords, enable 2FA, and use the government's mobile app to block their national identification number.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcisa-linux-privilege-escalation-flaw-now-exploited-in-ransomware-attacks%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/_vmnrAJ4JOtBZa6HJxT52k2TlC4wXBhKA7tdG3Yj6FQ=430">
<span>
<strong>CISA: High-Severity Linux Flaw Now Exploited By Ransomware Gangs (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA has added a 2024 use-after-free vulnerability to the known exploited vulnerabilities (KEV) list after it was observed being exploited by ransomware gangs. The vulnerability results from a decade-old flaw in the netfilter:nf_tables kernel component and can be abused by local attackers to escalate privileges to root.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F184130%2Fsecurity%2Fandroid-apps-misusing-nfc-and-hce-to-steal-payment-data-on-the-rise.html%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/k-xy2K1-uvIPHthTniUZx1a_b7eWqEMt0V43tk98rR4=430">
<span>
<strong>Android Apps misusing NFC and HCE to steal payment data on the rise (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zimperium researchers discovered over 760 malicious Android apps exploiting Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data through NFC relay attacks, showing dramatic growth since April 2024. These apps impersonate trusted financial institutions and trick users into setting them as default NFC payment handlers, then use command-and-control servers to relay card terminal requests and exfiltrate EMV data to Telegram channels. The campaign has targeted over 20 institutions globally using 70+ C2 servers, primarily focusing on Russian banks but also affecting European banks, Brazilian institutions, and services like Google Pay.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsurfingcomplexity.blog%2Fposts%2Fyoull-never-see-attrition-referenced-in-an-rca%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/TyohXH8bIeMs639RFSzqauR8p_EwPCbkg8SPa3ZlNF4=430">
<span>
<strong>You'll never see attrition referenced in an RCA (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Public incident reports intentionally omit staff attrition as a contributing factor to reassure customers that issues are being resolved, since mentioning workforce issues could undermine confidence and create liability. Internal analyses also rarely consider attrition, focusing instead on technical details rather than organizational factors that increase system vulnerability. Attrition is like smoking and lung cancer - it's a risk factor that heightens the likelihood of failures without being necessary or sufficient on its own.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fpublicsector%2Fmosip-on-aws-technical-deep-dive-exploring-architecture-implementation-and-deployment-models%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/U8VGMpcHJ4ptDwm8bhuHrRdXenRJ2-7xvCvI5-VQtKU=430">
<span>
<strong>MOSIP on AWS: Technical deep dive exploring architecture, implementation, and deployment models (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS and Atos developed a cloud-based digital identity platform using MOSIP, addressing security challenges with multi-layered defenses like AWS Shield, WAF, CloudFront, segmented VPCs, and dedicated CloudHSM. It offers four hybrid deployment models for data sovereignty, from fully cloud to on-premises, with security controls such as data encryption, role-based access via OAuth2, and monitoring through GuardDuty and CloudWatch. Security teams should evaluate hybrid cloud architectures for sensitive government systems, implement defense-in-depth with hardware security modules, and use Infrastructure-as-Code for consistent security controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdispatch.thorcollective.com%2Fp%2Fcant-hide-in-3d%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/5VHEeZ9u2RirCvctdVP3EK6ayuqGF7kjS6YJSiBVXKs=430">
<span>
<strong>Can't Hide in 3D (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Time-Terrain-Behavior (TTB) mapping can be used to transform logs and security events into a 3D landscape to create a visual threat landscape. The x-axis is set as the terrain layer and measures how many different tools detected an entity, the y-axis measures how many different time periods an entity was active in, and the z-axis measures how many different actions an entity performs. This post works through applying this methodology to the Splunk BOTS v2 scenario.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/0jK-tPWpexzZ5AyDjjIjRMyDYWW9idYqVRlfkSOODzc=430">
<span>
<strong>How to secure on-device AI workloads (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is transforming productivityβbut it's also expanding the attack surface. Learn how to build a resilient endpoint strategy that supports on-device AI innovation without compromising data integrity. Develop and deploy AI models on a secure, modern foundation with the latest Dell and Intel AI PCs. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.delltechnologies.com%2Fasset%2Fen-us%2Fsolutions%2Fbusiness-solutions%2Fbriefs-summaries%2Fendpoint-security-for-ai-ebook.pdf/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/DctsE7Ry-l0O6IOy7AESxuRA_lsbs5ecfkIyIKPI3RE=430" rel="noopener noreferrer nofollow" target="_blank"><span>Get the eBook: Endpoint Security for AI</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Falmounah%2Forsted%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/zeye98479rsY_siO2q0Yr1UefRGGBCm93mZv6oYmTgo=430">
<span>
<strong>Orsted C2 (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Orsted is a C2 framework that consists of multiple beacons that can communicate with each other and the main Orsted server.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpacket.delivery%2Fblog%2Fpatching-galaxy100-firmware.html%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/ujZk0u8A_2ONrkFB_t-gtPqIEkjVvos_YnguMpJNMUU=430">
<span>
<strong>Using Ghidra to patch my keyboard's firmware (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In this post, a researcher demonstrates firmware reverse engineering on the Epomaker Galaxy100 keyboard using Ghidra to bypass VIA configuration limitations and modify key mappings. The technical approach involved extracting firmware via DFU mode (Fn+L+Esc), setting up proper memory mapping in Ghidra for ARM Cortex-M3 architecture, locating USB HID keycode tables through pattern matching, and directly patching binary offsets to swap function key layers. Security professionals can apply these techniques for embedded device analysis, firmware modification workflows, and understanding how consumer hardware implements bootloader protections and keycode handling mechanisms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.reflectiz.com%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/vb-1nQmsKCilukJL1H8O28vgzWzSGbSrgxBMPx7Sw4Q=430">
<span>
<strong>Reflectiz (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reflectiz provides an agentless web exposure management platform that detects third-party tools and code risks, de-obfuscates suspicious JavaScript, and gives organizations centralized visibility and control over website activity and security compliance.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fchina-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/aZN_SUAsZ9wN0rZk4SlhK03A8GpfaRQ95woA3DMwobo=430">
<span>
<strong>China-linked hackers exploited Lanscope flaw as a zero-day in attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese cyber-espionage group Bronze Butler (Tick) exploited CVE-2025-61932, a critical request origin verification flaw in Motex Lanscope Endpoint Manager versions 9.4.7.2 and earlier, as a zero-day vulnerability for several months before it was patched in October. The attackers exploited this vulnerability to achieve unauthenticated remote code execution with SYSTEM privileges, deploying an updated Gokcpdoor malware variant that features multiplexed command-and-control communication and DLL sideloading for evasion, along with tools such as goddi Active Directory dumper and 7-Zip for data exfiltration to cloud storage services. Organizations using Lanscope Endpoint Manager must immediately upgrade to patched versions, as no workarounds exist, while security teams should monitor for indicators of Bronze Butler activity, including Gokcpdoor malware, OAED Loader, and connections to ports 38000/38002.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fpolicy%2F812700%2Funiversity-pennsylvania-hack-data-sale-dei%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/yhCAIoyph6YxI1ZOb9TexIfimV8W2PulfF4TSiSiBpI=430">
<span>
<strong>Alleged U Penn hacker claims they're in it for money, not βprimarily βanti-DEIβ' (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers breached the University of Pennsylvania's systems, aiming to sell roughly 1.2 million lines of personal donor data. Unlike previous university hacks tied to diversity debates, this attack focused on financial gain, not ideology. U Penn is investigating and has involved the FBI as affected individuals have confirmed their stolen data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F11%2F03%2Fmetropolitan_police_hails_facial_recognition%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/eF5OAw7D8ElrwT9NzkK4egYXhoimZbmiDs2Nex2_Jyc=430">
<span>
<strong>Metropolitan Police hails facial recognition tech after record year for arrests (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
London's Metropolitan Police credits live facial recognition technology with enabling 962 arrests over the past year. While officials cite improved public safety and broad support, privacy advocates raise concerns about racial bias, noting 80 percent of false alerts involved Black individuals. The report claims these disparities are not statistically significant, yet critics argue for better oversight and legal safeguards to protect civil rights.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fwhitepaper%2Fforrester-it-ai-orchestration-2025%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=infosec-quicklink-0411/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/uTj7PhhVamcQeSvmhnpuag4JXrN5qNXZMpoDx8gvGdE=430">
<span>
<strong>Here's what 400+ IT leaders think about AI adoption, orchestration, and governance (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tines commissioned Forrester to ask 400+ IT leaders about their biggest AI challenges. The results show where AI adoption stalls, why orchestration unlocks value, and how IT is primed to lead. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fwhitepaper%2Fforrester-it-ai-orchestration-2025%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=infosec-quicklink-0411/2/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/l2sY4X9JHrybMBdnljOlqPpia8sd69njwl85t3rQKaM=430" rel="noopener noreferrer nofollow" target="_blank"><span>Read the full study.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fclaude-ai-apis-can-be-abused-for-data-exfiltration%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/v4GNw_u8WAVYkCemN5lCruzxvr3FliBZYASACaSyk1Y=430">
<span>
<strong>Claude AI APIs Can Be Abused for Data Exfiltration (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers can exploit Anthropic's Claude AI APIs using indirect prompt injections to extract user data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fcybercriminals-exploit-remote.html%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/NG-a94kskP93lebS3KiQuK2nsO54cDDEL0IxxYarM_0=430">
<span>
<strong>Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors are collaborating with organized crime groups to deploy legitimate RMM tools like ScreenConnect and SimpleHelp through spear-phishing and fraudulent freight listings to gain network access at logistics companies, enabling them to manipulate dispatch systems and steal physical cargo shipments, primarily food and beverage products.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2025%2F11%2Falleged-jabber-zeus-coder-mricq-in-u-s-custody%2F%3Futm_source=tldrinfosec/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/rIVBnddNnrynvrNP4iwMg-i-HR2DXABKNOVHexoPi3Q=430">
<span>
<strong>Alleged Jabber Zeus Coder 'MrICQ' in US Custody (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ukrainian cybercriminal Yuriy Igorevich Rybtsov, known as "MrICQ," was extradited from Italy to face charges for developing the Jabber Zeus banking trojan, which used man-in-the-browser attacks and real-time one-time password interception to steal tens of millions from US businesses through payroll manipulation and money mule networks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/_AxzxJEuFSO8TRF2-VT4v60Lr56kMDCwZO1ay_XsvoY=430" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/ubSpKmErEmoOK5NSlrV-XGAFLWH24s2PhIl2e6Q741o=430" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/geMQsL0yMvEqFkPowVP7rGklE2vgzLvrSbID2quJ9Zk=430"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/-NMX4hYjylaUc9PoZ_rcc3xahZVpP0yr4o239u3cZsY=430" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/XpgViOMEi7wAdDZ_l6h1cNMl1ZhCfL_j9uTKkDu-1hY=430"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/7prbCuKUz5zbZRnN4jLYYMOR_jN_aNcuDDLNt_9jJrs=430"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/q-wTCHoGFq_15ZWzSdVdPW9L04ymt-3DAKQ1s_B8JP4=430"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/SI9Nf4hl3rLdA6Uz4zf69YSPq_BlwYbhR8KmAgm2ONo=430">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b7482d10-b949-11f0-a419-61201a4f431a%26pt=campaign%26pv=4%26spa=1762264876%26t=1762265173%26s=544ba871a73d7cd6fdeefdf2d7245f6f236e3017dc8e6a6b4a2357d0cd7a7b64/1/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/V4XL7bJ7_4JGOOSXkIDRg_qnBF_zxBjebk8eGAuAApg=430">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a4f308d63-0b7d2287-68d6-4357-90e0-b5e03c0ccc9f-000000/91PG0omBma7uxWcQ-WvQRGIRznDoS0tCwAj00hVaT-g=430" style="display: none; width: 1px; height: 1px;">
</body></html>