<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The US Congressional Budget Office (CBO) confirmed that it had suffered a cyberattack after detecting unauthorized access to its networks </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/q53nhOXgPoo4HzmkIPDF1acYQOQCNjL-APIbMIvu7zQ=430" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/AHLwfzhP8oNbUGEhEce9_KBrjK-SK5h-UA8eN5yEOq8=430" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=47309c7a-be0c-11f0-bea6-e1028bbd6894%26pt=campaign%26t=1762783594%26s=7e718c2a5edcbe89978d611fcc3415b8ca7ed0b97dff56312cd5fd5ea3a4794e/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/KSqTrMS1Ws0J72LytzxYkgA7EOeZ4Cmnzv2G2OaVeQ0=430"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=linkedin%26utm_medium=paid-social%26sfcampaign_id=701Rc00000W7BAoIAN/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/pSIaxv07BdN1tX5Te9nJhrqdZ8uitYPP9F4VLtwNV_M=430"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-10</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=linkedin%26utm_medium=paid-social%26sfcampaign_id=701Rc00000W7BAoIAN/2/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/HKGhtewSIjejXgOsJ2IYfvGqOuv1FRsvbDRP4nHQwz8=430">
<span>
<strong>Infostealers are now the #1 driver of identity attacks — learn to defend against them (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Identity is the new attack surface, and infostealers are at the frontline - fuelling ransomware, fraud, and data breaches for bad actors. Low costs and easy access mean they're here to stay.<p></p><p>Download this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/UgnEK01kiklwjP_g-3eVhCkp2Ebd2-gU-PpW2L-VHc8=430" rel="noopener noreferrer nofollow" target="_blank"><span>Flashpoint guide</span></a> to learn:</p>
<ul>
<li>Which strains of infostealers dominate underground markets — and how they're deployed,</li>
<li>How stolen identities are weaponized and <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=linkedin%26utm_medium=paid-social%26sfcampaign_id=701Rc00000W7BAoIAN/3/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/xR4bYVIrE9fvnORxb5I5gSVyDzu9AUm0etD521CRGiU=430" rel="noopener noreferrer nofollow" target="_blank"><span>what you can do to monitor + respond</span></a>, </li>
<li>Why early visibility into compromised accounts is key to neutralizing infostealer attacks,</li>
<li>Methods for using the logs you already have to close security gaps. </li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/2/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/yLI80AMvQrwlj4MCs7wbNIropc4zh9kObHYH83bmXAc=430" rel="noopener noreferrer nofollow" target="_blank"><span>↗️ Read <em>The Proactive Defender's Guide to Infostealers</em></span></a><em>.</em>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fus-congressional-budget-office-hit-by-suspected-foreign-cyberattack%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/MR0W5aJG7-QsNmW4MOd_jpOEc4oSIDXiQ3QarI5hgKY=430">
<span>
<strong>US Congressional Budget Office Hit By Suspected Foreign Cyberattack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US Congressional Budget Office (CBO) confirmed that it had suffered a cyberattack after detecting unauthorized access to its networks. Officials who discovered the breach are concerned that emails between CBO and congressional offices may have been exposed. A foreign actor is suspected.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/AOc8ynu625phWSLh_cSDfCX76sBIxH_JJyTh1iDfvS0=430">
<span>
<strong>Dangerous runC flaws could allow hackers to escape Docker containers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Three critical vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) in the runC container runtime used by Docker and Kubernetes allow attackers to exploit symlink races and bind-mount redirections to gain root-level write access to the host system, bypassing container isolation by manipulating /dev/null, /dev/console, and /proc filesystem mounts during container initialization. The flaws affect all runC versions for CVE-2025-31133 and CVE-2025-52881, while CVE-2025-52565 impacts versions 1.0.0-rc3 and later, with patches available in runC versions 1.2.8, 1.3.3, 1.4.0-rc.3 and above. Security teams should immediately update to patched runC versions, enable user namespaces without mapping host root into containers, implement rootless containers where possible, and monitor for suspicious symlink behaviors that could indicate exploitation attempts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/KaH40vDUmUhxqnq2QEx1sqjw-1MIQpCVr7-ZWO7Xn88=430">
<span>
<strong>New LandFall spyware exploited Samsung zero-day via WhatsApp messages (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A threat actor exploited CVE-2025-21042, a critical out-of-bounds write zero-day in Samsung's libimagecodec.quram.so library, to deploy LandFall spyware via malicious .DNG images sent through WhatsApp to Samsung Galaxy users (S22, S23, S24, Z Fold 4, and Z Flip 4) in the Middle East from July 2024 until Samsung patched it in April 2025. The spyware delivered a malformed DNG file with an embedded ZIP archive containing a loader and SELinux policy manipulator, enabling extensive spying such as microphone/call recording, location tracking, and access to photos, contacts, SMS, call logs, files, and browsing history while maintaining persistence and evading detection. Security professionals should ensure devices are updated with April 2025 patches, disable automatic media downloads, enable Android's Advanced Protection or iOS Lockdown Mode for high-risk users, and monitor for similar DNG exploitation patterns, given recent trends of commercial spyware leveraging image vulnerabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftemp43487580.github.io%2Fintune%2Fbypass-enrollment-restictions-to-break-byod-barriers-in-intune%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/CajIfc-bagVg2bV-vdA4oHd1E2QU1ykWyAOk5JSHDdo=430">
<span>
<strong>Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Administrators can configure Intune to block bring your own device (BYOD) enrollment using the device enrollment restriction, which can prevent attackers from enrolling rogue devices after stealing login credentials. If personal devices are allowed for other operating systems (such as Android), attackers can send the Entra join request as that OS and then check in and complete enrollment as Windows. Otherwise, attackers can manipulate the check in XML to mock a device ID or mock Azure Virtual Desktop.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.hashicorp.com%2Fen%2Fblog%2Ffrom-key-sprawl-to-scalable-control-rethinking-ssh-access%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/ObxXvGhIHQ6knTunLuStrOYdEMJ8Rl3QF-Et2bUyYd8=430">
<span>
<strong>From Key Sprawl to Scalable Control: Rethinking SSH Access (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Static SSH keys can present security issues if they are not rotated often enough or shared between teams or with external contractors, and can also add to management overhead. SSH certificates present a more modern alternative in which users present their public key to a centralized CA, which signs a certificate based on it, which can be used for a time limited authentication. This article presents an implementation of SSH certificates using Hashicorp Vault and Boundary.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fopenssf.org%2Fblog%2F2025%2F11%2F09%2Fbuilding-security-in-open-source-for-financial-services-openssf-at-open-source-finance-forum-osff-nyc%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/IPDMAa2tKd60c82cQ9RV5HMdqAv9Fq45ctvZaA-0_3M=430">
<span>
<strong>Building Security in Open Source for Financial Services: OpenSSF at Open Source Finance Forum (OSFF) NYC (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenSSF sponsored the Open Source in Finance Forum to address critical security challenges in financial services, where 80-90% of modern software supply chains rely on open source software, including 71% of AI components, highlighting emerging risks such as malware hidden in AI model weights, poisoned training data, and identity-based intrusions that now account for 30% of financial sector attacks. The organization is implementing proactive defense measures, including Model Signing v1.0 for AI integrity verification, MLSecOps frameworks for full AI lifecycle security, transparency tools like OpenSSF Scorecard, OSV, and GUAC, plus policy engagement across the US and EU to secure open source from development to deployment. Financial services security professionals should adopt OpenSSF's security frameworks and tools, implement model signing for AI components, establish MLSecOps practices throughout the AI lifecycle, and actively participate in cross-industry collaboration to address supply chain vulnerabilities while connecting maintainers with the organizations that depend on their work.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configurations%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q4_25%26utm_content=dac-%26utm_term=newsletter/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/xGLgiR5ZBPZ-pJy9luldJZsl5vsVkTxqKZTRKNOMQsQ=430">
<span>
<strong>How many of your unused admin accounts are still active? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
From unused admin accounts to default Windows settings, small misconfigurations lead to big exploits. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configurations%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q4_25%26utm_content=dac-%26utm_term=newsletter/2/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/l7LZaxBkfb0IN1RJkpf5wATDlYHibazeSzp-YzhRqOk=430" rel="noopener noreferrer nofollow" target="_blank"><span>ThreatLocker Defense Against Configurations</span></a> (DAC) scans your system daily, identifies resilience issues, and maps them to your compliance standards. No need for additional integrations — just login to ThreatLocker and close the gaps. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.threatlocker.com%2Fplatform%2Fdefense-against-configurations%3Futm_source=tldr%26utm_medium=sponsor%26utm_campaign=dac_q4_25%26utm_content=dac-%26utm_term=newsletter/3/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/ct3Ze1Zvv8dcB2QyAGI3GRfqLXV7oPZ2kXjktu29ID4=430" rel="noopener noreferrer nofollow" target="_blank"><span>See how</span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fzopefoundation%2FRestrictedPython%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/HTwYTZCEAfT94YjwKEfLOsk_qElrA5I_di903wEzpok=430">
<span>
<strong>RestrictedPython (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RestrictedPython is a tool that defines a subset of the Python language that allows for running untrusted code.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fphishdestroy%2Fdestroylist%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/IeUigPB3wxZ6IPjqnd-5OStR37HNgrezs_GGA2Nug5k=430">
<span>
<strong>Destroylist (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An up-to-date blacklist of phishing and scam domains, automatically updated by the PhishDestroy system. A reliable threat intelligence source for integration into security systems.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzviwex.com%2Fposts%2Faws-account-hacked%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/0igZFPqLVl8jY9ejsO2IbVGPMY4jq23W3dlEbuQjKo8=430">
<span>
<strong>My AWS Account Got Hacked - Here Is What Happened (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A cloud architect discovered that their personal AWS account was breached when they received a DKIM verification email. They then removed the attacker's access and found that the attacker had created four IAM accounts for backdoor access, launched a large EC2 instance (possibly for cryptomining), created an AWS Organization and a new account, and used Resource Explorer to search for additional access. The post walks the reader through the author's full process, from discovery to incident response to root cause analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FufxtUO/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/9AjasZmiBNJxKMmHq60u2016X7KyPStsAZXpHIaVhOc=430">
<span>
<strong>What Makes Ransomware Groups Successful? (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ransomware gangs thrive through automation, customization, and advanced tools, rapidly evolving their tactics to outpace defenders. AI accelerates attacks and facilitates phishing, while tailored ransomware operations employ strong encryption and sophisticated extortion tactics. These groups operate like efficient SaaS enterprises, and the recommendation is to focus on defense against attacker techniques and fast, automated responses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecureannex.com%2Fblog%2Fransomvibe%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/yBfVZQ54HSlDFMErcEf8F1HFQeGkR1x5BylSngDqUQM=430">
<span>
<strong>Ransomvibing appears in VS Code extensions (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware-infected VS Code extension, "susvsex," was found on the Visual Studio Marketplace. It utilizes GitHub for command and control, encrypts files, and uploads them for extortion, but its malicious intent was clearly evident. Due to poor coding and a hardcoded decryption key, its threat is currently low. The incident highlights gaps in extension security.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.iru.com%2F%3Futm_source=tldr%26utm_medium=paid-media%26utm_campaign=tldr_secondaryarticle_202511_10/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/jerUEXxAdROK1ax2LfAB6AYu6mfq_h7wbmgfWG10xX0=430">
<span>
<strong>Iru: AI that powers IT + security at Notion, Replit, Vercel, and Lovable (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Collapse the security stack into one tool AI-powered tool that automates security response, policy enforcement (apps, users, devices), and compliance evidence. Trusted by the world's fastest-growing companies. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.iru.com%2F%3Futm_source=tldr%26utm_medium=paid-media%26utm_campaign=tldr_secondaryarticle_202511_10/2/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/F1sude6DBnRKTDZCRtHt8xoxv7THuoftmkZH9WVitnw=430" rel="noopener noreferrer nofollow" target="_blank"><span>Meet Iru</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fmicrosoft-uncovers-whisper-leak-attack.html%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/k5GBubmc8QxzGhAjTBLgj4RN1u9wQNFu-PI92ANi81Y=430">
<span>
<strong>Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft has revealed a new attack, called Whisper Leak, that enables attackers to infer the topics of AI chat conversations by analyzing encrypted network traffic patterns, even without accessing the actual data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fqnap-fixes-seven-nas-zero-day-vulnerabilities-exploited-at-pwn2own%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/wxK6HIMWz34eGeQeEB5dZ4rII6_DQc5E2md3tDnudlU=430">
<span>
<strong>QNAP Fixes Seven Zero-Day Flaws Exploited At Pwn2Own (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
QNAP has released fixes for seven zero-day vulnerabilities discovered by Pwn2Own Ireland researchers in its QTS, QuTS Hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync software.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2F18-arrested-in-crackdown-on-credit-card-fraud-rings%2F%3Futm_source=tldrinfosec/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/LMSf3Q-OkaBDk4dFONUr2vDSVzqS1K4RlWb6fza7SAM=430">
<span>
<strong>18 Arrested in Crackdown on Credit Card Fraud Rings (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Authorities across Europe detained 18 people accused of orchestrating extensive credit card fraud and money laundering networks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/p4adf2E_K1cPUZ7EGYwLoTqD62T_l10hqYjixzTTvtw=430" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/aAWSS2ofUZniBnGTOGJ7A7XBzyCxncn3tngvM2FkS9w=430" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/1Xcxv_mW1uqaZQ19G_O_q325WnxTnULV9GAky_Vp6n0=430"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/IRgoVxx7HLRcyG4efrePRyeVJO49UzNfh2gZi_Cjp_Y=430" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/dSu4GLz6w197QCdVY5ZZ9sON3FOEVqOR0zhv0nust-M=430"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/RkJuWlWkVqfN4rPMimx6ji_EZgwT6f7hNRddxxOdKOE=430"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/4-6iacbPt4hAH8EHJMRhnw0DORIHUinF1t4Zd4HMXSU=430"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/XNOSxT9jbyUB0aY9JRS4M7CA8GBznWZMC8vMNJgeFxI=430">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=47309c7a-be0c-11f0-bea6-e1028bbd6894%26pt=campaign%26pv=4%26spa=1762783260%26t=1762783594%26s=24c68506ada4d721fdcd26858320ddd50ec42d665774f8fa1438ec17746f1256/1/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/Kv1l-vaGozZIqRo82kXy4vU3NxzdnkHpMmc_2eQp9u0=430">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a6e170900-fb701169-c814-48bb-84ab-46baeb7ec754-000000/SEUxF6E9r3OdUsf59rDZIWmR8znHLsxHq2hTyCMZFns=430" style="display: none; width: 1px; height: 1px;">
</body></html>