<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The Quantum Route Redirect phishing-as-a-service platform leverages ~1,000 pre-configured domains to steal Microsoft 365 credentials β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/qyPAYOXl_wI63JAKm6EarvwED6A9jh3jPtkRspqTzEs=431" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/YRWDw1VTG9AkuVCoI4chHp9fM_DyBkNGF6MWplX3eoo=431" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2f67befc-bfbf-11f0-8117-2746cf1a1fd5%26pt=campaign%26t=1762956379%26s=837cefe3bb402bcd62debe87f049b70ce1d426c1c8d43b6d8ff8e277d5148a64/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/_Kz_eejyUwHrJIhOQP3lW71EV9ezP_BfqfR8nsxd678=431"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251112/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/1Cb7k59so0D9R0j9y-uBILqjz6F1ph8fLXwNbtXdA70=431"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-12</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251112/2/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/3aZeEzvJhgJhP7PKXkVPjy-UaHqcyetSQKIrp2sB0KA=431">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing has evolved. Today's attackers use AI-generated voices, videos, and interactive deepfakes of company executives. They fool 99% of people.<p></p><p>Adaptive Security - backed by <strong>$55M+ in funding from OpenAI and a16z</strong> - is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251112/3/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/2vabDfuJLxryhw36mKwh9EDErWUs8_ccwDh-WDyuQzU=431" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive trains your team with tools that stay one step ahead:</p>
<ul>
<li>Deepfake phishing simulations featuring your real executives in realistic attack scenarios</li>
<li>Interactive, personalized training content tailored for each employee</li>
<li>AI-driven risk scoring that reveals what attackers can learn from your public data</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251112/4/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/0D_DdNEw_Kk81ft-PBdQcu_017QRlJZ3aIpWHdRR3Zo=431" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>and chat with a custom interactive deepfake of your boss</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251112/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/waRbDotAd1QAafqEUSY93_HRW_dfEoJQkr94ZdWrobM=431" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a self-guided tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fquantum-route-redirect-phaas-targets-microsoft-365-users-worldwide%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/FD0CHkBumWhAcsTMeKxItv17x1f8slqBiZ5pfxcJwXA=431">
<span>
<strong>Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Quantum Route Redirect phishing-as-a-service platform leverages ~1,000 pre-configured domains with automated bot filtering to steal Microsoft 365 credentials across 90 countries (76% US-targeted), using specific URL patterns matching "/([\w\d-]+.){2}[\w]{,3}/quantum.php/" and hosting on legitimate compromised domains to evade detection. The platform redirects humans to credential-harvesting pages while sending security scanning tools to benign sites. Security teams should implement URL filtering that targets the identified pattern, deploy account compromise monitoring, and recognize phishing lures that mimic DocuSign, payment notifications, and QR codes. Quantum Route Redirect represents an evolution in PhaaS sophistication similar to VoidProxy and Tycoon2FA campaigns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F11%2F11%2Fhitachiowned_globallogic_admits_data_stolen%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/6dVFvY1B7PBeav3RH36ZsDYwsaMzY1ftcH-3TXGiWbo=431">
<span>
<strong>Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GlobalLogic, owned by Hitachi, suffered a significant data breach that exposed the personal and financial data of over 10,000 current and former staff members. The attack, attributed to the Clop ransomware group, exploited vulnerabilities in the Oracle E-Business Suite. Clop focuses on stealing and leaking data while pressuring victims for payment. Oracle has issued emergency patches to counter these attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fhackers-exploit-triofox-0-day%2F%3Fref=metacurity.com%26utm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/_UTIWEtIQxbjZQaqOcgIYL9RR8KB4-ikbTAeaNCyf5Y=431">
<span>
<strong>Hackers Exploit Triofox Zero-Day to Deploy Malicious Payloads Using Anti-Virus Feature (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Mandiant discovered a critical zero-day in Gladinet's Triofox file-sharing platform. The vulnerability allowed unauthenticated attackers to login to the platform by changing the HTTP host header to localhost. The attackers then configured the anti-virus scanner path to a malicious batch script.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4087757%2Fhow-glassworm-wormed-its-way-back-into-developers-code-and-what-it-says-about-open-source-security-2.html%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/4GxID8YOVKtCqtuQsMjbSEJt7JQxWvFgSmjXb9HFFhY=431">
<span>
<strong>How GlassWorm wormed its way back into developers' code β and what it says about open source security (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The GlassWorm self-propagating worm resurfaced two weeks after eradication, infecting three new OpenVSX VS Code extensions (with over 10,000 downloads) and GitHub repositories using invisible Unicode characters and a blockchain-based C2 infrastructure, with victims including global enterprises and Middle Eastern government entities. The Russia-based attack steals GitHub credentials, pushes malicious AI-generated commits appearing as legitimate code changes, and exploits OpenVSX's lack of manual code review resources. Security teams should whitelist only trusted extension publishers, disable auto-updates, monitor for credential harvesting and abnormal outbound connections, and treat developer toolchains with the same security rigor as production infrastructure, as automated scanning alone cannot reliably stop these supply chain attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.intruder.io%2Fresearch%2Fsplit-second-dns-rebinding-in-chrome-and-safari%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/uypGqD0rUhf4XTQPrhOlbBuRllX4zbl7ZRuO-Qih0jw=431">
<span>
<strong>Tips for Reliable Split-Second DNS Rebinding in Chrome and Safari (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DNS rebinding attacks occur when an attacker can trick a victim into leaking data by having the victim first communicate with the attacker's public server and then switching the DNS record to point to a private server. In Safari, a private IP address will be prioritized over a public IP address, but an attacker can circumvent this by delaying the DNS response with the private IP address. In Chrome, IPv6 will be prioritized over IPv4, allowing an attacker to send an IPv6 response with a public IP address and then an IPv4 response with a private IP address. In both cases, the attacker blocks the user from their server after connection, forcing the browser to rebind to the private IP.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Ftriofox-vulnerability-cve-2025-12480%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/NAg-ZmNBXqZnO3YjyvR9XcD7k2k-KBS3DOSvKgTVuRM=431">
<span>
<strong>No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant has uncovered a significant security flaw in the Triofox file-sharing platform (tracked as CVE-2025-12480), which allows attackers to bypass authentication by manipulating the Host header to impersonate βlocalhost.β This gave unauthorized access to critical admin configuration pages, enabling the creation of privileged accounts. Attackers can exploit this to upload and execute arbitrary files, abusing Triofox's anti-virus feature to run malicious scripts with high privileges. The vulnerability is now patched, but organizations using Triofox should urgently update, check for rogue admin accounts, audit anti-virus configuration, and monitor for unusual administrator and SSH activity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Flp%2Ftldr%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1112%26hnt=hndhjhcad1h2/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/KF2J-5YSuUC7lB65f70xw2NOmywmJbt6JHCgZrXjwD0=431">
<span>
<strong>Huntress: Enterprise-grade cybersecurity for non-enterprise budgets (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security shouldn't just be for mega-corporations with the budgets to match. πΈ ALL businesses deserve that level of protectionβand that's what <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Flp%2Ftldr%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1112%26hnt=hndhjhcad1h2/2/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/P0JixTdhINVHwiHCZ-FE1M7l_3PECtdzJi4jJj2x0Kw=431" rel="noopener noreferrer nofollow" target="_blank"><span>Huntress</span></a> provides. Fully owned and managed tech and 24/7 expert team to protect your endpoints, identities, data, people, and more. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Flp%2Ftldr%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1112%26hnt=hndhjhcad1h2/3/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/QIoWTdksTeX3fnz519pIhEBFmj3fvw97yitZpDIBIaE=431" rel="noopener noreferrer nofollow" target="_blank"><span>Get a free demo</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fflare.io%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/4eckGCx-zAi5G6qqE2UmD14X8CvAcc05nhhCdrmeID0=431">
<span>
<strong>Flare (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Flare provides a threat exposure management platform that uses intelligence from the clear and dark web to help organizations prevent ransomware, data breaches, and other incidents, leveraging AI and machine learning for tailored cybersecurity insights and credential exposure detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftclahr%2Fuac%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/UHOU32nHy3wO09Qynd1dmOGyC9e9IeDoz7xjwRssTdc=431">
<span>
<strong>Unix-like Artifacts Collector (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unix-like Artifacts Collector (UAC) is a tool that automates the collection of forensics artifacts from a wide range of Unix-like systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjacobdjwilson%2Fawesome-annual-security-reports%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/rffq3S9UA9R_yLmkotz_0UL43YJD2-3wBf3gHgLI1oY=431">
<span>
<strong>Awesome Annual Security Reports (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A curated list of annual cybersecurity reports.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4087355%2Feuropean-commission-moves-to-loosen-gdpr-for-ai-and-cookie-tracking-2.html%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/hxcydS2fsGvkqrpEumtQ7hbDuBOY9MDm4JFcZk6a8fA=431">
<span>
<strong>European Commission moves to loosen GDPR for AI and cookie tracking (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The EU's leaked "Digital Omnibus" proposal would shift cookie tracking from opt-in to opt-out by moving regulation from ePrivacy Directive to GDPR, explicitly permit AI training on personal data under "legitimate interest" without consent, and narrow sensitive data protections to only data that directly reveals protected characteristics. Companies would no longer need consent management for most cookies, but must document legitimate interest justifications, while privacy advocates warn this fundamentally weakens GDPR's core protections. Security professionals should prepare for the November 19 formal unveiling by reviewing data processing practices, documenting AI training justifications, and reassessing compliance frameworks for the shift from explicit consent to legitimate interest models.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fapt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/afP41vEbmiBhBIYtWWKTHY6WinOpSLie2KZTpDMWsgI=431">
<span>
<strong>APT37 hackers abuse Google Find Hub in Android data-wiping attacks (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korean APT37/KONNI actors are targeting South Koreans via KakaoTalk spear-phishing with digitally-signed MSI files that deploy AutoIT scripts which establish persistence, deliver RemcosRAT/QuasarRAT/RftRAT, and steal Google/Naver credentials to access Find Hub for GPS tracking and remote Android device wiping. The attackers are exploiting stolen credentials to execute factory resets three times, preventing recovery, use GPS data to time attacks when victims are outside, then hijack compromised KakaoTalk PC sessions to spread malware laterally through contacts. Organizations should enforce MFA on Google accounts, verify messenger file senders via direct calls before opening attachments, and maintain accessible recovery accounts. This attack abuses legitimate Find Hub features rather than exploiting vulnerabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fdlo46Z/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/6_J9kGxPZBGM3Up945bd_ipxP-MqLoHbAlX7EsMW3Lk=431">
<span>
<strong>Ollama, Nvidia Flaws Put AI Infrastructure at Risk (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers have uncovered critical vulnerabilities in Ollama and NVIDIA Triton Inference Server that could allow for remote code execution, exposing companies to significant risks in their AI infrastructure. These flaws, now fixed, reflect a shift in AI security research from attacking models to probing the underlying infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FmFtZkY/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/UZozfYa78REITy_D4vT4ggYrKmHvR9pT9pPr_Kg1R14=431">
<span>
<strong>The "novel Turing test" detects AI with up to 80% accuracy (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A computational Turing test achieves 70-80% accuracy in detecting AI-generated social media content by analyzing affective language patterns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fowasp.org%2FTop10%2F2025%2F0x00_2025-Introduction%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/VdC39I_TOkMql6McU6fiioy2XtxeT61FHmTSsj2k6qc=431">
<span>
<strong>OWASP Top 10 (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Updated list of the OWASP Top 10 that adds two new categories, consolidates SSRF into Broken Access Control, and expands supply chain scope.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fsynology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland%2F%3Futm_source=tldrinfosec/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/urypDdHiUzzzawitblBeUzT4yNpW40FNlGmdjfLJ4DE=431">
<span>
<strong>Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Synology urgently patched CVE-2025-12686, requiring immediate upgrade to BeeStation OS 1.3.2-65648, as no mitigations are available.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/mpHSwKGrwzuqXjCJQwMa68S1RvNqu5qDfLeeJWq_-MI=431" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/oZljRSuLjIIP9tpPDG6DCsQq2Lq6rxo9LAswUR8ZVtQ=431" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/bI-tcaEpF7Od6O1IjNcDvNQVByDQ3WEhQHk2KRGPbM4=431"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/V0qOukx4o16OA1Xw74Mb0OOQwbgjcwmU46cWZQ8I63Q=431" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/YPxKD8sHavaozt6bZSFTnJx3gGVRSypL4GJg-vr-DWk=431"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/wwjEnQTzgn1Rbb5cVZHtHnfZKNSbQFpPsHnRkPWcE_0=431"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/TTo1RGREtJPZjCgzXhPlQzdgQmy0dzmoPYAIToGjq1k=431"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/aUSXbAjR3ETA-aevvE0bcwuCK02EWz2Bb5t0w3L81yU=431">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2f67befc-bfbf-11f0-8117-2746cf1a1fd5%26pt=campaign%26pv=4%26spa=1762956065%26t=1762956379%26s=bf08aa2d8a984763551ec9603a2ab08d1fdc1a5907670bd155ab04a04eb4c52d/1/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/fsO54ZovJ3m-qb6iwRBrx4rHRseu6QrTWiICUloyl40=431">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a78638699-e78eb56e-2651-481e-9cf9-3fb649f7ed66-000000/Jq_tMngFWtMPIO81feaIDMssXGFYEClLiKwSAGqj5CU=431" style="display: none; width: 1px; height: 1px;">
</body></html>