<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Chinese state-sponsored actors jailbroke Anthropicβs Claude Code tool by disguising malicious tasks as legitimate defensive security work β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/u-VH_ewX5vkVju7hyq070uamp_X9kAdtME6i30g2-MU=431" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/GYK4oVu0SyLELy3ZcareETW-qc7ZOadFH_XBhcDgADc=431" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=fe9cd8c2-c3a4-11f0-9af9-edea959ee060%26pt=campaign%26t=1763388503%26s=20e859fdfd1d0b88201e923447cffd4e11afff87ec691f1335e998047f62f6cd/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/2XuztAwbH5IJ9IS0ln6bMYJjDpcJHZRLmlScd6HW3A0=431"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.okta.com%2Fwebinars%2Fhub%2Fbeyond-oktane-how-to-manage-nhi-with-okta-ispm%2F%3Futm_source=newsletter%26utm_medium=thirdparty%26utm_campaign=2025-10%257CWBN-OND%257CBeyondOktane-ISPM-Demo-Part2-VID%26utm_id=aNKKZ0000004CAG4A2/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/9rBh2QMEVK_lLgS_awYdWQcR4dNMEagWdKuFue_4m-s=431"><img src="https://images.tldr.tech/okta50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Okta"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.okta.com%2Fwebinars%2Fhub%2Fbeyond-oktane-how-to-manage-nhi-with-okta-ispm%2F%3Futm_source=newsletter%26utm_medium=thirdparty%26utm_campaign=2025-10%257CWBN-OND%257CBeyondOktane-ISPM-Demo-Part2-VID%26utm_id=aNKKZ0000004CAG4A2/2/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/L-4p8u2MepwddfjyFfUVs-LCzWna9xxnWCAH5Kw5PBE=431">
<span>
<strong>No one knows what AI agents will look like next year. How should you approach security today? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
βThought leadersβ are confident about non-human identities, but can they predict what this landscape will look like in 12 months? Not reliably...<p></p><p>π€¨ So how should you defend against a risk that's totally unpredictable? Start with these <strong>resources from Okta</strong>:</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.okta.com%2Fwebinars%2Fhub%2Fmanaging-non-human-identities-in-the-era-of-ai-agents%2F%3Futm_source=newsletter%26utm_medium=thirdparty%26utm_campaign=2025-10%257CWBN-OND%257CBeyondOktane-NHI-Part1-VID%26utm_id=aNKKZ0000004CA64AM/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/K77XO8l3shWu1KeRSBmCInEiJ3RTU-Q2LxweSQaDvhU=431" rel="noopener noreferrer nofollow" target="_blank"><span>>> Watch</span></a> experts from AWS, Okta, and Guidewire share their perspective on this new frontier.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.okta.com%2Fwebinars%2Fhub%2Fbeyond-oktane-how-to-manage-nhi-with-okta-ispm%2F%3Futm_source=newsletter%26utm_medium=thirdparty%26utm_campaign=2025-10%257CWBN-OND%257CBeyondOktane-ISPM-Demo-Part2-VID%26utm_id=aNKKZ0000004CAG4A2/3/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/vku9T2PfrN0NCF98I2HH4FBm0CERizl2TzLBNYpNWTc=431" rel="noopener noreferrer nofollow" target="_blank"><span>>> Learn </span></a>how to manage NHIs and see real-time detection of multiple NHI risk types, mapped to the relevant OWASP Top 10.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.okta.com%2Fdemo%2Fispm-platform-to-see-prioritize-and-remediate-identity-risk%2F%3Futm_source=newsletter%26utm_medium=thirdparty%26utm_campaign=2025-09%257CINB%257CISPMStorylaneDemo-VID%26utm_id=aNKKZ0000004CAL4A2/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/xCG_-JEIowPxWoVIhARiInxRf6UAwsDGmtzU8HBJ72s=431" rel="noopener noreferrer nofollow" target="_blank"><span>>> Try an interactive demo</span></a> to see how Okta Identity Security Posture Management<strong> </strong>(ISPM) unifies human and non-human identity management across your environment.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fchinese-hackers-jailbroke-claude-ai-breaches%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/OX5Ar8-XSYiUBsGvBRk-l0npHG1_l_OZTxiSFmQfRUA=431">
<span>
<strong>Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese state-sponsored actors jailbroke Anthropic's Claude Code tool by disguising malicious tasks as legitimate defensive security work, achieving the first documented fully autonomous AI-driven cyber operation where the AI handled 80-90% of tactical work. The campaign targeted approximately 30 organizations globally across tech, finance, chemical manufacturing, and government sectors, achieving successful intrusions in roughly four cases before Anthropic banned the accounts. Security teams must now deploy AI-powered defensive capabilities to detect threats more quickly and counter the new paradigm of automated offensive operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fdoordash-hit-by-new-data-breach-in-october-exposing-user-information%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/0zm7D021VU8V4QQIhb_0ppivG1XDxptsfgt0Iifgu_Q=431">
<span>
<strong>DoorDash Hit By New Data Breach In October Exposing User Information (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DoorDash disclosed a data breach orchestrated by an unauthorized third party that accessed internal data through the social engineering of an employee. The breached data includes first and last names, physical and email addresses, and phone numbers. Some victims have expressed outrage over the wording of the notice and the delay in notification.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Flogitech-confirms-data-breach-after-clop-extortion-attack%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/cw5eeJH_wVQvhq74PF6en26Tdgzfr8W0IxRzEYQBAbg=431">
<span>
<strong>Logitech Confirms Data Breach After Clop Extortion Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Logitech confirmed that it suffered a data breach due to a zero-day flaw after the Clop ransomware group added it to its list of victims. The company stated that the data may include limited information on employees, consumers, customers, and suppliers, but the databases did not contain financial information or IDs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fwhen-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/RwJodjJ1JGJiQ7p1nD0Tj1QeYe8XeoqjEJa86cIKZbc=431">
<span>
<strong>When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fortinet FortiWeb appliances are being actively exploited via CVE-2025-64446, a pre-auth RCE chain combining path traversal and authentication bypass that allows attackers to reach privileged CGI functions and impersonate users by crafting a base64-encoded CGIINFO header containing admin credentials. The vulnerability was silently patched in version 8.0.2 and affects multiple FortiWeb versions. It enables complete appliance compromise through administrative account creation. WatchTowr released a detection tool on GitHub to identify vulnerable hosts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fparsiya.net%2Fblog%2Fwtf-is-ai-native-sast%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/esrIdxkV6658EfC_Fh-3n_cSwRcLlyzUBckxG8RpUqk=431">
<span>
<strong>WTF is⦠- AI-Native SAST (17 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Leveraging AI as a complement to a traditional SAST can significantly improve results by using RAG to inject context on specific vulnerability classes. AI and SAST solutions can be leveraged using prompt-and-code, prompt-and-agent, or tailored-prompt-and-SAST-result methods. This post examines ZeroPath as an example of an agent, code graph, and SAST MCP.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vulncheck.com%2Fblog%2Fmaking-dotnet-gadgets%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/wCkgQ77jfUWurBoIAMvCD4RRdXGioESzIEMu_cBhR14=431">
<span>
<strong>Making Serialization Gadgets by Hand - .NET (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Creating deserialization gadgets for .NET by hand requires understanding the structure of .NET serialization streams, which are composed of sequential records that define objects and references. By breaking down these records, including headers, class information, member types, and values, it becomes possible to craft custom gadget chains directly in code, without relying on pre-generated payloads or Windows-only tools. The approach presented demonstrates how to reconstruct objects, assign values, and embed complex references, providing insight into the safe and dynamic generation of deserialization payloads.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fguides%2Fenterprise-workforce-security%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_gen_ds_wf-idv_tldr-workforce-security-ebook/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/r3XFD1c6-n2KKyjZ94IvR5jT6pzWBNLyRz_gFwKc2rc=431">
<span>
<strong>Valid login != verified identity (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Today's attackers aren't breaking in. They're logging in. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fguides%2Fenterprise-workforce-security%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_gen_ds_wf-idv_tldr-workforce-security-ebook/2/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/i7ZA1k0TEbGYE8CvJ5iHYhlui0BgzZVm4J2UcpFapnY=431" rel="noopener noreferrer nofollow" target="_blank"><span>This Persona eBook</span></a> explains how today's evolving threat landscape is changing the game for enterprise security teams β and how identity verification is the new layer of defense against GenAI-powered fraud. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fguides%2Fenterprise-workforce-security%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_gen_ds_wf-idv_tldr-workforce-security-ebook/3/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/yzVf5wjksFrF9sCVONdXkQuSp5PVAO-JePs97QmjkVA=431" rel="noopener noreferrer nofollow" target="_blank"><span>Read the eBook</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FEvilBytecode%2FNoMoreStealers%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/YhfC60vXObpuVkWT2L4LkBY4mFMLmHCb1tySbUEnJY8=431">
<span>
<strong>NoMoreStealer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NoMoreStealer is a Windows kernel minifilter driver that intercepts file system operations and blocks untrusted processes from accessing specific protected paths.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fspydisec%2Fspydithreatintel%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/aYas7u6_5E0hScF_HIl2KQEr9G9ewKyzi1klil8nGvE=431">
<span>
<strong>Spydithreatintel (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spydi's ThreatIntel Feed is a comprehensive threat intelligence platform that aggregates, curates, and maintains high-quality blocklists for malicious IPs and domains. The system combines data from multiple OSINT sources, honeypot networks, and threat intelligence feeds to provide actionable security data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdaylight.ai%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/gZsRbuLIjckItJH14xuguyTcMwxim1QyXtHbQmeP5JQ=431">
<span>
<strong>Daylight (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Daylight is an AI-powered Managed Detection and Response (MDR) platform that offers autonomous cyber threat hunting, analysis, and containment.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F11%2Fbe-careful-responding-to-unexpected-job-interviews%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/PutciWY4UfdFIgIohxI6fTZ_ODXaOlLbPdqrSB0G6ag=431">
<span>
<strong>Be careful responding to unexpected job interviews (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are impersonating legitimate recruiters via LinkedIn and email, luring victims with fake job interviews that redirect to malicious sites hosting RMM tools disguised as meeting software updates. The phishing campaign uses social engineering tactics, including spoofed recruiter names from real companies, Gmail sender addresses instead of corporate domains, and shortened URL redirects to phishing infrastructure. Security teams should alert users to verify unsolicited recruitment contacts independently, scrutinize sender domains and meeting URLs, and block known malicious RMM tool distributions through endpoint security controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadguard-dns.io%2Fen%2Fblog%2Farchive-today-adguard-dns-block-demand.html%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/8yigezooxTjl62MM3NlhegEajuulFTUk-TACidnqcLc=431">
<span>
<strong>Behind the complaints: Our investigation into the suspicious pressure on Archive.today (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AdGuard DNS received threatening demands from βWeb Abuse Association Defenseβ (WAAD) to block Archive.today for allegedly hosting CSAM, but investigation revealed WAAD was registered in February 2025 with hidden ownership, minimal online presence, and suspicious bailiff reports created chiefly in August 2025 despite claims dating to 2023. Archive.today promptly removed flagged content and stated it never received prior notifications, suggesting a coordinated campaign of fraudulent complaints targeting the archival service through French LCEN law. AdGuard is filing criminal complaints with the French police for false reporting (punishable by up to 1 year in prison and a β¬15,000 fine), noting the suspicious timing of the FBI's investigation into Archive.today and potential impersonation of a real lawyer in similar complaints.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fgoogle-to-flag-android-apps-with-excessive-battery-use-on-the-play-store%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/--dKfglEH8cRhYzwcBY-FykMaNIunbP_tIdlKeO3nNI=431">
<span>
<strong>Google to Flag Android Apps With Excessive Battery Usage on the Google Play Store (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has announced that it will begin flagging apps on the Google Play Store that pass a defined bad behavior threshold. The Android vitals system will track partial wake locks, the cumulative time the app spends with background work while the screen is off, and prevent the device from entering sleep mode. Flagged apps will have a warning on their Play Store page and be excluded from prominent discovery surfaces such as recommendations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2025%2F11%2F15%2Fhyundai-paywalls-brake-pad-changes%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/pxe7QHnlodYILfO6LtJ7douzt9m7QfljEOEOq9IEbBM=431">
<span>
<strong>Hyundai Paywalls Brake Pad Changes (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hyundai requires a $60/week NASTF subscription and $2,000 interface tool restricted to βservice professionalsβ to retract electronic parking brakes for DIY brake pad replacement, forcing owners to use workarounds like Harbor Freight's T7 scan tool that trigger error codes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F11%2F13%2Fpolice-take-down-three-cybercrime-operations-in-latest-round-of-whack-a-mole%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/m9m2e9sDxcRinGfFqEkU82woTp8SEUAoQyrMwndq_4k=431">
<span>
<strong>Police take down three cybercrime operations in latest round of 'whack-a-mole' (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Authorities from nine countries coordinated by Europol dismantled three major cybercrime operations: Rhadamantys infostealer, Elysium botnet, and VenomRAT.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fakira-ransomware-group-made-244-million-in-ransom-proceeds%2F%3Futm_source=tldrinfosec/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/BvAs0LHWrmV-aFi2vCtVJJttdabZRrwXk0DOm-ptJ-4=431">
<span>
<strong>Akira Ransomware Group Made $244 Million in Ransom Proceeds (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Akira ransomware group has amassed over $244 million since March 2023 by targeting organizations worldwide, particularly those utilizing VMware ESXi servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/gKztmNRDOYhfNYgcF7n3pO85ACkHkLF9bwZxMAejsVw=431" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/9FP7Qvs10K_Msqs0ZInsVBs1hYv2WscJDB1BI11tRpA=431" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/rgvkZPse1wezk-MoDcQMEiX8h2dR7isAN3wn5F7sw-o=431"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/xQkhXj59BYAjz2VniA-A0qlOyYYVsr67QypJbyPUakA=431" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/yvfovKWajW0WWvj5--gm5RBBNjeHwc0S5tUWT5SNVkM=431"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/-lPS0GdRBkhJq4cjithR1TaCueTcDplIH-zp6hA9gDw=431"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/W-wHyWpoL0PuBXQ4nf9srDl4mv73mY313avyFP4A5NE=431"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/j7Yxrk5yhDWPaPnhqk-uTQ_KM_SSB97zE21_BBbP4ZY=431">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=fe9cd8c2-c3a4-11f0-9af9-edea959ee060%26pt=campaign%26pv=4%26spa=1763388174%26t=1763388503%26s=c84aeb4b86ea9e918391ce2b149554089e33fbede775c5d27cd6dc10f784c34e/1/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/Ho2GVyd_OoXFDzQ3UHBgpRim0AJZNs1s9dL-MUMAcGw=431">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019a922537ea-eebef53f-3931-49dc-a484-cf1b0d79e55a-000000/Oeiz-Tqc__D4DDUHcqSZ5m09xMSBcZIz7qQ8cIPzvyk=431" style="display: none; width: 1px; height: 1px;">
</body></html>