<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">TamperedChef distributes JavaScript backdoors through fake software installers signed with fraudulent certificates from shell companies β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/dghE3sIlUWOzrlv_MH9UrJQsfa8eNRXQxtnlJ0DaA0M=432" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/2jDoYSjxDmzRDsmNUgFmepFFfj05MvXBNiYiaIgKa1c=432" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8af2708c-c6ae-11f0-9054-bd33f735e4d6%26pt=campaign%26t=1763734006%26s=053443d611e3cf2b810dd8490bd60681178dc0bf69e37d9398658865464bdc47/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/RE4mu2XJ7o5Hyz-n0yJPclgys5QEmF7lX1EsDxK2a7g=432"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fcybersecurity-education%2Fcybersecurity-awareness%2Fsecure-the-holiday-spirit-from-cyber-attacks%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1121%26hnt=daubgwqajnhn/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/Soh2K2W_YgFtRr_FfTJtVlturGoKonovHFIfAlQLGUM=432"><img src="https://images.tldr.tech/huntress.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Huntress"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-21</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fcybersecurity-education%2Fcybersecurity-awareness%2Fsecure-the-holiday-spirit-from-cyber-attacks%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1121%26hnt=daubgwqajnhn/2/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/UTk83QdMHZnImuO4wCduVlRuE5Ykrj-2vIwrWROGjDc=432">
<span>
<strong>While you're buying gifts this holiday season, Huntress has a π for YOU: Free security awareness training (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Some of your users might be on the naughty list this year: opening phishing emails, clicking scammy links, and making your business vulnerable to hacks and holiday chaos. <p></p><p>π₯± But <strong>traditional Security Awareness Training (SAT) is a snoozefest</strong> of dated, boring content that doesn't change user behavior. </p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fcybersecurity-education%2Fcybersecurity-awareness%2Fsecure-the-holiday-spirit-from-cyber-attacks%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1121%26hnt=daubgwqajnhn/3/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/AIOaL42FDvZFwfDuHunn03x2CTzIMRPIr5h5ortRAGs=432" rel="noopener noreferrer nofollow" target="_blank"><span>Huntress Managed SAT</span></a> actually reduces human risk with engaging, fun episodes and hands-on simulations your users will look forward toβand they're gifting you <strong>FREE</strong> episodes to see why.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fcybersecurity-education%2Fcybersecurity-awareness%2Fsecure-the-holiday-spirit-from-cyber-attacks%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1121%26hnt=daubgwqajnhn/4/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/0uN_yHxb2wB5lXObqg9vNjDUS7orGds9y4gcmMhW15M=432" rel="noopener noreferrer nofollow" target="_blank"><span>π Get the gift of SAT</span></a></p>
<p>π Explore the full platform and chat with Huntress security experts: <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdemo%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy25-11-camp-platform-global-prospect-iis-x-tldr_newsletter_1121%26hnt=daubgwqajnhn/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/jQ3akEzorUk1g70XFrLTyhVO23d96iclu4zvAqGGLqM=432" rel="noopener noreferrer nofollow" target="_blank"><span>see a custom demo</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Ftamperedchef-malware-spreads-via-fake.html%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/UoAX4JqimYL1kWaPAhFqUxuc4Y7uJylX52oHQ2iQGT8=432">
<span>
<strong>TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TamperedChef (aka BaoLoader) distributes JavaScript backdoors through fake software installers signed with fraudulent certificates from shell companies in the US, Panama, and Malaysia. Delivered via malvertising and SEO poisoning targeting searches for PDF editors and product manuals, the malware establishes persistence through scheduled tasks that execute obfuscated JavaScript, which beacons encrypted system data to C2 servers, with primary infections concentrated in US healthcare, construction, and manufacturing sectors. Security teams should implement application allowlisting, monitor for suspicious scheduled tasks executing JavaScript payloads, validate code-signing certificates against threat intelligence, and restrict access to product manuals through authorized channels only.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fsolarwinds-patches-three-critical-serv-u-vulnerabilities%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/STp6OuyMxFRlo6mezIk9MTEgO3oqjcnjEvpp9fuLZEM=432">
<span>
<strong>SolarWinds Patches Three Critical Serv-U Vulnerabilities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SolarWinds patched three critical vulnerabilities in the Serv-U 15.5.2.2.102 file transfer solution that allow attackers with admin privileges to execute arbitrary code: CVE-2025-40549 (path restriction bypass), CVE-2025-40548 (broken access control), and CVE-2025-40547 (logic error). All three flaws are rated medium severity on Windows due to platform-specific differences in privilege and path handling. Organizations using Serv-U should immediately upgrade to version 15.5.3, especially given SolarWinds' history of exploited vulnerabilities with seven flaws already in CISA's KEV catalog.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F11%2F20%2Fsalesforce_gainsight_breach%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/kiPvqJzVnQG4rdbn_3BKPUx_-8EglVRqx4RtVMnko6w=432">
<span>
<strong>Another Salesforce-linked data breach has ShinyHunters' fingerprints all over it (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Salesforce reported a new data breach likely involving the ShinyHunters group, who may have accessed customer data through Gainsight apps connected to Salesforce. Upon discovery, Salesforce revoked access tokens and removed the affected apps. Although no vulnerability was found in Salesforce itself, Google analysts linked the incident to prior token-related attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fapplication-containment-how-to-use.html%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/eWwDvsvLKx1WLXwZtEiizWZU35pWNVW3TbWOdhH_YAs=432">
<span>
<strong>Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ringfencing extends application allowlisting by enforcing granular containment policies on approved software, controlling file access, registry modifications, inter-process communication, and network activity to prevent βliving off the landβ attacks that weaponize legitimate tools like PowerShell, Office macros, or scripting engines. The technique blocks lateral movement, data exfiltration, and ransomware encryption by restricting applications to only their necessary functions, preventing them from spawning unauthorized child processes or accessing sensitive directories. Implement ringfencing in phases, starting with high-risk applications, use simulation mode to identify legitimate use cases before enforcement, combine with application allowlisting and storage controls, and continuously monitor the unified audit for policy violations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresearch.eye.security%2Frce-windows-update-health-tools%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/1C4mWSROsXCLVq5CComui4oA5pGbemsrLC72CpxwbVg=432">
<span>
<strong>When Updates Backfire: RCE in Windows Update Health Tools (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at Eye Security uncovered a remote code execution flaw in Microsoft's Update Health Tools (KB4023057), traced to abandoned Azure blob storage. Attackers could trigger unintended code execution on vulnerable devices by exploiting predictable blob names and weak message security. Microsoft confirmed the issue, transferred ownership of the exposed blobs, and improved protections in newer tool versions, mitigating risks for most users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fimds-anomaly-hunting-zero-day%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/zONvyRg6JnCKxwmPqfQm1Y4fP55OHmvmY16h0rKWPYE=432">
<span>
<strong>IMDS Abused: Hunting Rare Behaviors to Uncover Exploits (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Instance Metadata Service (IMDS) is a server that runs on cloud VMs (like AWS EC2) to provide short-lived credentials to applications running on them. To detect potential IMDS abuse, establish a baseline of which services frequently access IMDS and then monitor for applications that either access sensitive IMDS paths or access IMDS more frequently than usual. This post applies this methodology to hunting for a vulnerability in pandoc and Clickhouse.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fopen.spotify.com%2Fshow%2F5L0EZacHliEMNi5KC6whaf%3Fflow_ctx=e9757686-c4ea-4979-927d-96fd8628a930:1761264021%26utm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/lV3kJ-7fzY0-PwlQyxM8Y6L5MgmWcHfL3I9yIpbXUYg=432">
<span>
<strong>What happens when you get the 3 a.m. cyber crisis call? A new podcast from Veeam (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fopen.spotify.com%2Fshow%2F5L0EZacHliEMNi5KC6whaf%3Fflow_ctx=e9757686-c4ea-4979-927d-96fd8628a930:1761264021/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/c32aPYLIwpsitgzwfSyeet6bQK6K8Baxh-Oj1wZmqNs=432" rel="noopener noreferrer nofollow" target="_blank"><span><em>Wake Up!</em></span></a> by Veeam uncovers the human stories behind cyberattacks β what it's really like to see your phone buzzing at 3 a.m., get the sinking feeling in your gut, and lead through pre-dawn fatigue. Told by top CISOs, this podcast explores the choices that steady the ship. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.veeam.com%2Fcxo%2Fthought-leadership.html%3Futm_source=tldr%26utm_medium=email%26utm_campaign=2025-veeam-brand%26utm_content=wake-up-vodcast/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/YmJC6p9AgmsFnznkuGkRmjIxs8PdfcBmFXoogjNxkgo=432" rel="noopener noreferrer nofollow" target="_blank"><span>Hear their stories</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.secure.com%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/9DlAvPEM7UOFiaqbdlt_t5PSxi0YfqTPJfdSkHhpis0=432">
<span>
<strong>Secure (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Secure.com provides AI-powered Digital Security Teammates (DSTs), autonomous agents that integrate with existing security tools, investigate and triage incidents, automate compliance tasks, and escalate issues.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/7vjw2IR8kZyDuc-2mDovsH-AIGQ7qbQLol4OELLSEHo=432">
<span>
<strong>Azure-Sentinel (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsuzuki-shunsuke%2Fpinact%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/1LqBtI0uryAhiTx77of7ZLaOwRIRNrhkNHyifqLfKoo=432">
<span>
<strong>pinact (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
pinact is a CLI to edit GitHub Workflow and Composite action files and pin versions of actions and reusable workflows.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4093375%2Firanian-apt-hacks-helped-direct-missile-strikes-in-israel-and-the-red-sea.html%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/wzCWoYumlXkoB_OdRb_f8MR9sG-ufVVzD5D0LrQ_ffM=432">
<span>
<strong>Iranian APT hacks helped direct missile strikes in Israel and the Red Sea (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Imperial Kitten (aka Tortoiseshell/TA456) conducted cyber reconnaissance on maritime Automatic Identification System (AIS) tracking data days before Houthi missile strikes on Red Sea shipping in February 2024, demonstrating direct correlation between IRGC-linked cyber espionage and kinetic targeting operations. Amazon's threat intelligence indicates this represents an evolution in hybrid warfare where cyber operations provide target reconnaissance for physical attacks, with the traditional boundaries between digital and kinetic operations dissolving. Security teams should monitor for anomalous access to critical infrastructure location/tracking systems, implement enhanced logging and behavioral analytics on these systems, and coordinate with physical security teams to correlate cyber reconnaissance patterns with potential kinetic threat indicators.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fobscure-mcp-api-in-comet-browser-breaches-user-trust-enabling-full-device-control-via-ai-browsers%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/S0jXKa1m8QtZ0KV-sy0CvkkokZb6TRgq_QP09H6v8xk=432">
<span>
<strong>Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SquareX researchers exposed a hidden MCP API (chrome.perplexity.mcp.addStdioServer) in the Comet browser that enables embedded extensions to execute arbitrary local commands without user consent, thereby bypassing decades of established browser security principles. The API is accessible via Comet's Agentic extension, triggered by perplexity.ai, creating a catastrophic third-party risk where a single XSS vulnerability or a compromised Perplexity employee could grant attackers complete device control over all Comet users. Security teams should audit AI browser deployments, demand API disclosure from vendors, require third-party security audits, and ensure users can disable embedded extensions that are currently hidden from extension dashboards.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F11%2F19%2Fhow-the-classic-anime-ghost-in-the-shell-predicted-the-future-of-cybersecurity-30-years-ago%2F%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/ubSHl5_77SvZsNbTJap0MUd7sd0iuUC-DszbInV4whc=432">
<span>
<strong>How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Set decades ahead of its time, "Ghost in the Shell" envisioned a world where cyber-attacks, government-sanctioned hackers, and AI-driven threats are commonplace. It foresaw issues like digital privacy risks, behavioral cyber-profiling, and tech-enabled abuse, ideas that now define modern cybersecurity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F823750%2Feuropean-union-ai-act-gdpr-changes%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/sDN7zbCVKXq7yCYvIC65TwbxKFymvPcLZLpJRxrHYio=432">
<span>
<strong>Europe is scaling back GDPR and relaxing AI laws (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The European Union is reportedly scaling back GDPR enforcement and relaxing AI Act requirements to boost competitiveness, potentially weakening privacy protections and regulatory oversight that have set global standards for data protection and AI governance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F11%2Fattackers-are-using-sneaky-2fa-to-create-fake-sign-in-windows-that-look-real%3Futm_source=tldrinfosec/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/x4M_iGikZAExvzqbYcgD_QnoEUXQGS2D44KSfT7ratg=432">
<span>
<strong>Attackers are using βSneaky 2FAβ to create fake sign-in windows that look real (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Phishing-as-a-Service kit called βSneaky 2FAβ enables Browser-in-the-Browser attacks that create fake login pop-ups with convincing address bars using HTML/CSS.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FKjb9nl/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/UnMo5Ej6AF9K0mGMv4bcZHuQw_1nmZao1ZvRQWFOxPk=432">
<span>
<strong>Disgruntled IT worker pulls massive cyber stunt in Houston (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fired IT contractor, upset about his dismissal, re-entered the Houston Waste Management network, reset 2,500 passwords, and locked thousands of staff out across the US.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/8WbALdI5YuCzaEmYDp0wYYdwn_Dxbsmvvy7jhGp2e84=432" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/EqpTjpeuo7u_wWfq1n6vbCDKHBVRag3noF7SeEuRjw4=432" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/2FVXYdtiva64pH8ByPbhHJvlddiLBT3ILRHNIrI7Eck=432"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/VQby-23eOWhr9MR38i91wf2dnYTQrcQ_4-aKN002sow=432" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/khZijyvUvD0ji1bwrTekafd2-YcF0Vi5wBu2KWx7EFk=432"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/GRIIoGDycpdFqEBSdPu7-D0maKkvcUmpks7N_Xcr9YY=432"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/Xr7FMwn4TbBWpl3q6ZNReT57u11Jgd4HzS1Nzs2lNxA=432"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/zywvv4jpu7PUljvtWKzscUjHmq-nRRtW62hT8kLPSmM=432">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8af2708c-c6ae-11f0-9054-bd33f735e4d6%26pt=campaign%26pv=4%26spa=1763733712%26t=1763734006%26s=568748713d5845822b53010903860f5a03862652af510ef96363acbcf9d45b9f/1/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/nOK-D7J0AeThFFs1en1F8YtAE_pUgR7azBvZZ015sHw=432">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019aa6bd295a-ee61700b-7cb0-4cb4-9d45-5742e9ed758f-000000/6hSqoXng2_fr7MDN8TLzIOzJy48FccYOaMlVV0jDOyI=432" style="display: none; width: 1px; height: 1px;">
</body></html>