<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2025-11001 is a directory traversal RCE flaw (CVSS 7.0) in 7-Zipβs symbolic link handling that allows arbitrary code execution β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/0Cp52qZ4Iq_eeomJ0AnlcGySgoJCM-Zdg9okTu003Ys=433" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/2bls4iWqhD-DxQIIfg4uMSCc5S_0sYATvN_QmwmikyE=433" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=7bbbfa18-c9e0-11f0-945e-63d8f0f92c3a%26pt=campaign%26t=1764079619%26s=ef8172b7b783f7f45240f3655486f2fe70fa9cca57f782bd666de39df5163b83/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/Rr82ubUvs_v52p25ZzDoyZ7gP5QqxAQ7RCdaaz5LOQc=433"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/XAZrn-6CM56jrywF9FsVxJtZng4jTLg54QLk5ilY2BU=433"><img src="https://images.tldr.tech/threatlocker3.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Threatlocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-25</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/2/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/XuBnQRwxK9R65xjrH2AQa3DQG4Mq1FL7RG_4tmvlm3k=433">
<span>
<strong>Get hands-on with Zero Trust at the most interactive cybersecurity event of 2026 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zero Trust World is coming to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/3/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/EeKymH3TNVs6OpOasQHJAJtY213vJsgqLAYOmnEj0-Y=433" rel="noopener noreferrer nofollow" target="_blank"><span>Orlando on March 4-6, 2026</span></a>!
<p></p>
<p>Unlike typical security conferences that focus on vendor pitches and "thought leadership" (also vendor pitches), Zero Trust World is all about <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/4/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/7zFhUmPpYcslVbo39p4y0_wD--Tn-4Igu-92qFxLD3c=433" rel="noopener noreferrer nofollow" target="_blank"><span>hand-on learnings</span></a>, real attack techniques, and defensive strategies.</p>
<p>π Use code ZTWTLDR26 for <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/5/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/Z63EinS5P2AMMMhMyWVFtvnPiTDK43ugD-qubGVUT3A=433" rel="noopener noreferrer nofollow" target="_blank"><span>$200 off your all-access pass</span></a> to attend:</p>
<ul>
<li><strong>Hands-on hacking labs</strong> teaching attacker techniques and Zero Trust defenses</li>
<li>CPE-eligible, <strong>practitioner-led sessions</strong></li>
<li>Daily chances to take the Cyber Hero Certification exam - pass it and your <strong>registration fee gets refunded</strong>!</li>
<li>Meals, receptions, and the <strong>ThreatLocker afterparty</strong></li>
</ul>
<p><a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/6/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/Pd5KSuSC9XLuuT9PMG8pHcud7wtqiDLdm66xTjmVBlI=433" rel="noopener noreferrer nofollow" target="_blank"><span>π TLDR readers get $200 with code <strong>ZTWTLDR26</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fshadowpad-malware-actively-exploits.html%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/5eGP7R7WRHJmHXlYLsXab4uIrYeM7tCjFdgNruB6ws4=433">
<span>
<strong>ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors are actively exploiting CVE-2025-59287, a critical deserialization RCE flaw in Microsoft WSUS (patched last month), to deploy ShadowPad malware with SYSTEM privileges. The attack chain uses PowerCat for initial shell access, then certutil/curl to download ShadowPad, which persists via DLL side-loading through a legitimate ELAN binary (ETDCtrlHelper.exe). Exploitation accelerated after public PoC release. Patch immediately and audit WSUS exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2F7-zip-vulnerability-public-exploit-manual-update%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/EzIpjTP1SzH_rVubOAUSwAsJrM4m9y8xbuD0YwCBQ4A=433">
<span>
<strong>Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2025-11001 is a directory traversal RCE flaw (CVSS 7.0) in 7-Zip's symbolic link handling that allows arbitrary code execution when users extract malicious ZIP files. A public PoC exploit is available, and Microsoft is tracking active weaponization. It was fixed in version 25.00, but 7-Zip lacks auto-update capability, leaving widespread unpatched installations. Inventory all Windows systems with 7-Zip versions below 25.01 and immediately push updates via Intune or deployment scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcox-enterprises-discloses-oracle-e-business-suite-data-breach%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/TPoEqWObuuof182kCON9wEhGS10H2DqCPfWBpRQuDlE=433">
<span>
<strong>Cox Enterprises discloses Oracle E-Business Suite data breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers exploited a previously unknown vulnerability in Oracle E-Business Suite to breach Cox Enterprises' network, exposing personal information of nearly 9,500 people. The attack, linked to the Cl0p ransomware group, went unnoticed for weeks and resulted in data being published on the dark web. Cox is offering free identity monitoring, but did not specify which personal data was exposed. It will continue its investigation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fstack.int.mov%2Fa-reverse-engineers-anatomy-of-the-macos-boot-chain-security-architecture%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/L0UdIolH018gYHO4GwbmEO9AdhNqGjhInBt2pdpdB5M=433">
<span>
<strong>A Reverse Engineer's Anatomy of the macOS Boot Chain & Security Architecture (30 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The macOS boot process on Apple Silicon is anchored in hardware-level security. It begins with an immutable Boot ROM that uses cryptographic hardware keys fused into silicon to validate and decrypt critical boot components. A layered chain of trust is established, where each boot stage verifies the next using strict signature checks and hardware root keys, preventing execution of unauthorized code. Apple's custom extensions to the Arm architecture provide pointer authentication, branch target enforcement, and a secure execution environment with isolated privilege levels. The Secure Enclave acts as an independent computer managing cryptographic keys, enforcing anti-replay protections, and mediating sensitive data access via a mailbox interface. These mechanisms robustly defend against rollback, replay, and tampering attacks throughout the boot chain.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Faws-initial-access-cloud-perimeter-security%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/p4FhoK0iB2ghWD5S_wC31rhLLTD8sPBbgMm0c0CURlc=433">
<span>
<strong>All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS initial access vectors can be categorized into two classes: service exposure (Lambda, EC2, ECR, and DataSync misconfigurations that enable public access) and access by design (Cognito, IAM, and IoT misconfigurations in services intended for access control). 97% of organizations still use IAM users despite best practices recommending roles. 84% use Cognito with potential self-registration risks. ECR repositories are enumerable by any AWS account holder. Security teams should audit resource-based policies for wildcard principals, enforce ExternalId for cross-account role assumptions, disable Cognito self-registration where unnecessary, and validate OIDC trust policy conditions include proper sub/aud claims.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FFH8dv3/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/TQZixWqQNWkhrsdB-HHTUeE_SlOhDST_MGQiIqDz8mo=433">
<span>
<strong>Practical Resources for Detection Engineers (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Detection engineering is a proactive threat-hunting specialization that applies software engineering processes to detect attackers. Prospective detection engineers should choose a domain to focus on, such as cloud workload security, cloud application security, cloud misconfigurations, endpoint security, network security, IAM, or insider threat. This blog post includes a list of blog posts, videos, and books that both starters and pros could benefit from.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.runlayer.com%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/aC6bTL0STUqxTWEZYXNom5Vp9BcggQju4GsaGaGC5-E=433">
<span>
<strong>Runlayer (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Runlayer provides a secure control layer for enterprise AI, monitoring access and usage, and blocking threats in real time. It supports the Model Context Protocol for safe, compliant AI transformation across environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fprowler-cloud%2Fprowler%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/547AoTocymvkNXDO25FIlhTSE4-LykbgMnHEUzN5hxY=433">
<span>
<strong>Prowler (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prowler is an open-source security tool for AWS, Azure, GCP, and Kubernetes for performing security assessments, audits, incident response, compliance, continuous monitoring, hardening, and forensics readiness. It includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS, and more.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FR3DRUN3%2Fmagnet%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/YBtXNjRE6nRZtaHWC0xykWPzh4Bpco27I8-pE8DKdSw=433">
<span>
<strong>Magnet (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Magnet is a purple-team telemetry and simulation toolkit.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhelixguard.ai%2Fblog%2Fmalicious-sha1hulud-2025-11-24%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/RQXv2HJJZq6-JlXHB7UfWMiz3XOEOXWTsgfjIFvzehg=433">
<span>
<strong>Shai-Hulud Returns: Over 300 NPM Packages infected via Fake Bun Runtime Within Hours (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 300 NPM packages were poisoned via compromised maintainer accounts that injected a fake Bun runtime preinstall script that deploys a 10MB obfuscated JavaScript payload to steal credentials. The malware uses TruffleHog for local secret scanning. It exfiltrates NPM tokens and cloud credentials (AWS/GCP/Azure) via rogue GitHub Action runners named SHA1HULUD, and achieves worm-like propagation by republishing infected packages using stolen tokens. High-impact packages affected include @zapier/zapier-sdk (2.6M weekly downloads), posthog-node, and @asyncapi/specs. Teams should audit dependencies for setup_bun.js/bun_environment.js files, rotate any potentially exposed credentials, and pin package versions to known-good releases.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmobile%2Fgoogle-enables-pixel-to-iphone-file-sharing-via-quick-share-airdrop%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/cOoHTIa6zA--XYlXBQ6vZrBbSUdOs0S6yRIgAb8Mx60=433">
<span>
<strong>Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has enabled Quick Share interoperability with Apple AirDrop on Pixel 10 devices. The feature was implemented in Rust to eliminate memory-safety vulnerabilities. NetSPI penetration testing confirmed no data leakages. The system uses direct device-to-device connections via AirDrop's βEveryone for 10 minutesβ mode without server intermediaries. However, users must manually verify recipient devices to avoid accidental sharing with nearby strangers. Security teams should note that this expands the cross-platform attack surface for social-engineering file transfers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fradzarat-spyware-hijack-android-devices%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/YA1DB0ZclNdZNCL4LaEqEGaYzOQpj8x1skGZOtutVTM=433">
<span>
<strong>New RadzaRat Spyware Poses as File Manager to Hijack Android Devices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RadzaRat is an Android RAT masquerading as a file manager with complete AV evasion (0/66 on VirusTotal) and keylogging capabilities. The malware uses free infrastructure (Render.com and a Telegram bot) and persistence mechanisms that prevent termination and survive reboots. The APK has been openly distributed and actively sold on underground forums by developer 'Heron44' since November 8. Security teams should implement behavioral detection and app vetting policies, as signature-based defenses are currently ineffective against this threat targeting credentials and financial data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F11%2Fai-teddy-bear-for-kids-responds-with-sexual-content-and-advice-about-weapons%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/FJ9YYeSWxIkngJDMDx340mB7BYhePGVOJ3Gh7ztPpdw=433">
<span>
<strong>AI teddy bear for kids responds with sexual content and advice about weapons (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FoloToy's GPT-4o-powered βKummaβ teddy bear spontaneously introduced sexual content, BDSM topics, and dangerous household advice during testing, prompting OpenAI to revoke the developer's API access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2F146000-impacted-by-delta-dental-of-virginia-data-breach%2F%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/o8dW2YXWHeHylFqecfoUIcAt4yT8Shy0PtnYKIu9gTg=433">
<span>
<strong>146,000 Impacted by Delta Dental of Virginia Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Delta Dental of Virginia notified approximately 146,000 individuals after a security breach of an email account exposed personal information.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F184985%2Fdata-breach%2Fiberia-discloses-security-incident-tied-to-supplier-breach.html%3Futm_source=tldrinfosec/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/YTx6fCwvC6khfY6jKCnmTJK-yxOJkC-NqKWoRogg6Fw=433">
<span>
<strong>Iberia discloses security incident tied to supplier breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Iberia experienced a data breach due to a supplier hack.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/EPg1T8WkINNpcRKWFVubQTjoBcQbwI4e4fn5bDkkKGY=433" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/G3Cc7oXsEP4mZuSAPuDjXgEPcJOpZ3k74M6h3_DCTGs=433" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/f2MQdkrgjZgl2wE0UjK4_w4dG8daL-uwC-C7EOAOclk=433"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/TjwsjrLHRUgOew-O-Mdxpwx_aYNkpz2vY7_fmuWI8aM=433" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/tBTN7RPAT6uPuMstlZ07RQG0iaOU2crmu2tr0r86eLg=433"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/I9F8WZXpXiY4WQGukapZx8AnNbfIL4fMyMrBySbUsxU=433"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/DfFrNicp626RAUl6jWsqVeEX-T2Xpu6gk4ck-We0c_8=433"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/c-Fk9UyPbdpMlGlEATV51giPlutgfVPMyucqSxhOMiU=433">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=7bbbfa18-c9e0-11f0-945e-63d8f0f92c3a%26pt=campaign%26pv=4%26spa=1764079314%26t=1764079619%26s=1d811567c3cedd8f416718dc608acdb22506460e8657a7cfeadd09aadeee4195/1/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/gHXtL0Td-5MLOe69CrpLoCd2qu2nKcgLv1CdMhObhS0=433">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019abb56cc4f-41dd82a1-1612-4704-9332-ebb310c978d1-000000/A-hmMiMfH2_h08ukRfbmYt3BKpecSg-bgMwcO5NWhR0=433" style="display: none; width: 1px; height: 1px;">
</body></html>