<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Checkmarx Zero identified and removed a malicious VSCode extension, "prettier-vscode-plus," within 4 hours of publication, limiting the impact </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/MOvpRVqOLuJsbGX_uDI8FyBq0r76gAYHcgKUNgCAn90=433" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/AuO-xMDSuXpU98wafHP78wm2kVva4zTXFh__o3j3bX4=433" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b316ce40-cabf-11f0-9c1a-27ee4b7dd3d5%26pt=campaign%26t=1764166054%26s=8e8b16801a795465395be7a4520abd66af7d6cf43cba3506633b2d52c4f2ce0c/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/RNbKBFW6GDzwSZZ71x6tuo1NHi9QvAGvzxUflxJfSQY=433"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/_mmnxKFaRIiC8uqfprscOSbb649iK_HFTfWm_TdhiDI=433"><img src="https://images.tldr.tech/bitwarden.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Bitwarden"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-26</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/2/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/E0yRTbeB9UN0aHLRDrPWiqJzwEglaFwEPd_f66MivvU=433">
<span>
<strong>Password manager showdown: G2 compared 14 solutions, one dominated the competition (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When G2, the world's largest software marketplace, analyzed 14 enterprise password managers, the results weren't even close:<p></p><ul><li><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=form_page/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/jzCLi_1gNOS7o5SyIJ5hGMeh7yTuFxu--dYHjVcurbM=433" rel="noopener noreferrer nofollow" target="_blank"><span>Bitwarden</span></a> scored 99/100 on user satisfaction - far outperforming Keeper (78), Lastpass (61), and 1Password (30).</li>
<li>Bitwarden customers achieve ROI 29% faster than alternatives.</li>
<li>70% of Bitwarden Enterprise customers went live in under 30 days, making it the simplest and most efficient solution to implement.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fblog%2Fbitwarden-g2-enterprise-grid%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=G2_enterprise_grid/3/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/zizAUNJnLfopr8WTJsnm1ZKabNmuvGV18EVknMT1w70=433" rel="noopener noreferrer nofollow" target="_blank"><span>See the full breakdown →</span></a></p>
<p>Ready to see why Bitwarden continues to lead the G2 reports for 11 consecutive quarters? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=10538385-TLDR%25202025%26utm_source=TLDR%26utm_medium=newsletter%26utm_content=form_page/2/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/2NxGccLKmpOMpqxC8iG3f2l4TIobitAd9VdYjx_0JWU=433" rel="noopener noreferrer nofollow" target="_blank"><span>Start a free trial of Bitwarden for your business</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fprettier-extension-vscode-marketplace-anivia-stealer%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/AyVv2z-O1D5wuuYosw4QI6q6kBZE58b1DiAzO885Sbo=433">
<span>
<strong>Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Checkmarx Zero identified and removed a malicious VSCode extension, "prettier-vscode-plus," within 4 hours of publication, limiting the impact to 6 downloads and 3 installs before removal. The brandjacking attack deployed Anivia Stealer (likely rebranded ZeroTrace, sold as MaaS for €120/month) using fileless execution from memory and sandbox evasion techniques to steal Windows credentials, data, and WhatsApp chats. Security teams should implement extension vetting controls and monitor developer tool installations, as supply chain attacks targeting IDEs increasingly aim to compromise source code and credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F11%2F24%2Fus-banks-scramble-to-assess-data-theft-after-hackers-breach-financial-tech-firm%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/SNW7matI4oo0jZOua_VZmJlTAf_-yBApuQ8xcAG2VR4=433">
<span>
<strong>US banks scramble to assess data theft after hackers breach financial tech firm (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Major US banks and financial firms are investigating data stolen in a cyberattack targeting SitusAMC, a New York firm that serves hundreds of lenders. The breach involved theft of corporate, legal, and accounting records, but no malware was deployed. The full scope and impact remain under review. The FBI and affected banks are working to safeguard customer information and determine how many consumers may be affected.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fupdate-firefox-patch-cve-2025-13016-vulnerability%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/3mmX_Qk5QQl4qO8YEf-HtTLocdK_2QkrR4HRQ7_XBTQ=433">
<span>
<strong>Update Firefox to Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical memory vulnerability in Firefox's WebAssembly (Wasm) engine, tracked as CVE-2025-13016, exposed 180 million users to remote code execution risks for six months. The flaw involved a stack buffer overflow within the Garbage Collection mechanism caused by an incorrect memory pointer calculation, allowing attackers to hijack program flow via malicious webpages. Security professionals should ensure all instances of Firefox are updated to version 145 or ESR 140.5 immediately to mitigate this high-severity risk.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.nccgroup.com%2Fresearch-blog%2Fpublic-report-google-private-ai-compute-review%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/UMBBweu9TLk2FTEswPtTTYuoWffeFYgQXJrW297hVrM=433">
<span>
<strong>Public Report: Google Private AI Compute Review (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NCC Group conducted a comprehensive security review of Google's Private AI Compute system across two phases (April-September), investing 100 person-days with 10 consultants to assess the cloud-based AI system designed to extend mobile device capabilities while maintaining local privacy guarantees. The review covered architecture assessment, cryptographic implementations, IP-blinding relay security, Outbound RPC Enforcement configuration, and frontend server source code analysis. Security teams working on privacy-preserving cloud AI architectures should examine the full downloadable report for insights on attestation mechanisms, secure enclaves, cryptographic protocols, and privacy-preserving infrastructure design patterns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.promptfoo.dev%2Fblog%2Fclaude-code-attack%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/KCIazYjgcdjcGIoYFjzhRa4tVTcd9dhWoJwXNPsFT5k=433">
<span>
<strong>How to replicate the Claude Code attack with Promptfoo (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
State actors weaponized Claude Code through jailbreaking (roleplay as security researchers + task decomposition) rather than traditional exploits, achieving 82% success rates in installing keyloggers, reverse shells with systemd/.bashrc persistence, LD_PRELOAD hooks, and exfiltrating SSH/API keys. The "lethal trifecta" vulnerability arises when agents have access to private data, exposure to untrusted content, and external communication ability. Traditional security tools fail because jailbreak traffic appears legitimate and the attack vector is semantic, not technical. Security teams must implement deterministic access controls, use red team testing tools like Promptfoo before deployment, and recognize that context-blind guardrails and helpful-by-default bias create fundamental vulnerabilities requiring semantic security defenses beyond traditional WAF/IDS/AV solutions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fstop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/LZ1yIE9RgusafC4ttkNsv7_T8-rCzOn93Y4BK55ljLc=433">
<span>
<strong>Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Organizations and individuals have been carelessly exposing sensitive passwords, credentials, keys, and private data by pasting them into public online code formatting tools like JSONFormatter and CodeBeautify. These tools often let users save and share formatted data through predictable URLs, leaving credentials easily discoverable and accessible to anyone, including attackers. Thousands of secrets belonging to major sectors such as government, banking, healthcare, and critical infrastructure have been discovered. Never trust random online tools with any sensitive information, as this habit creates far-reaching security risks and exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mate.security%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr%26utm_term=ai-soc/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/maLSQ0HNXugPyY5l4VdHxO-RtcH3Sje3ptDKQaaXHa0=433">
<span>
<strong>Mindless automation won't save overwhelmed SOC teams (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Old-world automation has collapsed under the weight of the ever-changing nature of the SOC, burying analysts in more work while breaches increased. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mate.security%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr%26utm_term=ai-soc/2/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/BxAWZpeWhJ4llq_KuqkPy1RNHv4oZSdR038Om2xv_6o=433" rel="noopener noreferrer nofollow" target="_blank"><span>Mate Security</span></a> is pioneering <strong>Wisdom-led Performance</strong>: infusing company and industry knowledge into every part of the security organization - from junior and senior analysts to AI agents. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mate.security%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr%26utm_term=ai-soc/3/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/olZ-1hKpuGpQioLjxWSSfo2Cu4NVtnYlqp_8uXodDHY=433" rel="noopener noreferrer nofollow" target="_blank"><span>Become an elite SOC</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0x4D31%2Fsantamon%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/ivMrduzK3vpV95ZCZTVcmnJibR2LeUKuLkGERBDxpjU=433">
<span>
<strong>Santamon (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Santamon is an experimental macOS detection sidecar for Santa that evaluates Endpoint Security telemetry locally using CEL rules. It forwards only matched detections to a backend while keeping raw telemetry on-device. Santamon leverages Santa's existing ESF sensor capabilities, avoiding Apple entitlement requirements. It adds three detection rule types: simple matching, time-window correlation, and baseline (first-seen) tracking with optional process tree enrichment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FOWASP-BLT%2FBLT%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/1T60GTj4zGstsnrBbZGycAfRUDeYqY3G4kqKWnnrQdQ=433">
<span>
<strong>BLT (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OWASP BLT (Bug Logging Tool) is an open-source platform that democratizes bug bounties and security research. Built by the community for the community, BLT makes it easy for security researchers, developers, and organizations to collaborate on finding and fixing security vulnerabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fraysecurity.io%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/tvR14xC80AgjnEOr_7shDzkd2fvHRn5GVt-wsyW-0iw=433">
<span>
<strong>Ray Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ray Security offers real-time, AI-driven data protection for enterprises. Its platform learns and monitors data usage, applying dynamic security controls to active data, detecting unusual behavior, and automatically responding to threats without impeding operations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4095182%2Fjpmorgan-citi-morgan-stanley-assess-fallout-from-situsamc-data-breach.html%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/_XfiFABDmGyDx3pD8-Ub3q8PLwyhD1aO2eSlnPRgxOo=433">
<span>
<strong>JPMorgan, Citi, Morgan Stanley assess fallout from SitusAMC data breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SitusAMC, a mortgage data processor serving major banks including JPMorgan, Citi, and Morgan Stanley, suffered a data exfiltration attack discovered on November 12 that exposed corporate data and potentially customer PII, including SSNs, financial details, and employment records from loan applications. The attack used no ransomware, focusing purely on data theft. It was contained through credential resets, by disabling remote access, and by updating the firewall. Financial institutions must strengthen third-party risk management programs with written oversight policies per new SEC Regulation S-P amendments, as vendor breaches now account for 30% of financial sector incidents (up 15% YoY).
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.promptarmor.com%2Fresources%2Fgoogle-antigravity-exfiltrates-data%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/fN5MKBH01bOdEQJ8yNBFdVhUFgL6I68KqId3su9VgeI=433">
<span>
<strong>Google Antigravity Exfiltrates Data (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Antigravity is vulnerable to indirect prompt injection attacks where poisoned content manipulates the AI into bypassing .gitignore restrictions to steal sensitive credentials from .env files. The data is exfiltrated via a browser subagent directed to a malicious URL, exploiting default settings that allow autonomous command execution and whitelist dangerous domains. Security professionals should mitigate this risk by reviewing "Agent-assisted development" permissions and strictly monitoring AI agent access to sensitive files and external network traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fwormgpt-4-and-kawaiigpt-new-dark-llms-boost-cybercrime-automation%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/mxEyNWMDqffbycbh-fEd-W0bLBNEG3frEYt10NNhQS4=433">
<span>
<strong>WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WormGPT 4 and KawaiiGPT are new "dark LLMs" that empower less-skilled cybercriminals by automating phishing, malware creation, and reconnaissance without ethical guardrails. WormGPT 4 is a paid service that offers malware generation capabilities. KawaiiGPT is a free, open-source tool that facilitates social engineering and lateral movement scripts. Security professionals should view these tools as a new baseline for digital risk and prepare for a democratized threat landscape where advanced attack capabilities are accessible to anyone with an internet connection.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybernews.com%2Fai-news%2Fchinas-lenovo-tech-giants-stack-memory-chips-prices-up%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/Kjz0sTRAFsjDfc3uWbhcwfHwRTdAzvOB4YDFdFOJYTM=433">
<span>
<strong>China's Lenovo and other tech giants stack memory chips: the race is on, and prices are up (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lenovo is stockpiling memory chips at 50% above normal levels as AI datacenter demand creates global semiconductor shortages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fhackers-hijack-blender-3d-assets-to.html%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/RvCj3MJb1LLQJG7xZ6opAhD1dGIktFTBM697B-kttgg=433">
<span>
<strong>Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers are distributing malicious Blender 3D asset files on platforms like CGTrader, leveraging Blender's Auto Run feature and embedded Python scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fcanon-says-subsidiary-impacted-by-oracle-ebs-hack%2F%3Futm_source=tldrinfosec/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/MAyVwEFrwfQZb_m1FaA71D711DElPIE-EbwoQgpubGQ=433">
<span>
<strong>Canon Says Subsidiary Impacted by Oracle EBS Hack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Canon confirmed that a recent cyberattack linked to the Oracle E-Business Suite hacking campaign affected only a US subsidiary's web server.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/JOMJPykudngjkKxFciWhRn4vY7JzMA5oLiHI1ZJ1qr0=433" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/frEvoyAeiKBC_qH3GLZ-gT36aElYgymYWVITfkAEdeE=433" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/cwBk4-v1KBs0XuXcKi0k5QNB5mzRqqy8j2tVlKihhL8=433"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/JMaQlnYJV2yxheuLCu3kA0dcMCI7EcW1Yw9rNQd95L4=433" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/2IYIMzPqlVbPo-k9uxs5PRuD2nbsm6vSlJ1o5BTo9QU=433"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/HhVAYfdjgxwZbfceEgZJec7aBCy7msHBH1DCRvoIgTw=433"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/Ipw9Yika-ZpFYCT428D2zfum3pWAOvo3sU7PnikZGDw=433"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/4_iKKZjsbZf_zoE8Iuxka1SUIC8euaqfw-ylV41NaOg=433">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b316ce40-cabf-11f0-9c1a-27ee4b7dd3d5%26pt=campaign%26pv=4%26spa=1764165756%26t=1764166054%26s=b6116768b1c99e896eaf12f715634c1e4768f15ade04e919dcb4fc1903ecca08/1/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/HoiSXn4aJM-8qPPB8536WRXX-4RSxyvOeAOven_Ypn0=433">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ac07db2e7-43992975-209a-437c-b29a-0ffaede03b88-000000/70S0sOMMJ9kjAunt4cg8HKmM1zZcwf2xU3B1zCG8RuY=433" style="display: none; width: 1px; height: 1px;">
</body></html>