<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A breach of Mixpanel's analytics platform exposed OpenAI API user metadata, including names, emails, location data, and internal user/org IDs β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/B0CXKgzjRUI7Ck-WXMG75GuKYMfaKk66reVh3wvawRc=433" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/z5A05AxwV84luGIL61wtSvt426342fs3xtVgGAKxIKQ=433" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=eb0ed8e4-cc57-11f0-89c6-47395fbe27e3%26pt=campaign%26t=1764338940%26s=17b4498a077b676dab685d840e667c9810b3cfeb3cb4372397ad715168354e5e/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/adulzEoO7sR8hlSPBT87F8Ni7vdSZi6iL-Qecc4isbA=433"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/Ea3kRLtHnfb-k02dnerTOj_nwXBzwemQEfLKFAl-uDs=433"><img src="https://images.tldr.tech/threatlocker3.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="ThreatLocker"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-11-28</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/2/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/jvfdfVCwzoGUzIb3-X5Gbc6ytwHVnkN5RWGFoQLZYxo=433">
<span>
<strong>Special offer for TLDR readers: $200 off Zero Trust World 2026 with code ZTWTLDR26 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ThreatLocker's annual <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/3/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/iLMRyxQruFVkBHkDr06juZrHToCDkPte9ZclXp1UugI=433" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a> is the most interactive, <strong>hands-on cybersecurity learning</strong> event. Join hacking labs, get Cyber Hero certified, and attend sessions with cybersecurity, IT, and business experts.
<p></p>
<p>π TLDR readers get <strong>$200 off all-access registration</strong>. That's <strong>33% less than the list price</strong>. </p>
<p>π Registration includes all sessions and labs (including CPE eligible sessions!) </p>
<p>πΉAt <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/4/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/8rcNqwosXSK59SERrDsHDlbTsY2Cq1BGd-ye6MdRHtQ=433" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a>, all access really means all access, so meals and the afterparty are included with each pass. </p>
<p>Use code <strong>ZTWTLDR26</strong> for <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/5/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/DYkp3WRAEm3ahEuQC40spRtNVaDivcskkZrm6Dm456w=433" rel="noopener noreferrer nofollow" target="_blank"><span>$200 off your all-access pass</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fopenai-api-mixpanel-data-breach-chatgpt%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/JRJ3QbFoOQ9OBtHFVichSs9m2yJDFJ8yDgPJRAssXk4=433">
<span>
<strong>OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A breach of Mixpanel's analytics platform exposed OpenAI API user metadata, including names, emails, location data, internal user/org IDs, and browser information. No passwords, API keys, chat logs, or payment data were compromised, and ChatGPT users were unaffected. OpenAI immediately removed Mixpanel from production and notified impacted users. It is conducting a broader vendor security audit. This incident highlights third-party vendor risk. Organizations should inventory analytics tools that receive user data, enforce data minimization policies with vendors, have API users enable MFA, and monitor for targeted phishing using the exposed metadata.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F185126%2Fdata-breach%2Fasahi-says-crooks-stole-data-of-approximately-2m-customers-and-employees.html%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/LdPDHCBbjOYCnEhOEeEl7wtA8zGIwXnqkkNZbG1nFMo=433">
<span>
<strong>Asahi says crooks stole data of approximately 2M customers and employees (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ransomware operators hit the Asahi Group in late September, crippling Japanese operations and exposing data on around 2 million people, including customers, employees, and their families. Personal information such as names, addresses, phone numbers, emails, birth dates, and gender was accessed, but no credit card data was involved.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fgainsight-ceo-downplays-salesforce-attack%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/vzC5kGGrMqvMPeki6MU7l-o15YFv6Gh0AJZgHrXxCFQ=433">
<span>
<strong>Gainsight CEO downplays impact of attack that spread to Salesforce environments (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gainsight is investigating a breach involving its Salesforce-connected app, working with Mandiant and relying heavily on Salesforce logs to understand which customers were affected and how attackers used compromised OAuth tokens. The company insists that only a small number of customers saw data impact. Google Threat Intelligence has flagged hundreds of potentially affected Salesforce instances.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.recordedfuture.com%2Fblog%2Fthreat-hunting-vs-threat-intelligence%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/Ebt_6eW9JrCRkdPb2GYjYI88jIN4gQaMNM_I8qrgxkE=433">
<span>
<strong>Threat Hunting vs. Threat Intelligence (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat intelligence focuses on understanding the external threat landscape, while threat hunting proactively investigates internal systems for threats that have evaded automated defenses through hypothesis-driven analysis and behavioral anomaly detection. The two functions create a feedback loop: intelligence provides IOCs, TTPs, and focus areas to guide hunting hypotheses, while hunting discoveries enrich intelligence with validated internal findings. Security teams should integrate both by using threat intelligence to prioritize hunting efforts via MITRE ATT&CK TTP mapping, embedding intelligence feeds into SIEM/EDR for automated IOC correlation, and establishing workflows that link hunting results to strategic and tactical intelligence products.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.yeswehack.com%2Flearn-bug-bounty%2Fsyntax-confusion-ambiguous-parsing-exploits%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/jQqW7DBOvV_vIbEQ6KV-a8FVw98XBpd9TCcOjCqlp80=433">
<span>
<strong>The minefield between syntaxes: exploiting syntax confusions in the wild (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Syntax confusion arises when different components, such as browsers, proxies, frameworks, or libraries, parse the same input in conflicting ways, letting attackers bypass filters or change behaviour. By abusing alternate syntaxes, an attacker can slip dangerous characters or paths past validation and turn limited issues like SSRF or cache quirks into powerful primitives such as stored XSS or arbitrary file access.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2F%3Futm_source=tldr%26utm_medium=email%26utm_campaign=lightspeed-promo-1/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/RqrAyurzie8X77lyA6IhMZCehc7aBhkG55e93ozqu9A=433">
<span>
<strong>XBOW: Expert-Level pentesting done in hours. No meetings required. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Traditional pentests take weeks or more. With <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2F%3Futm_source=tldr%26utm_medium=email%26utm_campaign=lightspeed-promo-1/2/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/HWGAsS4xG4AIztYECQG8eVS91LknPL2RuQBecpAObd8=433" rel="noopener noreferrer nofollow" target="_blank"><span>XBOW Lightspeed Pentest On-Demand</span></a> you can launch a test in minutes. Get your compliance report in 5 business days, including proof-of-exploit findings, and stay audit-ready. Try it yourself to see why XBOW is ranked #1 on the HackerOne World Leaderboard with 1,092+ zero-day vulnerabilities discovered to date. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2Fpentest%3Futm_source=tldr%26utm_medium=email%26utm_campaign=lightspeed-promo-1/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/KN6Yq24hxfkAXAVgdcS8ewZISHfFuSSi9eJt3JhxS20=433" rel="noopener noreferrer nofollow" target="_blank"><span>Start your test.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farcanum-sec.github.io%2Fdevops-attack-surface%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/RY9sBYCv63afr0tTIMraHKrPHERtMqsnOVC8RF6GczU=433">
<span>
<strong>DevOps Pipeline Attack Surface (WebApp)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fully searchable, client-side guide to 88+ tools across 15 categories for pentesters and red teamers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FEvilBytecode%2FGoDefender%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/HmMe5F9CRhODSC9NI8i5s8UZiKWa_2i13OLmz2VpAJo=433">
<span>
<strong>GoDefender (Github Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GoDefender is a Go-based security toolkit that detects and defends against debugging, virtualization, and DLL injection attacks to hinder reverse engineering efforts. It provides virtualization detection, anti-debugging via API monitoring and critical function patching, and DLL injection prevention using Binary Image Signature Mitigation Policy to block non-Microsoft binaries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FInfisical%2Finfisical%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/iXASAr4LrS-TbjMOcf1qzH8p9yc1YGkjuLDV7zvU5ho=433">
<span>
<strong>Infiiscal (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Infisical is an open-source secrets management platform that features a dashboard, client SDKs for fetching secrets, an API, and integrations with several platforms, like Kubernetes and Terraform.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0voZc2/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/HDGz4s2dRAahbu0KSq7ldm5gaNQGMn8wB31AsSCeCUc=433">
<span>
<strong>Inside the GitHub Infrastructure Powering North Korea's Contagious Interview npm Attacks (21 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Socket Threat Research exposed North Korea's Contagious Interview operation, which added 197 malicious npm packages since October, using a GitHub-Vercel-npm delivery chain to distribute OtterCookie malware targeting blockchain and Web3 developers through fake job interviews. The malware performs comprehensive data theft. Security teams should treat npm installs as remote code execution, implement network egress controls on CI/CD systems, require code review for GitHub templates, and deploy real-time package scanning to detect behaviors like import-time loaders and eval on network responses before malware executes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Freport-names-teen-scattered-lapsus-hunters-group%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/gpaTAwN2Jp93hrbRHbil_XIMI7VSf-TGVkRoPM-HzkM=433">
<span>
<strong>Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 15-year-old in Jordan known as "Rey" was allegedly identified as a key administrator of Scattered LAPSUS$ Hunters after operational security failures. The group, which merged tactics from Scattered Spider, LAPSUS$, and ShinyHunters, conducted high-impact attacks against Jaguar Land Rover, Schneider Electric, Telefonica, and other major organizations using stolen Salesforce data, insider recruitment, and ALPHV/BlackCat ransomware variants. The group vigorously denied the allegations in a detailed Telegram response, offering 10 BTC to anyone who could prove Rey's identity with evidence. Rey himself claims he's been cooperating with law enforcement since June and is attempting to exit the cybercrime community.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F11%2F27%2Fwestern_isles_ransomware_council%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/qTt6r8PMmUnobk5vj3x4kvudhkC_CHovyuBOCE-XK3E=433">
<span>
<strong>Scottish council still rebuilding systems two years after ransomware attack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 2023 ransomware attack on Comhairle nan Eilean Siar forced the Western Isles council to rebuild multiple core systems, leaving some finance and revenue platforms still not fully restored two years later. The incident has cost around Β£950,000, created large data gaps and backlogs, and left staff under intense, prolonged pressure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4097381%2Fmicrosoft-teams-guest-chat-feature-exposes-cross-tenant-blind-spot.html%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/1zDPtzqwOwvL6un26O7VUqptuYSJ7Y3x2HuDncD4DbA=433">
<span>
<strong>Microsoft Teams' guest chat feature exposes cross-tenant blind spot (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Teams' cross-tenant guest chat feature (MC1182004) bypasses all Defender for Office 365 protections when users accept external tenant invitations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks%2F%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/HiZCMU4IRC4Rim2x3toF4fDZyL5uZ3WlgdMpmLQJH0E=433">
<span>
<strong>Microsoft to secure Entra ID sign-ins from script injection attacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft will implement a strengthened Content Security Policy for Entra ID by October 2026 that blocks external script injection and cross-site scripting attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F11%2Ffake-linkedin-jobs-trick-mac-users-into-downloading-flexible-ferret-malware%3Futm_source=tldrinfosec/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/iLSqhI36hQMVOclQ8fItW9zWwJ2w9YOTx4cU84c3-cI=433">
<span>
<strong>Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Contagious Interview campaign targets Mac users through fake LinkedIn job postings that lure victims to fraudulent assessment websites.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/Qy0vbJZhNzc2P2sh3GPnsXM9NuYNgkImzxv4h6JCumU=433" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/tATb_1Z1udr1r_Fkb_GIb9fi871WkkslOO42uAqQVJQ=433" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/ssRQm9HjYYHjWcNqhW5PBp4aXzDm0mCqRhG2g7UcAKI=433"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/QnJP-8o7w60pKpE5P4LyXQiGK8cOTkFrUh7KHmOhNFs=433" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/q4Yzii9gtjKXeJGl4rcOogMOErPtKIl1dT-a7ujIXwM=433"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/fAnwdurESjVkJMqnaDegcsnNpO1cIpc5OxInDLFM9jI=433"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/iVwZ05-GqoMtyFMwdIVv2JbYX3IRtz0iFck-UFUI_nU=433"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/5rw0LEacxZnAi9SN-zwprLQpF8-yzL1vw4i8hREG5KU=433">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=eb0ed8e4-cc57-11f0-89c6-47395fbe27e3%26pt=campaign%26pv=4%26spa=1764338654%26t=1764338940%26s=2339d7aaf0f6abf6764d517747d597457c9c0e59ba56cb93cb2a36eb3ce704f5/1/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/1fUDzddoOlmA_3di9kDhr-D9EJ2QrBLTPzb_7LsfoFQ=433">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019acacbbb53-ab33a3cd-9531-4570-8857-9ab23ea8c05c-000000/bF1hzOsyeXQe0VveA0Vxe3WsnApzgQ9kxs9EBn3Tayc=433" style="display: none; width: 1px; height: 1px;">
</body></html>