<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The popular open-source SmartTube YouTube client for Android TV, which provides ad blocking and runs well on low-powered devices, was compromised β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/Ait4Z6iONXCI7Ik35tSPp8GBUTsEk20FRmR_7jaeHR8=434" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/nYcQ85GjleSgeFJtxK-XxEQcq_YgSigMhTtDv0hGnEU=434" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f396156-cf3b-11f0-8211-cb95d47fe381%26pt=campaign%26t=1764684440%26s=8a98235956980e9285b18d415d7a27e7f2c64b6df7c9a12b9dcbc9bbc198996a/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/gYd0yPxUFnqtbN-3CkAuGLqH8hrWHQDmcaVDhxbWjBU=434"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251202/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/_Yge_EQNO99q7UCwIHQ2ZCQ-TYWK1Zc9_LX5yWIdm5U=434"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-02</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251202/2/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/6lq7aNqBjEWmG5YwGudbJRdq065f2L6UCfTDnqz6dC0=434">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Today's phishing attacks involve AI-generated voices, videos, and interactive deepfakes of company executives. They fool 99% of people.<p></p><p>Adaptive Security - backed by <strong>$65M+ in funding from OpenAI and a16z</strong> - is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251202/3/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/lsyiDyxv5a0OVzWKFD2zaMN6dWti9z522cTmYqnBrrA=434" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive trains your team with tools that stay one step ahead:</p>
<ul>
<li>Deepfake attack simulations featuring your real executives in realistic attack scenarios</li>
<li>Interactive, personalized training content tailored for each employee</li>
<li>AI-driven risk scoring that reveals what attackers can learn from your public data</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251202/4/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/nsoNplRwOxQwD3p9cb042xzsgKQkQMD41GnBYi_j7sA=434" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>and chat with a custom interactive deepfake of your CEO</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251202/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/bo5lQps3F6Bf7IrLeldd7sWLb12MqmnE0yjK9Q_PV-o=434" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.plerion.com%2Fblog%2Fprivilege-escalation-with-sagemaker-and-execution-roles%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/__9ax7aAPmgKXwg91_4sz8do-vsyyze7DNKO8MDZcWU=434">
<span>
<strong>Privilege escalation with SageMaker and there's more hiding in execution roles (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Privilege escalation flaws have been discovered in AWS SageMaker. Attackers with specific permissions can inject malicious code via lifecycle configurations, mimicking EC2 user data escalation and affecting Lambda and CloudFormation. It is important to detect stop-modify-start sequences in CloudTrail and implement strict access controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzM9xC7/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/4DAmBgS5LrgN77jdasM-Xc_SkG4yE2ZVlb5hl6Z5tYI=434">
<span>
<strong>Top South Korean e-commerce firm Coupang apologises over massive data breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korean e-commerce giant Coupang disclosed unauthorized access that affected 33.7 million customer accounts beginning June 24 through overseas servers, exposing names, email addresses, phone numbers, shipping addresses, and order histories. Authorities are investigating a suspected Chinese former employee. The government is examining potential personal information protection violations. This is the country's worst data breach in over a decade.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fsmarttube-youtube-app-for-android-tv-breached-to-push-malicious-update%2F%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/0teTFntJqTTrHd10wiUPk_pvJhyvqpVqcRZ2WEwTCE8=434">
<span>
<strong>SmartTube YouTube App for Android TV Breached to Push Malicious Update (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The popular open-source SmartTube YouTube client for Android TV, which provides ad blocking and runs well on low-powered devices, was compromised after an attacker gained access to the developer's signing keys. The compromise was detected when multiple users reported that Play Protect blocked SmartTube. The app developer confirmed that his digital keys were compromised and stated that he had revoked the old signature and would publish a new version with a separate app ID.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2025%2F12%2F01%2Fbind-link-edr-tampering%2F%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/Q9iMdiNv6LTVrrrpOYTyrvGJO38VU65gqximhfO-T9Y=434">
<span>
<strong>Bind Link β EDR Tampering (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors can abuse Windows 11's Bind Link API through the bindflt.sys driver to redirect EDR installation folders to attacker-controlled directories, enabling DLL hijacking and code execution under EDR context. The EDR-Redir proof of concept uses LoadLibraryW to load bindfltapi.dll and CreateDirectoryW to create transparent folder mappings between virtual and backing paths. CrowdStrike, SentinelOne, and Carbon Black have implemented BindFlt monitoring, while Microsoft Defender for Endpoint remains vulnerable. Security teams should deploy Sysmon Event ID 7 monitoring for bindfltapi.dll image load events, validate whether legitimate bind link usage exists in their environment to reduce false positives, and investigate EDR vendor support for bindflt driver activity detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows%2Fdeployment%2Fwindows-autopatch%2Fprepare%2Fwindows-autopatch-start-using-autopatch%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/2pW_97r-tRnYnZ1KBp83uB3EMNFh3yc6Pv2GnoPKA30=434">
<span>
<strong>Start Using Windows Autopatch (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Intune provides an endpoint management suite for Windows devices. Windows Autopatch is built into Intune and allows administrators to define groups to gradually roll out to an organization. Administrators can also configure hot patching on devices to expedite compliance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpulse.latio.tech%2Fp%2Fshai-hulud-20-analysis-and-community%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/65cgaDmLJi50bnE9FQYVpqPdtDiYBYHSwfk4tTeilKw=434">
<span>
<strong>Shai Hulud 2.0: Analysis and Community Resources (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Shai Hulud 2.0 is a large-scale software supply chain attack that compromised many popular npm packages, including ones tied to services like Zapier, ENS Domains, PostHog, and Postman, in order to steal secrets and establish remote code execution via GitHub runners. Defenders are advised to use published IOCs and scanners to identify infected packages and leftover malware files, treat any secrets on affected machines as compromised, and rotate or revoke them.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/rwzQwqg4iMJ-p6XaFBQlNaOodjV4h67g4eH_jhE6Bu0=434">
<span>
<strong>Special offer for TLDR readers: $200 off Zero Trust World 2026 with code ZTWTLDR26 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ThreatLocker's annual <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/-cweh0LR_Qvrkc5lcvG48bgeVgk0d3Y3dakbWunA4kY=434" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a> is the most interactive, <strong>hands-on cybersecurity learning</strong> event. Join hacking labs, become Cyber Hero certified, and attend sessions led by cybersecurity, IT, and business experts.
<p></p>
<p>π TLDR readers get <strong>$200 off all-access registration</strong>. That's <strong>33% less than the list price</strong>. </p>
<p>π Registration includes all sessions and labs (including CPE-eligible sessions!) </p>
<p>πΉAt <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/2/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/ZiKGUjOKjulWwAyz6t8fsmyyzbGmcckmtvdGm4LAAd4=434" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a>, all access really means all access, so meals and the afterparty are included with each pass. </p>
<p>Use code <strong>ZTWTLDR26</strong> for <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/3/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/7STwEnefLv-nyTFDpx27usnHSlw2Yq0XpfyokY2KvtA=434" rel="noopener noreferrer nofollow" target="_blank"><span>$200 off your all-access pass</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSam0rai%2Fguilty-as-yara%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/NTHx2kPPc-nACqGSAGkJcEe1fLbsLGFf3YIVrnHgGfQ=434">
<span>
<strong>Guilty-As-Yara (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Guilty-As-Yara is a Rust-based tool that generates Windows PE executables containing data patterns designed to trigger YARA rule matches for validating rules.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fnowsecure%2Fr2frida%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/NuJ-fobsk5w1h4SNA_fO2nwNzjAwulDp3Wjv7CvDnAQ=434">
<span>
<strong>R2frida (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
r2frida is a radare2 plugin that bundles Frida to instrument and analyze local or remote processes via r2 commands and scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Ftomiris-shifts-to-public-service.html%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/cCRXDGIXzD8khmKFd2V_TgLz8usu7oat49R_vuDcBsc=434">
<span>
<strong>Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tomiris is a Kazakhstan-linked threat actor that leverages Telegram and Discord as command-and-control infrastructure while targeting foreign ministries and government entities across Russia and Central Asia through spear-phishing campaigns. The attack deploys multi-language malware, including Rust-based downloaders, Python-based backdoors like Distopia, and custom implants. Over 50% of lures use Russian-language content to blend malicious traffic with legitimate service activity. Security teams should monitor for unusual Telegram and Discord API traffic patterns, implement application control policies that restrict execution from archive files, and deploy behavioral detection to detect persistence mechanisms targeting Windows Registry modifications associated with these custom implant families.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FK8Zaqx/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/jUYlm9dm4cZMyK2qzYUjRJel8UV_gmPywRenJXGrIpU=434">
<span>
<strong>AWS pre:Invent Security Highlights: What Changed and Why it Matters (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS has added a new CLI command, `aws login`, which allows users to obtain short-lived credentials for AWS even if the account isn't configured with IAM Identity Center. AWS IAM Outbound Identity Federation now allows AWS users or services to request a short-lived JWT for external services that trust your AWS account, which can replace the use of hardcoded, long-term credentials or API keys in Lambda or EC2. AWS has also enabled Attribute-Based Access Control (ABAC) for S3, which allows users to define access permissions to S3 using tags instead of listing every bucket in an IAM policy.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBQ5qym/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/EBvzRfI7nbPT-HCsUL5F1yEgM2G3odxNCFlmqEPa-Rw=434">
<span>
<strong>Purple Team Maturity Model: From Chaos to Controlled Chaos (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Organizations that wish to start with purple teaming can begin by defining a purple team strategy with loosely scheduled sessions, referencing MITRE ATT&CK tactics in testing, and feeding early detection gaps into detection engineering. Teams can then introduce metrics as they mature, begin using more structured purple team exercises, and map red team TTPs more closely to MITRE ATT&CK tactics and threat intel. As teams further mature, they can introduce automated adversary emulation. Eventually, purple teaming can be driven by threat-intel, continuously run fully automated attack chains, and integrate machine learning, SOAR, and XDR to power rapid detection and response.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4utjrk/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/5ud-avyLICRHe5oefma6XO0x03cVgMoXFN2AuNdmPWQ=434">
<span>
<strong>Train your entire organization with Infosec IQ & Infosec Skills (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unlock on-demand cybersecurity ranges and labs for your technical team with any new Infosec IQ security awareness training contract. Act now to get your <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4utjrk/2/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/XzhmGIE9q53w1aI82j65YXs7YqbHf7uUQ5h_5lzh8Ao=434" rel="noopener noreferrer nofollow" target="_blank"><span><strong>3 free Infosec Skills seats.</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Fnorth-korean-hackers-deploy-197-npm.html%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/nO_mj44uSGPW4wdza2AYyFd8ryQf6dsds17JZGUlFwQ=434">
<span>
<strong>North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korean threat actors deployed 197 malicious npm packages downloaded over 31,000 times as part of the Contagious Interview campaign.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffake-shopping-sites-cyber-monday%2F%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/YY43A0wDv4F-JLCkKmUMcEzV0g_1niIhuR-l3_bh6N0=434">
<span>
<strong>Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CloudSEK discovered over 2,000 interconnected fake shopping sites targeting Black Friday and Cyber Monday shoppers through coordinated phishing campaigns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F12%2F01%2Feuropean-cops-shut-down-crypto-mixing-website-that-helped-launder-1-3-billion-euros%2F%3Futm_source=tldrinfosec/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/C4ZSmmx_YMPLpwLcobNwyJd-Hh2tEj9Uk13KQzyJhzQ=434">
<span>
<strong>European cops shut down crypto mixing website that helped launder 1.3B euros (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Europol and partner agencies have seized Cryptomixer, a widely used crypto-mixing service linked to cybercriminal activities such as drug trafficking, arms sales, ransomware, and card fraud.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/Nibt2rgyV7NWQXYhFX3WfaeSjFaILEotzgRHxjyVxvM=434" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/0B2Ceih-YC5KAR2jewUga9Pa4Hp7wzrrkoL_2fpejL4=434" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/84j7Sdh2nQKokSp9gCQx0LJr6ULGH-jfkDkzVI_Ow-s=434"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/EFpp1cF4cC7gIsKk1AXBABennelSTB0kVejvIPnICPQ=434" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/jIGE5WSxEtbbgOVjRjVu4zBjonUX5lfJxd5WgFW5JN8=434"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/7Re-2uIPtpCltLO1vj2XlRe_rhgB3encbNg7JmzjQIw=434"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/QDS05gTEj2Tz5QUvJf4Omv_Eer9dpfhhtv1hMpFvkSY=434"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/gFbqVEW4cbPKYBSJCykaBaPJf1n0CVqVTWkASquMUVc=434">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f396156-cf3b-11f0-8211-cb95d47fe381%26pt=campaign%26pv=4%26spa=1764684140%26t=1764684440%26s=554e77694d80dd626aa86231cdeda651eca5e199a483ba08198aa053c01f2e6c/1/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/R1Ap0UCY8aqxw9qToEcXoDti3ufYzuGb-DzQ1NpYi_g=434">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019adf63a2e8-ba57ec32-8b62-46ed-91b8-0ed880f649af-000000/NWwrkkknFEGuCUlgyY1bEYlkU4kUbSByFr0cJ1LD7Uc=434" style="display: none; width: 1px; height: 1px;">
</body></html>