<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Google patched a Gemini Enterprise weakness that let attackers hide prompt-injection instructions inside shared Docs, Calendar events, or emails. β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/wT08s06GqUYagIQFQviT-fpO0sHYBPMjWQZFunPQhhM=435" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/PxzfNpVJpuSn8Mk3zfRcFgiYQC_My50Pe7ZU7vzeFoM=435" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=07394d90-d5b5-11f0-adcd-152ad07d91bf%26pt=campaign%26t=1765375592%26s=fd3163369bced242c17a9ef2c43271219e06fc845bb56764fc6645577d9e5659/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/dOJ8RyyvbwS7OnACyjoRLfmHW2dA6r-yAK9OGGYBRyU=435"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251210/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/HCgGH4CGJ7yrX2aE3EJbD60QuKZJ9GapuA-JCVdTcIs=435"><img src="https://images.tldr.tech/adaptive.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Adaptive Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-10</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251210/2/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/y-9ER0bbCYg4lfcTwxqbbAjquLNZnIZpuX7XSKV5WpY=435">
<span>
<strong>When your CEO calls, will you know it's real? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Today's phishing attacks involve AI-generated voices, videos, and interactive deepfakes of company executives. They fool 99% of people.<p></p><p>Adaptive Security - backed by <strong>$65M+ in funding from OpenAI and a16z</strong> - is the first <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251210/3/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/CuIVLNpCy7PBESuujC4hM3QJJwdVGUROoYsEK2vskwI=435" rel="noopener noreferrer nofollow" target="_blank"><span>security awareness platform built to stop AI-powered social engineering</span></a>. Adaptive trains your team with tools that stay one step ahead:</p>
<ul>
<li>Deepfake attack simulations featuring your real executives in realistic attack scenarios</li>
<li>Interactive, personalized training content tailored for each employee</li>
<li>AI-driven risk scoring that reveals what attackers can learn from your public data</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fsecurity-awareness-training%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251210/4/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/pKUp1UghQphJinvmrHY0rQzo76ChPFZsos0pOADual0=435" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Book a demo</strong></span></a><strong> </strong>and chat with a custom interactive deepfake of your CEO</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.adaptivesecurity.com%2Fdemo%2Fself-guided-tour%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20251210/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/1m3ok67Xx7eEKnn1ca0FHzhl8mCH3KRxxjIall68814=435" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Take a tour</strong></span></a><strong> </strong>of the platform (3 minutes)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fus-universities-domains-phishing-attacks%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/lyEvzqxS0qP7KqSQW1-4DMANlECJinb1cnmQKz7l_AM=435">
<span>
<strong>Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A coordinated phishing campaign that ran from April to November targeted at least 18 US universities using approximately 70 domains and the Evilginx adversary-in-the-middle toolkit. Attackers sent personalized emails containing TinyURL-shortened links that impersonated university SSO portals to steal MFA-bypassing session cookies. UC Santa Cruz, UC Santa Barbara, University of San Diego, Virginia Commonwealth University, and University of Michigan were among the most heavily targeted. Recommended mitigations include adopting phishing-resistant MFA (FIDO2/WebAuthn) and monitoring unusual session cookie behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fover-300000-individuals-impacted-by-vitas-hospice-data-breach%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/zGSrZx0ead-tHXC1hQQRcCRVnw_Z-M9pucE_mYH0J5g=435">
<span>
<strong>Over 300,000 Individuals Impacted by Vitas Hospice Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Vitas Healthcare, the largest US for-profit hospice chain, reported that a compromised vendor account was used to access its systems from late September to late October, exposing data belonging to over 300,000 current and former patients. Exposed information includes contact details, identification numbers, Social Security numbers, medical and insurance data, and next-of-kin contacts. No ransomware group has claimed responsibility.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fivanti-warns-of-critical-endpoint-manager-code-execution-flaw%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/D8sYXZescplboVEH0ZeR2I-y0aqBMJMv2HylegLAfdI=435">
<span>
<strong>Ivanti Warns of Critical Endpoint Manager Code Execution Flaw (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ivanti disclosed a critical vulnerability in its Endpoint Manager (EPM) platform that allows unauthenticated attackers with access to the EPM web service to register fake endpoints and inject malicious JavaScript into the administrative dashboard. Ivanti also patched three additional high-severity vulnerabilities, including two that could enable unauthenticated remote code execution on arbitrary systems.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dodgethissecurity.com%2F2025%2F11%2F30%2Fsysmon-config-creation-for-the-lolrmm-framework%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/u4qHp-F53xp0yadevoUlIUbLXqTWUGtCkFOuurx38Ek=435">
<span>
<strong>Sysmon Config Creation for The LOLRMM Framework (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher released a Sysmon configuration tailored to detect Remote Monitoring and Management (RMM) tools listed in the LOLRMM framework. The rules cover process creation, file operations, network activity, and DNS queries, derived from behavioral analysis of RMM installers executed in VirusTotal, Hybrid-Analysis, and Any.run sandboxes. By capturing file paths, registry keys, and network indicators, the configuration helps security teams spot unauthorized RMM activity even when binaries are renamed or obfuscated.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ncsc.gov.uk%2Fblog-post%2Fprompt-injection-is-not-sql-injection%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/HEig3eUJw7qfQUWTPEEcFRVolr2915PiEyWGinIY1KQ=435">
<span>
<strong>Prompt Injection Is Not SQL Injection (It May Be Worse) (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK NCSC explains that prompt injection fundamentally differs from SQL injection because LLMs do not separate instructions from data, they simply predict tokens. As a result, techniques like parameterized queries cannot fully mitigate prompt injection. The agency recommends treating LLMs as "inherently confusable deputies" and implementing deterministic guardrails that constrain system actions outside of the model rather than relying on input filtering. Effective defenses include enforcing least privilege for LLM-driven workflows, closely monitoring tool and API usage, and acknowledging that prompt injection remains a residual architectural risk.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fisaacdunham.github.io%2Fposts%2Frisk-based-alerting-in-sentinel%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/j3aOWpDwXfclCqKSmtTdK9PS8BJSPTr0JdGvj9d75mQ=435">
<span>
<strong>Risk-Based Alerting in Microsoft Sentinel (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Risk-Based Alerting (RBA) allows analysts to combine multiple lower-fidelity alerts into a single higher-confidence incident by assigning risk scores to alerts that do not individually generate incidents. An incident is only created once a cumulative risk threshold is met. When assigning scores, teams should weigh potential impact, the criticality of the asset or user involved, and the confidence that the behavior reflects real malicious activity. This approach can reduce alert fatigue and improve triage efficiency.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.resemble.ai%2Fdetect-3b-omni%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/At8TvjMkMvVcSUmQzdzz5_BRT3rht8hzWHQYIBRqa4w=435">
<span>
<strong>Resemble AI introduces new deepfake detection model for voice, image, and video (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Deepfakes are getting more sophisticated and now span voice, image, and video. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.resemble.ai%2Fdetect-3b-omni%2F/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/B4Wu_bcqNGR7IoNq7l7-TvdYxrQj8ChBGXNGBwH5SC0=435" rel="noopener noreferrer nofollow" target="_blank"><span>Resemble AI's DETECT-3B Omni</span></a> gives security teams a way to fight back: this multimodal AI model was trained on 3 billion parameters to deliver unified deepfake protection across all content types, with a benchmark-beating 94-99% accuracy. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.resemble.ai%2Fdetect-3b-omni/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/hngaqpTQYuQ9hqvfmTbo7uNCQwrO0gkkXSIy0NHR-Q4=435" rel="noopener noreferrer nofollow" target="_blank"><span>Read the detailed breakdown</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.jamessawyer.co.uk%2Fcves%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/ab1EQ20HkLjZsJdaxK5IvU9KiFAX8ET4RaUfvHCWq3A=435">
<span>
<strong>CVE PoC Search (Website)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This tool provides a streamlined interface for searching proof-of-concept (PoC) exploit code associated with specific CVEs. Rather than serving as a vulnerability database, it aggregates and directs users to underlying PoC sources, making it useful for quickly locating exploit references for testing, validation, or workflow integration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fimper.ai%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/RDefGypzIxo2ptHy-CLXJSiHf6Ehv8qhnMHaiP9A4aM=435">
<span>
<strong>Imper AI (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Imper.ai provides real-time detection and prevention of impersonation and social engineering attacks across video, voice, phone, and chat communications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fzigaaaaaaaa%2FCrackFtp%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/K_jo4qsmhMdYnmU_cNg3HlTe3APUnyrvve3fBmFThxQ=435">
<span>
<strong>CrackFtp (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CrackFtp is a mass FTP checker and cracker designed to test login credentials and alert on successful logins to secure domains with Telegram notifications.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7SU7gp/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/4pANOQVGUyQl3p15k3OHtKgnIdIFKck98LS080OV33U=435">
<span>
<strong>The Curious Case of Twin Hackers Accused of Erasing US Government Databases (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Twin brothers Muneeb and Sohaib Akhter, federal contractors previously convicted of hacking in 2015, were arrested for allegedly deleting nearly 100 government databases containing FOIA records and sensitive investigative files. After learning of their termination from Opexus, the pair allegedly used still-active credentials to access systems. Authorities say Muneeb also stole IRS tax records of 450 individuals and attempted to erase evidence via AI-assisted log deletion queries. The case underscores the need for immediate credential revocation on termination, rigorous vetting for privileged roles, and strong backup strategies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.volexity.com%2Fblog%2F2025%2F12%2F04%2Fdangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/6OZ3uZpYJBf1AYJn2rhCctti-In4fVFDsTBf3c3RbbI=435">
<span>
<strong>Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Russian threat actor UTA0355 impersonated multiple prominent European security conferences, including the Belgrade Security Conference and Brussels Indo-Pacific Dialogue, to harvest Microsoft 365 credentials. The attackers created convincing replica websites and abused OAuth and Device Code authentication flows. They used rapport-building outreach on WhatsApp and Signal, leveraged compromised accounts for credibility, and selectively triggered credential theft based on targeted email domains. Defenses include user training on OAuth consent prompts, monitoring anomalous device registrations in Entra ID, and enforcing conditional access controls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F09%2Fhypervisor_ransomware_attacks_increasing%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/AnzB1iJO-1uRALyVMHRwuJgiAZSXnY1VRTUZqERMN-o=435">
<span>
<strong>Researchers Spot 700% Increase in Hypervisor Ransomware Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers report a 700% increase in ransomware attacks targeting hypervisors like Hyper-V and VMWare ESXi, with groups such as Akira leading the trend. Hypervisors often lack endpoint-style protections and offer attackers a control point over numerous VMs simultaneously. Attacks abuse builtβin tools to encrypt VM storage and misuse management utilities to disable protections.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blumira.com%2Fsiem%3F%26mrls=Paid_Ads%26mrsp1=tldr%26mrsp2=siem%26utm_source=Paid_Ads%26utm_mediuum=tldr%26utm_campaign=siem/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/d2MOtf67Pbmk63GRmethAMP8KSle55ryN1x41cXnL7g=435">
<span>
<strong>SIEM pricing sucks. It doesn't have to (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
With Blumira, you get <strong>flat-rate, unlimited ingestion pricing</strong> based on employee count, not data volume. Whether your team generates 100GB or 10TB of logs, your price stays the same. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blumira.com%2Fsiem%3F%26mrls=Paid_Ads%26mrsp1=tldr%26mrsp2=siem%26utm_source=Paid_Ads%26utm_mediuum=tldr%26utm_campaign=siem/2/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/qVeYHlmvsM4BuRrC5UgJuRHy7_NhfxT9F7Lb1zNNrmo=435" rel="noopener noreferrer nofollow" target="_blank"><span>Get a demo</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffincen-says-ransomware-gangs-extorted-over-21b-from-2022-to-2024%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/qybr8BLNZCC11cxJ-2ORkofJ-CdVdkaTz3Yzva1tXSE=435">
<span>
<strong>FinCEN Says Ransomware Gangs Extorted Over $2.1B From 2022 to 2024 (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FinCEN reported $2.1 billion in ransomware payments across 4,194 incidents from 2022-2024, with 2024 showing a significant drop to $734 million following law enforcement disruptions of ALPHV/BlackCat and LockBit operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FwQdUX8/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/p8zd_2ggg1UVUZcmspejmjl3G3d7TfH_ESuZxBP6eI0=435">
<span>
<strong>Gemini Enterprise No-Click Flaw Exposes Sensitive Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google patched a Gemini Enterprise weakness that let attackers hide prompt-injection instructions inside shared Docs, Calendar events, or emails.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fus-posts-10-million-bounty-for-iranian-hackers%2F%3Futm_source=tldrinfosec/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/Qyd7QVIoIxQRHYuZ9qW3k9WSkfxaUCAGbCKDDQOdlEI=435">
<span>
<strong>US Posts $10 Million Bounty for Iranian Hackers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US is offering up to $10 million for information on two key figures in the Iranian state-linked hacking outfit now called Shahid Shushtari, previously known by several front-company names.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/elAzN7JkDIQ1FBrKTvE1Vp6wdXZIwTqROm6U8SY7Xb8=435" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/mi33oMa6mvA5WUWJ_GUfSmLyps506KG6h3XHSYZU1B8=435" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/louhe_B3yvRcybrLDnST99Z0JTtWUS6aWHGmejB_rsk=435"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/EhSmthk2vlP8ra0awhn8of7fNBbfhH_0JrcsfUYUG0k=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/07Wo_7uJkoWJvrZg1Q5iVFIT5Clw3qBRk5DeFhPvSJc=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/P5w9P1yDG6f-SQWhFgETc27DW6YtdPWQoXr1coPjf08=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/6nObf1YEOw9S6RL9gLaRc4cIu-oUFPO2cGH3bnAwlew=435"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/MgV6KOdWhbS8NX_jsd8O3l1kBss0fimSW-ztI1kw3nQ=435"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/rX5kVfMVeSE3amXK6FmRUMZQ94rKrKMtEu-1w8rAo0g=435"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/9oltpQaNEJNwX1CkjqexjpOZiEK8PQlfeN8hUZ59DCU=435">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=07394d90-d5b5-11f0-adcd-152ad07d91bf%26pt=campaign%26pv=4%26spa=1765375292%26t=1765375592%26s=241ad259bfa1c4bb159438423d51621eb694073f9e6d8f5cedf5abbd73e91395/1/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/bOfsOK7S1tOfd1VdX0W4tYMMinFSDRbYfdmOuorTBi0=435">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b0895c9b7-fc277ad1-3eea-437d-859d-12145c142479-000000/7DpUwYlPdHZYmthdgnLi31fdD6sxDC7eUc93KQKpf1Q=435" style="display: none; width: 1px; height: 1px;">
</body></html>