<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">An exposed GitHub access token belonging to a Home Depot employee that granted access to hundreds of private source code repositories β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/ZLo6gMqPOWhMhWRWnIH6KXuBihRNx5sw2AaPDWXSEqo=435" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/URgIOCw7GL3Z3cjhjOjmXFnlKlFRCiy_y6-dyYk6XDA=435" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b6ffd32e-d9bc-11f0-8f98-21be076c8af3%26pt=campaign%26t=1765807683%26s=e4dfaeab4d776cba935ce7b3c961e89a3c568c4af6c4b337e79c4c47acda369f/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/G5eKFN0xNnPO7otq9WPfxSchOrzoTA5zucljCUo0CsI=435"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/yZQ8yhhn9I1FQXfxys3mEKED5aJPiei_nw0bPeAczT0=435"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-15</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/2/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/rmuB0XP0moT0QbZciwlKdgG-3Dy_vcNRDAvwfP4f01s=435">
<span>
<strong>HOW BAD ACTORS ARE USING AI: An analysis of 2.6M messages in underground sources (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Between January and May 2025, Flashpoint analysts tracked over 2.6 million AI-related posts across dark web marketplaces, Telegram groups, and underground LLM communities. <p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/3/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/jDO9FC8D2kU0W0kL05cefS-K8hPuU-xA208207ibaDo=435" rel="noopener noreferrer nofollow" target="_blank"><span>What they found</span></a>: jailbreak prompts, deepfake-as-a-service offerings, multilingual phishing kits, and custom language models fine-tuned for fraud. </p>
<p>Grab a copy of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/4/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/WzaBMwCKKMAY2dpCcqwp5sZIEOcMu9y8-A4rdLH7zfw=435" rel="noopener noreferrer nofollow" target="_blank"><span>AI and Threat Intelligence: The Defenders' Guide</span></a> to understand how your adversaries are making use of the latest AI has to offer, including:</p>
<p>β How threat actors use jailbroken models, deepfakes, and other AI tools</p>
<p>β How you can fight back with AI-enhanced workflows for faster detection and investigation, and which common mistakes you should avoid</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/5/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/phClPOEDhg5fatSibrAacz2B3rKmgx5sOb_UBAthEtU=435" rel="noopener noreferrer nofollow" target="_blank"><span>Get the free guide</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Ffieldtex-data-breach-impacts-238000%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/P9UHxNZ1NfPTtvCcz5trchsa-O9Ihpkx53Kp-oMamAg=435">
<span>
<strong>Fieldtex Data Breach Impacts 238,000 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fieldtex Products, a US medical supply and contract sewing provider, reported unauthorized access to its systems in mid-August that exposed protected health information for about 238K individuals, including names, addresses, dates of birth, insurance IDs, plan details, and gender. Akira ransomware has claimed responsibility, saying it stole over 14 GB of corporate, employee, customer, and financial data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F12%2F12%2Fdata-breach-at-credit-check-giant-700credit-affects-at-least-5-6-million%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/uh-kWp5bQCngeLiYucE7ccjHkwA1qMmlTVi8TsvP_ZU=435">
<span>
<strong>Data breach at credit check giant 700Credit affects at least 5.6 million (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A hacker accessed 700Credit's systems and stole personal data, including names, addresses, dates of birth, and Social Security numbers for at least 5.6 million people whose details were collected by US auto dealerships between May and October. The company is notifying victims by mail. Michigan's attorney general has urged affected individuals to use credit freezes or monitoring to reduce their risk of fraud.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F12%2F12%2Fhome-depot-exposed-access-to-internal-systems-for-a-year-says-researcher%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/27UPGCTCA8rVKHffiD8m6y9LSrnxqSnbnaCeh_clM60=435">
<span>
<strong>Home Depot exposed access to internal systems for a year, says researcher (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researcher Ben Zimmermann discovered an exposed GitHub access token belonging to a Home Depot employee that granted access to hundreds of private source code repositories, cloud infrastructure, and critical systems, including order fulfillment and inventory management, for approximately one year. Despite multiple attempts to privately disclose the issue via email and LinkedIn to Home Depot's CISO, Zimmermann received no response until TechCrunch contacted the company, highlighting the absence of a vulnerability disclosure or bug bounty program. Home Depot revoked the token's access following media outreach, but has not confirmed whether logging capabilities exist to determine if unauthorized parties accessed internal systems during the exposure period.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrigger.dev%2Fblog%2Fshai-hulud-postmortem%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/Edwwb5kfYV04sJlvclw1kyTgeeRlLnGw7KZL2QwHJk8=435">
<span>
<strong>How we got hit by Shai-Hulud: A complete post-mortem (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Shai-Hulud 2.0 is a malicious npm supply-chain worm that abuses install-time scripts to run hidden malware on developer machines, steal credentials with tools like TruffleHog, and then exfiltrate them to attacker-controlled GitHub repositories using obfuscation techniques such as multi-layer base64 encoding. With stolen tokens, it can mass-clone private code, attempt destructive git operations, and, if npm publish credentials exist, automatically republish trojanized versions of popular packages, rapidly propagating through the JavaScript ecosystem. Recommendations to prepare against it include disabling npm scripts by default, adopting pnpm's safer defaults and minimum package age, enforcing branch protection everywhere, and moving to short-lived CI-based publishing via OIDC to eliminate long-lived secrets on developer laptops.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgoogleprojectzero.blogspot.com%2F2025%2F12%2Fa-look-at-android-itw-dng-exploit.html%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/77SygD97dZBXZMvyryV3hi8Dd59N2vPC5S6DvRWm6KA=435">
<span>
<strong>A look at an Android ITW DNG exploit (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Project Zero analyzed in-the-wild DNG image exploits targeting Samsung's Quram image parsing library (CVE-2025-21042), discovered through suspicious files uploaded to VirusTotal that were distributed via WhatsApp and exploited Samsung's com.samsung.ipservice process when images were automatically scanned. The vulnerability allowed out-of-bounds writes through malformed DNG opcode parameters, which attackers leveraged to corrupt heap metadata, bypass ASLR through crafted MapTable operations that leaked library addresses, construct JOP chains, and ultimately achieve system() command execution to deploy spywareβall without control flow integrity mitigations like PAC/BTI present in the Quram library. Samsung silently patched the vulnerability in April by adding bounds checks to prevent plane index overflows. The case demonstrates how image format specifications provide powerful exploitation primitives that enable single-bug exploits to achieve interactionless remote code execution and access to all media store contents, capabilities that would likely have been prevented by MTE deployment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fniyikiza.com%2Fposts%2Fcapability-delegation%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/8TV1vlOok1gVfPswjLDmqrNsn_zTVm5HaI-DiHOuerI=435">
<span>
<strong>Capabilities Are the Only Way to Secure Agent Delegation (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Traditional IAM systems are inadequate for securing AI agent delegation because they verify identity rather than track authority derivation across dynamic task chains, creating the Confused Deputy problem where agents possess ambient permissions without understanding their origin or intended scope. Capability-based authorization systems address this by treating authority as cryptographically-signed tokens that are explicitly passed between agents, monotonically attenuated at each delegation hop, bound to holder keys for proof of possession, and automatically expire when tasks complete. This model prevents prompt injection attacks from escalating to data exfiltration by ensuring agents can only exercise the specific, constrained authority delegated to them rather than role-based permissions, making injection attempts succeed at the language layer but fail at the authorization layer.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fgigaom-radar-report-for-ptaas-2025%3Futm_campaign=28200064-GigaOm%2520Radar%2520Report%25202025%26utm_source=TLDR%26utm_medium=enewsletter/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/k90vnqhBPth8YuIzusQqfudm69sK-vxPy6j21N86CAE=435">
<span>
<strong>Who leads the PTaaS pack? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) evaluates the top 16 PTaaS vendors. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fgigaom-radar-report-for-ptaas-2025%3Futm_campaign=28200064-GigaOm%2520Radar%2520Report%25202025%26utm_source=TLDR%26utm_medium=enewsletter/2/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/sOgtRePKiPLIU6cFprstdMuE576gNVtiNt4B9GJx5EI=435" rel="noopener noreferrer nofollow" target="_blank"><span>Learn why Cobalt was named a Leader.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.lumia.security%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/CnzvvSICyqd_HS9nZBxoAwmc08fMNeshKxaXTge2EWs=435">
<span>
<strong>Lumia Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lumia Security provides a network-level security and governance platform that gives enterprises visibility and control over how employees and autonomous agents use AI tools. It understands AI interactions' intent and context, continuously evaluates risk, and enforces policies across thousands of AI applications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FBlackArch%2Fblackarch%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/5oixnq1B5HdDuogYA8tunlfVadVPTsMDYhXWgBDsswM=435">
<span>
<strong>BlackArch (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BlackArch Linux is an Arch Linuxβbased penetration testing distribution for penetration testers and security researchers. The repository contains 2,880 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fkali-linux-20254-released-with-3-new-tools-desktop-updates%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/L98eaK3oy29MxtvQ9g1u2Pij7KNY8YHJ29ZEMb1X3FA=435">
<span>
<strong>Kali Linux 2025.4 released with 3 new tools, desktop updates (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kali Linux 2025.4 introduces three new penetration testing tools (bpf-linker, evil-winrm-py, and hexstrike-ai) alongside major desktop environment upgrades, including GNOME 49 with complete transition to Wayland and removal of X11 support. The release includes expanded Kali NetHunter support for Android 15/16 devices with Wifipumpkin3 preview for rogue access point attacks, enhanced VM guest utilities support for VirtualBox, VMware, and QEMU, and distribution changes requiring BitTorrent for Live image downloads due to increased file sizes. Users can upgrade existing installations via apt commands or download fresh ISO images. The update focuses on improving both security testing capabilities and user experience across desktop environments.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F12%2Fnew_react_secretleak_bugs%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/-rpfd6YbGx7TzOYxsLXparPEfVB6fiAcEoGAvbJ78Ns=435">
<span>
<strong>New React vulns leak secrets, invite DoS attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
React Server Components has three new CVEs on top of the already exploited React2Shell bug that allow attackers to hang servers via crafted HTTP requests and, in some cases, expose hardcoded secrets. These affect multiple react-server-dom-* packages in versions 19.0.0β19.2.2, including prior βpatchedβ releases, so organizations are urged to update again and treat the situation with Log4Shell-level seriousness.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F12%2Fthe-us-digital-doxxing-of-h-1b-applicants-is-a-massive-privacy-misstep%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/2jHAtQ_ntC-xGywfD4Y9lySeTe9sQPHzV90njKDz4XA=435">
<span>
<strong>The US digital doxxing of H-1B applicants is a massive privacy misstep (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US State Department mandated that H-1B visa applicants and their H-4 dependents set all social media profiles to public starting December 15, ostensibly to screen for national security threats through βonline presence reviewsβ that assess hostility toward US institutions, effectively forcing digital exposure on over a million technology workers and their families. This policy creates severe security risks by providing foreign adversaries with free organizational intelligence on defense contractors, chip makers, and AI labs, exposing workers to spear-phishing, SIM swapping, recruitment exploitation, and extortion tactics while turning legitimate employees into attack vectors through publicly available personal data that can be scraped and weaponized for deepfake impersonations and social engineering. The mandatory public exposure normalizes government-mandated privacy erosion while ironically creating the intelligence security risks it aims to prevent, as sophisticated threat actors using fake accounts remain hidden while legitimate applicants become vulnerable targets with their professional affiliations, family connections, and personal vulnerabilities exposed to hostile nation-state surveillance operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FbTk2E9/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/N-WnIGZ2v4BrZ3lRBzuqZBMIhdG5qRkqlSJgmcTOsOs=435">
<span>
<strong>Key Barrier to Online Fraud Can Be Bypassed for Pennies (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from the University of Cambridge have determined that SMS numbers, which are commonly used by services to verify account activation and combat fraud, can be readily purchased, typically for less than 30 cents each. Costs varied by country, with the UK and Russia selling for 10 cents at the lower end, and Australia and Japan selling for $3-$5 at the higher end. The cost could also vary by service, with throwaway numbers for WhatsApp costing more than those for X.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0iItF7/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/VBWlWdE1SclLvH6eodU_7GHZOFc1_cuaqppmREzssHQ=435">
<span>
<strong>Small numbers of Notepad++ users reporting security woes (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Three organizations reported security incidents in which Notepad++ processes initiated access, allowing threat actors to gain hands-on keyboard activity and potentially exploit the application's update mechanism.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fcwygqqll9k2o%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/3BeX3p-Q0cdbEXHTgvO0pxJxShdfHhmXmeEUh3i6ejU=435">
<span>
<strong>Trains cancelled over fake bridge collapse image (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A suspected AI-generated image depicting damage to Carlisle Bridge in Lancaster caused Network Rail to halt 32 train services for safety inspections following a UK earthquake.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcoupang-data-breach-traced-to-ex-employee-who-retained-system-access%2F%3Futm_source=tldrinfosec/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/1vqMgXHJTNK2O4ITk6RvVWfbmO4q3R6SqhV1DKW0puo=435">
<span>
<strong>Coupang data breach traced to ex-employee who retained system access (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korea's largest retailer, Coupang, traced a 33.7 million customer data breach to a former employee who retained system access after leaving in 2024.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/l9KRwAXEJiCkizpQVdZ0F1GR7XkZPov4kHZkIRLhI1s=435" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/EGoJ4aa3_ezH7_F8xeFNqOP8Vw4eQ8PCSZdFdFCKFVY=435" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/1DcYWE5CEeS2YCpxph08XAjl4zY_MmnFCMT0BPZoJb4=435"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/FqsGpLE9SYkgqnPlaHU4ABSDvOUL3ihvBOJ8ZIt8iIo=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/DhPHgI6AcGwTqB2WiMO3VY6thsUw2L0iJq2gyCBrFxw=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/Gb0ZhpuGeFdcJd9RS-0FRjlEiwcWfs_6UI0TbvuvZlY=435" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/Uh3YCxUwrId8IsmyouLo6LlOaCzSuNSYlULBdtdysk0=435"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/fHevnmNCGJ-F2cvoqtXh00epKb1p03ViHSZkhVGeYRg=435"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/4zBDw6RU0pBSH2RXEKtdBRQp_lici7swQag3Q_2obLs=435"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/KhuUlAacpUkMXAT-9PcAv1B-zUWumS22FRAs_bKUAVA=435">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b6ffd32e-d9bc-11f0-8f98-21be076c8af3%26pt=campaign%26pv=4%26spa=1765807358%26t=1765807683%26s=8fab5febc3db70d04f2e0d50b42fcdc4e8e2152d9b9b00c76960b885295f76b8/1/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/9-sfMR6P-CX-XQemKG_dp1sEBOurgkj3SYAi4iHkMB0=435">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b2256f884-548e0b21-cce1-42f9-97e0-358616a65214-000000/t43nJSz6xWAs2ywUJ7xEeORO81mTMFxRrmuLEy-knSs=435" style="display: none; width: 1px; height: 1px;">
</body></html>