<!DOCTYPE html><html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html charset=UTF-8">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="x-apple-disable-message-reformatting">
<title>TLDR InfoSec</title>
<meta name="color-scheme" content="light dark">
<meta name="supported-color-schemes" content="light dark">
<style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style>
<!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]-->
</head>
<body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">An unsecured 16TB MongoDB database was discovered on November 23. The database contained 4.3 billion professional records </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document">
<tbody>
<tr>
<td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600">
<tbody>
<tr class="inner-body">
<td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr class="header">
<td bgcolor="" class="container">
<table width="100%">
<tbody>
<tr>
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/fmGLuDeznhf8Qr6ZWNahdY5avieoEVQ9Rmx2j0NqXn8=436" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/jfTQ-3X4dBQRldUL3XFgj9g3Kkz6M2p9Q-ndSOXFO0Y=436" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d766cd56-da71-11f0-b2a3-e78f9196acb0%26pt=campaign%26t=1765894053%26s=cd4129955c7450f9b501b3de01ed76241b7a007d5efba2c5f6369b871e9404e6/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/VekH0q_q49putUwpdmwLCkqQrF6H2vJAFvZiVLUQIo0=436"><span>View Online</span></a></span>
<br>
</span></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr id="together-with">
<td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/mvKZA85xAaPfM49JsYxGce5glmmQUNMr8FHCv0g6XBU=436"><img src="https://images.tldr.tech/threatlocker3.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="ThreatLocker"></a></td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-16</span></strong></h1>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr id="sponsy-copy">
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/2/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/wmPpEgsLXe0sgtzLbyJ12twbmZuZUFDoGRgrTzYnItA=436">
<span>
<strong>Special offer for TLDR readers: $200 off Zero Trust World 2026 with code ZTWTLDR26 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ThreatLocker's annual <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/3/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/0P9bqPJmycU1K9KNV9coYKAFad0wfrES2g6o8Noq55o=436" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a> is the most interactive, <strong>hands-on cybersecurity learning</strong> event. Join hacking labs, get Cyber Hero certified, and attend sessions with cybersecurity, IT, and business experts.
<p></p>
<p>👀 TLDR readers get <strong>$200 off all-access registration</strong>. That's <strong>33% less than the list price</strong>. </p>
<p>🎓 Registration includes all sessions and labs (including CPE eligible sessions!) </p>
<p>🍹At <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/4/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/_8xmvgi5nFH6Yy1Ojv53uFgiF_c0cv6muIHpyAmnmp0=436" rel="noopener noreferrer nofollow" target="_blank"><span>Zero Trust World</span></a>, all access really means all access, so meals and the afterparty are included with each pass. </p>
<p>Use code <strong>ZTWTLDR26</strong> for <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fztw.com%2F/5/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/vM5hU4upZspLwtfhJ7Z0i1hOaYzVyfnwTKnYfwmrHnM=436" rel="noopener noreferrer nofollow" target="_blank"><span>$200 off your all-access pass</span></a>
</p>
</span></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bgcolor="">
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F185661%2Fdata-breach%2Fexperts-found-an-unsecured-16tb-database-containing-4-3b-professional-records.html%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/9cvFr-cBEGYK2bA9nw8WUKiOemfIBeppFLdVnABezzE=436">
<span>
<strong>Experts found an unsecured 16TB database containing 4.3B professional records (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An unsecured 16TB MongoDB database was discovered on November 23. The database contained 4.3 billion professional records, including LinkedIn-like data such as names, emails, phone numbers, job roles, employers, work histories, and social media accounts. It was secured two days after discovery, but prior access remains unknown. This exposed data could facilitate large-scale AI-powered social engineering, phishing attacks, CEO fraud, and credential stuffing by enabling automated personalized messaging and profile enrichment when combined with other breach data. Security teams should urgently monitor threat intelligence, improve email security to prevent AI-driven phishing, and train users to recognize advanced social engineering that exploits professional profiles.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Ffake-osint-and-gpt-utility-github-repos.html%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/TGOEvCFprUZzomlhE-e2JcHQ3wJrEXgyv7Cc0KOvfnM=436">
<span>
<strong>Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A campaign attributed to likely Eastern European threat actors is distributing PyStoreRAT malware through GitHub repositories disguised as OSINT tools, GPT wrappers, and DeFi bots, using artificially inflated star counts and social media promotion to build credibility. The modular JavaScript-based RAT executes via mshta.exe, scans for cryptocurrency wallets, evades detection by CrowdStrike and Cybereason, and delivers the Rhadamanthys infostealer as a secondary payload. Security teams should audit dependencies from trending GitHub repositories, monitor for scheduled tasks masquerading as NVIDIA updates, and deploy endpoint detection and response solutions capable of identifying mshta.exe activity and JavaScript-based payloads to strengthen defenses against PyStoreRAT.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Ffeatured-chrome-browser-extension.html%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/aOAAhcyT90dxrkW-3GPuxmtpk3DpW_fu6CqXpjYOt8w=436">
<span>
<strong>Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A widely trusted Chrome and Edge extension, Urban VPN Proxy, was updated in 2025 to inject JavaScript that hooks network APIs, silently captures all AI chatbot prompts and responses, plus metadata, and then sends them to Urban VPN's analytics servers. The data is shared with parent company BIScience for commercial insights, despite “AI protection” marketing and a privacy policy that downplays risks. Security teams should review browser extension permissions, monitor network traffic for unusual API calls, and enforce policies restricting the installation of unverified extensions to prevent data exfiltration by malicious extensions such as Urban VPN Proxy.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fnew-advanced-phishing-kits-use-ai-and.html%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/PXQk--2QNOmonup4HZbgH5jBnhLZ69A__rGDnNaFrN0=436">
<span>
<strong>New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Four new phishing-as-a-service kits have emerged: BlackForce ($200-300, MFA bypass via Man-in-the-Browser attacks), GhostFrame (iframe-based evasion with 1M+ attacks), InboxPrime AI ($1,000 perpetual license with AI-generated emails mimicking Gmail behavior), and Spiderman (targeting European banks via Signal with OTP/PhotoTAN interception). These kits feature anti-analysis techniques, real-time credential exfiltration to Telegram, and spintax-based email variation to bypass signature detection. Organizations should implement phishing-resistant MFA, such as FIDO2, and monitor for the emerging Salty-Tycoon hybrid, which combines multiple kit techniques to evade detection rules.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.seqrite.com%2Fblog%2Foperation-moneymount-iso-deploying-phantom-stealer-via-iso-mounted-executables%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/IjsW_5usk7yuX32ItFYxFlYHwuacoEoNvbrcTZz77gs=436">
<span>
<strong>Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new group is running a phishing campaign that impersonates payment confirmations to trick finance-related staff into opening a ZIP file containing a malicious ISO image. Once mounted and executed, the ISO drops a multi-stage payload chain that ultimately runs Phantom Stealer, which uses DLL injection, anti-analysis checks, and steganography to load and hide its code. The stealer targets browser credentials, cookies, credit cards, crypto wallets, Discord tokens, clipboard data, keystrokes, and selected files, then exfiltrates everything via Telegram bots, Discord webhooks, or FTP.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fx90x90.dev%2Fposts%2Fstillepost%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/TOQURv4XqKGfcDX1wKwRBSFCBi4CBb0LxICgy6yYVic=436">
<span>
<strong>Stillepost- Or How to Proxy Your C2's HTTP Traffic Through Chromium (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chrome DevTools Protocol (CDP) allows tools to inspect, debug, instrument, and profile Chrome and other Chromium browsers. CDP provides a tempting target for C2 communication because the traffic can blend in with existing traffic and because browsers are usually already configured with appropriate proxy and firewall information. This post demonstrates a C2 implant that uses CDP to run in a headless browser and communicate with the C2 server via XHR requests driven by CDP JavaScript.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2Fai-driven-intrusions-gtg1002%3Futm_source=tldr%26utm_medium=email%26utm_campaign=webinar-promo/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/ZmRVfVizGTxnHyJ-fDOgImoUmePQSG5noT6D5BFhRvU=436">
<span>
<strong>🚨 The Future of Intrusions is AI: Lessons From Anthropic's GTG-1002 Campaign (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered attackers are already chaining recon, exploitation, and lateral movement autonomously, as shown in Anthropic's GTG-1002. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2Fai-driven-intrusions-gtg1002%3Futm_source=tldr%26utm_medium=email%26utm_campaign=webinar-promo/2/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/n3xxjRoSvG7ahusDjnEn82NE-AffQiQ85-5yzfbMlpg=436" rel="noopener noreferrer nofollow" target="_blank"><span>Watch XBOW's Nico Waisman and Albert Ziegler break down offensive AI</span></a>—and how the same agentic technology behind the #1 HackerOne AI can defend you. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxbow.com%2Fpentest%3Futm_source=tldr%26utm_medium=email%26utm_campaign=webinar-promo/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/D2LyHsuwDSuT0C-bT-QkIcIZyLaLFKMAiNMpvdmR-5E=436" rel="noopener noreferrer nofollow" target="_blank"><span>Try XBOW Lightspeed by Dec 26 with a money-back guarantee.</span></a>
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FBert-JanP%2FKustoHawk%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/kJLhNiPBy1y41Ueaq9Sqc4RLwRL20DUwVwSplP2cM-k=436">
<span>
<strong>KustoHawk (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KustoHawk is an incident triage and response tool for Microsoft Defender XDR and Sentinel. It collects indicators of compromise and shows device or account activities. Using Graph API, it runs hunting queries in the Resources folder.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fregscale.com%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/cAA1P9vzHMB-a8cvtI09hXDKVG_-ATRPGEvvO2C3NLU=436">
<span>
<strong>Regscale (Product launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RegScale provides an AI-powered Continuous Controls Monitoring platform that automates governance, risk, and compliance processes, replacing manual, document-based workflows with real-time, integrated, “compliance as code” across highly regulated environments.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fvolklocker-ransomware-exposed-by-hard.html%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/cm6iHJdLBwSvjn_txg5mPN5A9GbTk8lzwXWZGYLrvZU=436">
<span>
<strong>VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pro-Russian hacktivist group CyberVolk's new VolkLocker ransomware-as-a-service contains a critical implementation flaw that hard-codes AES-256 master keys in binaries and writes them to a plaintext file in the %TEMP% folder, enabling free decryption without paying the ransom. The Golang-based malware targets Windows and Linux systems, featuring privilege escalation, VM detection, shadow copy deletion, and a 48-hour enforcement timer that wipes user folders if payment isn't made. Victims should check for the system_backup.key file in their Temp directory before considering a ransom payment, as this oversight renders the $800-$2,200 RaaS offering ineffective for attackers.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F15%2Fjlr_payroll_data_stolen_in%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/giAXShPiho8KCAkS10FAs51Iefzb4HE3srCIChhAGrw=436">
<span>
<strong>JLR: Payroll data stolen in cybercrime that shook UK economy (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Jaguar Land Rover confirms that a cyberattack in August not only halted factory production, it also exposed payroll data for current and former staff, including bank details and tax information. The incident has driven reported sales losses of £1.5 billion, plus £196 million in related losses, and is estimated to have cost the broader UK economy up to £2.1 billion, with the Scattered Lapsus Hunters group blamed.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fthird-draftkings-hacker-pleads-guilty%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/8bdO9vCZ9_hDVHFsFkcmOsr37FTGl_JcG1tkHwhHIUU=436">
<span>
<strong>Third DraftKings Hacker Pleads Guilty (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nathan Austad, a 21-year-old from Minnesota known as “Snoopy,” admitted to helping run a credential stuffing scheme that compromised over 60,000 betting-site accounts, drained roughly $600,000 from about 1,600 victims, and sold access via online shops. He now faces up to five years in prison and is the third defendant tied to the DraftKings-related hacks.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/6EU6Fdraq248yNfhI5eSv95EkJZd7ZwlNOdGWbN4RBE=436">
<span>
<strong>Empower your team with comprehensive cybersecurity training from Infosec (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Get Infosec IQ security awareness training for your organization and receive 3 complimentary Infosec Skills seats—giving your technical staff access to hands-on cyber ranges and labs. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/2/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/bz36uSZx2CLjmMpF37zJPpd-A8ojMX_cIWfV5jpVawQ=436" rel="noopener noreferrer nofollow" target="_blank"><span>Limited time offer. </span></a>
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.troyhunt.com%2Fprocessing-630-million-more-pwned-passwords-courtesy-of-the-fbi%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/_fxdrkH7EcZaiHPNp48JPjg7vuiA-aXcERfBJcpRCfE=436">
<span>
<strong>Processing 630 Million More Pwned Passwords, Courtesy of the FBI (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Have I Been Pwned has added 630 million passwords from FBI-seized devices, including 46 million previously unseen credentials originating from dark web marketplaces, Telegram channels, and infostealer malware, to its free password-checking service, which now handles over 18 billion monthly queries.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fgadgets%2F2025%2F12%2Fgoogle-is-shutting-down-dark-web-reports-in-january-because-they-werent-helpful%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/94ya2DZjf0AIYIZojlZD7qfwUlZNVOiMQDEHRvz8tB0=436">
<span>
<strong>Google will end dark web reports that alerted users to leaked data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google is shutting down its dark web reports feature, which notified people when their personal data appeared on criminal marketplaces.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fhamas-hackers-ashtag-malware-diplomats%2F%3Futm_source=tldrinfosec/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/0IdnUFqYAQoZEBmQ9I1gphyXIlGoqFeap-pZ1jijVp4=436">
<span>
<strong>Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hamas-linked threat group Ashen Lepus (WIRTE) has expanded its espionage campaign to target diplomatic offices across the Middle East using new AshTag malware delivered via geopolitical-themed lure documents.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td>
</tr>
<tr>
<td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td>
</tr>
<tr>
<td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/HIN6LH3LaZu-E_vXHjkmAW51qnAxgw3nT07wIHyMSs0=436" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td>
</tr>
<tr></tr>
<tr>
<td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/p9xIPUOQMXxLl7-BQhF58PKjPt0b6PHBT8kyj89khK0=436" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/7f-ZRTrs83DKho3xMpkNren5W_qtVhJimlXOYYLubIo=436"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/Ki0wzQv9T9B-WwzdnJkMgMzAXZXozDTKnV8NG2JzniY=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/P1JpZlYRdcX85TBKk7vnjSt0OfdeEwi8ftHAfE0Y75Q=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/B78FAAFNQ1TDU5Agb2ur-EgutmbOtOP3DDV9WaBt6e8=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/C_LatCPSCEmhNvrrD3poTzULrbSdi6LSnB6J2CTZg4o=436"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/qfJcbJ_iklgCp-1NKHiKgGwYkjR5qt3gen1c2Z70KWM=436"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/F3EFsxxOLDJwsfz_rgsyI_MQvmr57QgndKybPXq3C3c=436"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/kNb-xfP-RN5iVkoj-2Ua__8KcLsqZmYqBDTxQkQSG-w=436">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d766cd56-da71-11f0-b2a3-e78f9196acb0%26pt=campaign%26pv=4%26spa=1765893754%26t=1765894053%26s=6f482f20d0d1231b3b65200ba0980df63398b94874fdfd98a6167bd8f604ba96/1/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/RWP6pVWpzJKQwGNxxuxG4I_bbs8B1kxTtWMaNxYW1PY=436">unsubscribe</a>.
<br>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b277cdcfb-03db1315-09fe-4db5-ad07-3d6743b35d70-000000/sK1am1Xl2G1ccPOhkmu1KqJCBW6F3yTnlsTXewl1QA0=436" style="display: none; width: 1px; height: 1px;">
</body></html>