<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">PromptPwnd is a new vulnerability class that affects GitHub Actions and GitLab CI/CD pipelines that use AI agents like Gemini CLI β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/98YsuuVvthzp9xYeVPpRhC02D_SXuC_BNJEKAtXfVno=436" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/olLs9oP2ImhumViq7jCc7rpkUX2oXNBRZho6r4fBNxg=436" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a6ed8ed2-db46-11f0-8be4-6be4edaa5b9b%26pt=campaign%26t=1765980437%26s=e971307f0732c06dae56d341087769d83b69dd5c56c889ac2b55485360cb2cb5/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/I5Kt_HQHAotSA2DlbGHWiDoKKOnJ21Im-4di_bFMoH0=436"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fbriefs%2Fgartner-siem-critical-capabilities%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-primary/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/UxzA6j0PtLS2xabISHfHEr7y93mMOlz4KHDcEGAhuVY=436"><img src="https://images.tldr.tech/sumologic.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Sumo Logic"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fbriefs%2Fgartner-siem-critical-capabilities%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-primary/2/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/ABr9BIbhsj_FSLmUfeOq-KSrR0yJA_eQgkA4HjzSFyc=436">
<span>
<strong>Discipline, resilience, clarity: Sumo Logic wants to bring dojo thinking to the SOC (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Martial artists don't flail wildly, and neither should your security team. With agentic AI, automation, and industry-leading log analytics, Sumo Logic helps SecOps and DevSecOps teams act with fluid agility.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fblog%2Fwelcome-dojo-ai-agents-soc%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-primary/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/w7el47h7sIMbVyB_BXHbutAnPCDjDkGcwQYp4wadS6w=436" rel="noopener noreferrer nofollow" target="_blank"><span>>> Read about Dojo AI:</span></a> Sumo Logic's agentic security solution grounded in a philosophy of resilience.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Flp%2Faws-logs-security%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-primary/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/AmFtmT5qLw-wbR6JUaI9AlQvCWpmLEqWPe7glSUM-yc=436" rel="noopener noreferrer nofollow" target="_blank"><span>>> Sign up for a demo</span></a> to see the power of unified, AI-enabled log data - and get a free AWS / Sumo Logic stadium bag.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fbriefs%2Fgartner-siem-critical-capabilities%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-primary/3/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/-26ozfO4la-O9qfMFijM4n1qxlyP70wGOKX0bUCpN1Q=436" rel="noopener noreferrer nofollow" target="_blank"><span>>> Get a copy of the 2025 Gartner Critical Capabilities for SIEM report</span></a> to see how Gartner assessed Sumo Logic capabilities with high scores.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.aikido.dev%2Fblog%2Fpromptpwnd-github-actions-ai-agents%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/-ABS2yVMSd9a28ZGNjUuboJVqyybpQlXU2Ck8FUmF3k=436">
<span>
<strong>Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PromptPwnd is a new vulnerability class that affects GitHub Actions and GitLab CI/CD pipelines that use AI agents like Gemini CLI, Claude Code, and OpenAI Codex. In this vulnerability, untrusted user input from issues, pull requests, or commit messages is injected into prompts, leading to the execution of privileged tools. The attack allows secret exfiltration by tricking AI agents into leaking GITHUB_TOKEN or cloud credentials through shell commands such as gh issue edit. Google's Gemini CLI repository was confirmed vulnerable before the patch. To mitigate this, organizations should restrict AI toolsets, avoid injecting untrusted input into prompts, treat AI output as untrusted code, and limit GitHub token permissions by IP.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpornhub-extorted-after-hackers-steal-premium-member-activity-data%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/nrf77-r6Et2U7tzIeTTJ2ieZYgt_uomZc6PzuQUbl9Q=436">
<span>
<strong>PornHub Extorted After Hackers Steal Premium Member Activity data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ShinyHunters extortion gang is extorting the adult video platform PornHub after stealing over 200M records of personal information in the Mixpanel breach. The breached data includes email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred. PornHub stated that they have not worked with Mixpanel since 2021, so the stolen records are historical analytics data from 2021 or earlier.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2F700000-records-compromised-in-askul-ransomware-attack%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/CiEEHzLHsJW51zXgbYcHVa-GskoYBKOK4FPDpwMUH7U=436">
<span>
<strong>700,000 Records Compromised in Askul Ransomware Attack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Japanese e-commerce and logistics firm Askul suffered a ransomware attack by the RansomHouse group, which exfiltrated data and encrypted its systems, severely disrupting ordering, shipping, and automated logistics operations. Attackers used the compromised credentials to delete backups and deploy file-encrypting malware, exposing over 700,000 records across customers, partners, employees, and executives.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fa-browser-extension-risk-guide-after.html%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/abrHFt_yWZqdIMCTAeotpOxZi1AMR8bDpoHQGRmLzOE=436">
<span>
<strong>A Browser Extension Risk Guide After the ShadyPanda Campaign (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ShadyPanda campaign compromised popular Chrome and Edge extensions after seven years of building trust, affecting 4.3 million users, and installed full RCE frameworks that could steal session tokens and hijack SaaS accounts, bypassing MFA. The attack demonstrated that browser extensions represent a critical blind spot between endpoint and cloud security, with silent auto-updates enabling overnight weaponization. Organizations should implement extension allow lists, treat extension permissions as OAuth access grants, conduct regular permission audits, and monitor for behavioral changes that indicate compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fchasersystems.com%2Fblog%2Fwhat-data-do-coding-agents-send-and-where-to%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/Xo3T8S_TGxxFXJi172quQb64pJ9Ci6iWwCQgazzgRiQ=436">
<span>
<strong>What Data Do Coding Agents Send, and Where to? (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As AI coding agents become more common, security teams should understand what data these tools collect and where it goes. Chaser Systems created a test environment with seven coding agents, testing actions such as starting the agent, tab autocomplete, creating new features, committing and pushing to a git repository, running tests, and uploading data to 0x0.st. They also checked access to AWS credentials and files outside the project directory. The article describes the domains contacted, sample requests, and data transfer volumes during tests conducted with telemetry both disabled and enabled, including scenarios where telemetry is enabled, but FQDNs are blocked.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxmcyber.com%2Fblog%2Fjumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-34352-in-jumpcloud-agent%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/wf_WDd_FsUTL5HDtT7watg-aRuvLHSXd3-Iq-i04Vdo=436">
<span>
<strong>JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical flaw was found in the JumpCloud Remote Assist for Windows agent that lets any low-privileged user on a machine gain full SYSTEM-level control or crash the system entirely. The issue stems from the agent's uninstaller performing file creation, deletion, and execution in the user's %TEMP% directory, which an attacker can redirect using symbolic links and mount points to target protected system files. This enables both denial-of-service via driver corruption and full local privilege escalation through a race condition involving Windows Installer files, making rapid patching to version 0.317.0 or later essential for organizations using JumpCloud-managed Windows endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsublime.security%2Fevents%2Fcalendar-crashers-how-sublime-keeps-phish-off-your-schedule%2F%3Futm_source=tldr%26utm_medium=content-synd%26utm_campaign=webinar/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/PyLHc546PeR5S9fOjBmcJpsf1Tzsha4CYOcPPjNCUjM=436">
<span>
<strong>Don't get owned by calendar invites (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ICS phishing exploits the calendar integration capabilities of Microsoft 365 and Google Workspace to evade conventional email security. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsublime.security%2Fevents%2Fcalendar-crashers-how-sublime-keeps-phish-off-your-schedule%2F%3Futm_source=tldr%26utm_medium=content-synd%26utm_campaign=webinar/2/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/OjjB_mHzpnd8OFe-XOoMG5DqMguCVcOTojjSPvhTnqI=436" rel="noopener noreferrer nofollow" target="_blank"><span>This upcoming Sublime webinar</span></a> explores the vulnerabilities that make ICS phishing possible and demonstrates how Sublime Security's email security platform automatically detects and removes malicious calendar invites. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsublime.security%2Fevents%2Fcalendar-crashers-how-sublime-keeps-phish-off-your-schedule%2F%3Futm_source=tldr%26utm_medium=content-synd%26utm_campaign=webinar/3/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/zkvovL0j50fTW0T-yz1SV3CEWjralmYP8JoBwfjXVY0=436" rel="noopener noreferrer nofollow" target="_blank"><span>Register today</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftheori.io%2Fblog%2Fannouncing-xint-code%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/0wM21rQucAeZ-J67vX8jtgpYtRCO-PNp926n1IZWdG8=436">
<span>
<strong>Announcing Xint Code (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Theori's Xint Code, an AI-powered code analysis tool, discovered critical 0-day RCE vulnerabilities in Redis, PostgreSQL, and MariaDB with zero human intervention at ZeroDay Cloud, sweeping the database category and outperforming all human teams. The tool analyzes source code, configuration files, and binaries without packaging or harnessing requirements, producing actionable reports with dramatically fewer false positives than traditional static analysis while identifying vulnerabilities missed by humans for decades. Theori is seeking early partners to validate findings on real codebases before broader rollout.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fneilotoole%2Fsq%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/WUiLBvpgja-IVNf-_sgLrmexMkAU3QLfx_cC91YzlaE=436">
<span>
<strong>sq (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sq is a CLI that provides jq-style access to structured data sources such as SQL databases or document formats like CSV or Excel.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fecho-raises-35-million-in-series-a-funding%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/qAb0qynhZpkOkBWDgKmvlpr0F8lcEJ4HdDa5eN1yKis=436">
<span>
<strong>Echo (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Echo uses AI agents to create and maintain vulnerability-free Docker base images by stripping non-essential components, reducing attack surface, and continuously patching newly discovered flaws. These CVE-free images drop into existing workflows by changing a single Dockerfile line, instantly lowering container vulnerability counts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flyra.horse%2Fblog%2F2025%2F12%2Fsvg-clickjacking%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/ysboJtpArC6HaHPaxgu3ydogzaIy0qCPnGogNuzPTSI=436">
<span>
<strong>SVG Filters - Clickjacking 2.0 (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A novel clickjacking technique leverages SVG filters applied to cross-origin iframes to read pixel colors, hide or manipulate UI elements, and execute logic gates for complex multi-step attacks without JavaScript. The technique enables data exfiltration through fake captchas, dynamic attack overlays that respond to iframe state changes, and even QR code generation to encode stolen data for mobile exfiltration. Security teams should note that traditional X-Frame-Options and CSP frame-ancestors remain the primary defenses, as this attack only works against frameable pages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F16%2Fsoundcloud_cyberattack_data_leak%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/JmgHeLCT5KqACBZCsxn1OCEwUQjwEniPvtH5srZCHe0=436">
<span>
<strong>No, SoundCloud hasn't started tuning out VPNs. It's mopping up after a cyberattack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SoundCloud detected unauthorized access to an internal dashboard, triggering incident response and outside forensics support. Attackers accessed email addresses and public-profile data for roughly 20 percent of users, but no passwords or financial information. The company also faced web-only DDoS attacks, and later configuration changes accidentally disrupted some VPN users, sparking false rumors that SoundCloud was banning VPN access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2Ftr-santastealer-is-coming-to-town-a-new-ambitious-infostealer-advertised-on-underground-forums%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/SeZ6S2zufJTTNP89RWFvJLlStEv1qEThYhqab1M61g0=436">
<span>
<strong>SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SantaStealer is a new malware-as-a-service infoβstealer advertised in Telegram channels and forums that can exfiltrate documents, credentials, crypto wallets, and other sensitive data from numerous applications. It uses a modular, multi-threaded design that runs mostly in memory. The software gathers data from browsers, messaging apps, and gaming platforms, zips everything, splits it into 10 MB chunks, and sends it over unencrypted HTTP to attacker-controlled servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/LO-8tqehgy916pGr-dhKTmOzLGgsdEO_woqEAYej0Xg=436">
<span>
<strong>Empower your team with comprehensive cybersecurity training from Infosec (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Get Infosec IQ security awareness training for your organization and receive 3 complimentary Infosec Skills seatsβgiving your technical staff access to hands-on cyber ranges and labs. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/2/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/cheiy-nNWV26ORotjzafpks6O9xESvJrpy0Rm1MrJs0=436" rel="noopener noreferrer nofollow" target="_blank"><span>Limited time offer. </span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fcoupang-ceo-steps-down-data-breach%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/qgxSlKdMRRsMsCDatqSSjAsA30vHIJ6eENQ2IuV6Npc=436">
<span>
<strong>Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korean e-commerce giant Coupang's CEO resigned following a data breach that exposed 33.7 million customer accounts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Famazon-disrupts-russian-gru-hackers-attacking-edge-network-devices%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/PEZwR-6QO2aHOMfvhdRjbp9kaWhLfSEc2fcER5DZMfg=436">
<span>
<strong>Amazon disrupts Russian GRU hackers attacking edge network devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Amazon Threat Intelligence disrupted Russian GRU hackers (linked to Sandworm/APT44) who shifted from vulnerability exploitation to targeting misconfigured edge devices like routers and VPN gateways for credential theft against Western critical infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-to-block-exchange-online-access-for-outdated-mobile-devices%2F%3Futm_source=tldrinfosec/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/K5LpcyzHrd5BvIQcly3FHH-LCDZW-yQDzVcIjJMZ-IM=436">
<span>
<strong>Microsoft to block Exchange Online access for outdated mobile devices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft will block mobile devices running Exchange ActiveSync versions below 16.1 from connecting to Exchange Online starting March 1, 2026.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/625673VpP6ogjnxBPoqt3qBCPRT4GbuHXx-wtDrXmCc=436" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/fPhfJnUn4TWD4Wjlkk2qNQltsdDou6CrYFRyx0fE_vA=436" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/VOpAfSlSjR2njpNIQXKCrqiV4OcJSVceoRQuREvgtcI=436"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/CXzOfe1JQVCaiVgOgfNTMGF8A0vmIav94GQCId00zio=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/gbPonYwm_r0mTzbPVerzvqFMl98Up28_YzyGKVvFZ1Q=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/datgauTw6Qy2k0dMH-q9KWavNjaND5ovfYFDvVvykG8=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/3vcCHX6HCfk9Io0oRopfHaain-6jT4016q_o1cYj9wQ=436"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/yweDz8-2GMMmlmHQU9NP4yiAxDpb4pRVrHn0x3FX0CQ=436"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/MMhNyx6TTjcNEt4xqNdKhr3Jgcu1lpQF5_CXPmhvQY4=436"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/y52ln3PwE0GVOEy6K1Nrq3mPOyjjpEQTkWPRal960Dw=436">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a6ed8ed2-db46-11f0-8be4-6be4edaa5b9b%26pt=campaign%26pv=4%26spa=1765980137%26t=1765980437%26s=24785987d3cc0fa6b7125f2298a67e43af01fcfb2826ad0586fb2119b9d0b9d9/1/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/2ceH50RcV-03JZjtLQ_5PlkM7gnSfeIytKlvqS94YS8=436">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b2ca2fc6a-0b78756b-01d3-4274-9991-373e9576c8bf-000000/u0u0dVfa2i6W3WmfLRh9PhV-tQPGEcRi1aiR5ZaH1rc=436" style="display: none; width: 1px; height: 1px;">
</body></html>