<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Gen Digital researchers have uncovered a new phishing campaign, which they dubbed GhostPairing, that abuses the device-linking feature of WhatsApp </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/6mdYp7ZBqaFW78YJ3T7hKQM13FUBj-gLv6D0SFCsMR4=436" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/EXxjm2Q1zyR2lVRapJ4y8EiZareClmGKnQZWVVWAUDc=436" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f1de4958-dc05-11f0-b3ab-edd59e463bfa%26pt=campaign%26t=1766067368%26s=5f85435b2a8ea45dedbc96e343fc662123f69eeb5ac7ffa895eff63554bb3dbc/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/TwREsmr1y1dNvRQ049lBTo6588doW8vpKqYN-RPUZCg=436"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2FAurora-Endpoint-Test-Drive-Experience.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/_NNh_L34pqkJKqsH977BgeuAoHDIF0YLps-A-VxAvx0=436"><img src="https://images.tldr.tech/arcticwolf.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Arctic Wolf"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-18</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2FAurora-Endpoint-Test-Drive-Experience.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/2/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/6sQZxoiV6DlE_KlZaOE4i1NeSefyi5j9cw5Ixm-Suus=436">
<span>
<strong>Forget the Powerpoint demo. Test your endpoint security against real malware (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most endpoint vendors expect you to trust their marketing. Arctic Wolf hands you real malware and says "go ahead."<p></p><p>The <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2FAurora-Endpoint-Test-Drive-Experience.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/3/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/CWaG8UIP6TekDsP-ypDSUCKr_VASA1Yx_0ikwd4tGYI=436" rel="noopener noreferrer nofollow" target="_blank"><span>Aurora Endpoint Experience</span></a> is a self-guided test drive in a safe cyber range. </p>
<p>You get a VM, the Aurora agent, and six use cases covering everything from zero-day prevention to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2FAurora-Endpoint-Test-Drive-Experience.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/4/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/Y4Nd5vQ50-NQcNO3CMscuCCIrlnHD_5FG_4s7p6Lw10=436" rel="noopener noreferrer nofollow" target="_blank"><span>threat hunting with advanced queries</span></a>. </p>
<p>Watch behavioral detections fire, see MITRE ATT&CK classifications populate, and trigger autonomous responses — all with the same console paying customers use.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2FAurora-Endpoint-Test-Drive-Experience.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/5/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/-QFpazgAJKoyfx6YjupOf5XnuKynPx9AMmbkuL4I6aM=436" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Test drive Aurora Endpoint Defense →</strong></span></a></p>
<p>±1 hour of your time. No hardware. No sales pitch.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farcticwolf.com%2Fresources%2Fblog%2Farctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/71jEl8XxxJ2-esPdnUa9yeJjyY95kTRWIx5fDBzTjHQ=436">
<span>
<strong>Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Arctic Wolf observed active exploitation of critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) starting December 12, just three days after Fortinet's disclosure. Attackers used crafted SAML messages to gain unauthenticated admin access to FortiGate devices with FortiCloud SSO enabled. Threat actors logged in via SSO from hosting provider IPs and immediately exfiltrated device configurations containing hashed credentials via the GUI. Organizations should promptly upgrade affected versions of FortiOS, FortiProxy, FortiWeb, and FortiSwitchManager, disable FortiCloud SSO as a workaround, reset all firewall credentials if compromise indicators are observed, and restrict management interface access to trusted internal networks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fauto-parts-giant-lkq-confirms-oracle-ebs-breach%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/EG7epEqKKCvYOgOtEwlavyhiRNykRjfLR_usTnaQEvg=436">
<span>
<strong>Auto Parts Giant LKQ Confirms Oracle EBS Breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Automotive parts supplier LKQ has confirmed it was hit in the Oracle E-Business Suite hacking campaign linked to the Cl0p ransomware group, exposing personal data, including SSNs and EINs, of over 9,000 sole proprietor suppliers. The company says the incident is limited to its Oracle EBS environment, though several terabytes of data were stolen, and notes it previously suffered a separate cyberattack affecting a Canadian business unit.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fwhatsapp-device-linking-abused-in-account-hijacking-attacks%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/ys1iNOhwYXhJc8hq-GZGk-9Ie0CUNT5pxeqqVIvt4Wk=436">
<span>
<strong>WhatsApp Device Linking Abused in Account Hijacking Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gen Digital researchers have uncovered a new phishing campaign, which they dubbed GhostPairing, that abuses the device-linking feature of WhatsApp to hijack accounts. The victims are contacted by a known contact that shares a link allegedly leading to an online photo of a victim, which leads to a fake Facebook site that requests the user to initiate a device-linking process to log in. Attackers can then use the victim's account to forward the initial lure and propagate.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.yossarian.net%2F2025%2F11%2F21%2FWe-should-all-be-using-dependency-cooldowns%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/PH2Qvu4Pukn6A7qRh25JW-75B2VJhVD2t0zAJDo_3g4=436">
<span>
<strong>We should all be using dependency cooldowns (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Analysis of recent supply chain attacks, including xz-utils, Ultralytics, tj-actions, and web3.js, revealed that most exploitation windows last only hours to days before detection and remediation. 8 out of 10 examined attacks had windows under one week. Implementing a 7-14 day dependency cooldown via Dependabot or Renovate would have prevented 80-90% of these attacks by simply waiting for compromised packages to be identified and removed before adoption. The technique is free, easy to configure, and among the most effective mitigations against mass-impact supply chain compromises.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fblog%2Fengineering%2Fmalicious-pull-requests%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/bvHdmyUto9OBudTyVhY1gBlUar7woPj87lVWXRAuypg=436">
<span>
<strong>Detecting malicious pull requests at scale with LLMs (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog's BewAIre is an LLM-powered system that reviews every pull request for malicious intent. Achieving over 99.3% accuracy and a 0.03% false positive rate after six months of tuning, the system addresses limitations of traditional static analysis by detecting intent-based attacks, such as credential exfiltration and obfuscated payloads, and by using recursive diff chunking to handle large PRs that attackers exploit to hide malicious code. Security teams can apply similar approaches by combining curated malicious datasets, prompt engineering with pattern exclusions, and adversarial red-teaming to build LLM-based detection that complements existing SAST/SCA tooling.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Fauthorizing-access-to-data-with-rag-implementations%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/H7TbaTh4jGbhI3zWoWz-HwVXfhdLnydKzfLmcvp9hrI=436">
<span>
<strong>Authorizing Access to Data With RAG Implementations (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Retrieval-Augmented Generation (RAG) is commonly used by organizations to augment an LLM's knowledge base with additional information, such as internal documentation. RAG poses authorization risks as the LLM performs the search, so any authorization checks at the data source are skipped. This tutorial shows how to use S3 Access Grants with Amazon Bedrock Knowledge Bases to add authorization checks to the RAG flow.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fbm-github%2Fowasp-social-osint-agent%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/VYxZ1MPlPirV5rbXfpqHa8tq9wHCTWvwFJ-XCDCSLkg=436">
<span>
<strong>OWASP Social OSINT Agent (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OWASP Social OSINT Agent is an agent designed for OSINT investigations that leverages both text and vision-capable LLMs via any OpenAI-compatible API to gather, analyze, and synthesize user activity across single or multiple social media accounts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdux.io%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/16VVwIXqAI0_hLapeHUwnQ_5v54HahOdle8auJtySas=436">
<span>
<strong>Dux (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dux is an agentic exposure management startup that uses AI workers to analyze enterprise environments, identify exploitable attack paths, validate existing controls, and recommend lightweight mitigations to prevent vulnerability exploitation across assets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fyaklang%2Fyaklang%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/CVoWSAlr_ufJC2vvTcAYJF1U3cb8BreAeUB70Goo8yw=436">
<span>
<strong>Yaklang (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
YAK is a large-scale cybersecurity technology stack built around a domain-specific language. It spans compiler technology, security infrastructure, vulnerability analysis, and many other areas.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2025%2F12%2Fmost-parked-domains-now-serving-malicious-content%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/0bx_HJkEwSBmY9o3x2_nU88X72EMshnceuaKZ3NcHc4=436">
<span>
<strong>Most Parked Domains Now Serving Malicious Content (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Infoblox research shows over 90% of parked domains now redirect visitors to scams, malware, or infostealers, up from less than 5% a decade ago. Malicious redirects target residential IPs, while VPN users see safe parking pages. One threat actor controls nearly 3,000 typosquatting domains targeting major sites such as Gmail, YouTube, Netflix, and government sites, hosting a mail server to capture misaddressed emails for business email attacks. Users should use bookmarks instead of typing to avoid typosquatting.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fradar-2025-year-in-review%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/yWjqXF1OhA4p3WaljW2ady6w6Bs-AHP3ORkFOBTVbsw=436">
<span>
<strong>The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks (47 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare recorded unprecedented DDoS attacks in 2025, with hyper-volumetric assaults reaching 31.4 Tbps and 14 Bpps. During this period, global Internet traffic increased by 19%, and AI crawler activity surged, with Googlebot accounting for 4.5% of HTML requests and user action crawling rising over 15 times. Adoption of post-quantum encryption nearly doubled, covering 52% of human-generated web traffic. An email security analysis revealed 5.6% of messages as malicious, mainly due to deceptive links. 174 major Internet outages were documented, with nearly half caused by government-enforced shutdowns. Security professionals should closely watch the expanding capacity for hyper-volumetric DDoS attacks, adopt post-quantum cryptography as it becomes widely used, and enhance email security measures against sophisticated impersonation and brand deception attacks enabled by AI-generated content.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F17%2Fmicrosoft_admits_that_message_queuing%2F%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/ARHl6vhwbIHaFPMOnVoH48JcBpihvjmNe5HOl6sLKGk=436">
<span>
<strong>Microsoft security updates breaks MSMQ on older Win systems (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft acknowledges that December 2025 security updates have broken Microsoft Message Queuing on some older Windows 10 and Windows Server systems, causing inactive queues. The root cause is tightened NTFS permissions on the MSMQ storage folder, which now block required write access for MSMQ users. Only older, mostly enterprise systems are affected. There is no proper fix beyond workarounds or uninstalling the update.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrufflesecurity.com%2Fblog%2Ftrufflehog-now-detects-jwts-with-public-key-signatures-and-verifies-them-for-liveness%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/TYnbtsh1xQzufnhZxM7foAGuCAij6SxmKReUM3so_DI=436">
<span>
<strong>TruffleHog now detects JWTs with public-key signatures and verifies them for liveness (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TruffleHog's new JWT detector identifies public-key-signed tokens and verifies liveness through local claim validation and OIDC Discovery.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fkimwolf-botnet-hijacks-18-million.html%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/4BFEf1gOlx86wdiH3MtarfixyQo7UyDAw6KL_y81TgE=436">
<span>
<strong>Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kimwolf is a large DDoS botnet that hijacked around 1.8 million Android TVs, TV boxes, and tablets worldwide to flood targets with traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4108158%2Fink-dragon-threat-group-targets-iis-servers-to-build-stealthy-global-network.html%3Futm_source=tldrinfosec/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/xpyp8Pb8LeeniPej1-rDl8VgTneItY79AllEbh1Z1xA=436">
<span>
<strong>'Ink Dragon' threat group targets IIS servers to build stealthy global network (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese-linked threat group Ink Dragon is compromising misconfigured IIS servers at government organizations in Europe, Asia, and South America to create a stealthy mesh relay network that obscures C2 traffic origins.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/rS71td1gtlWcOGlkTwzbJppP5Ki31vWkwn21PMp5aqY=436" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/AgsEWaF-7B3063Ib0xtFAvH48dxEoeHpe8aQvlfJQTM=436" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/CvpAECujFi74GW9WaKzqwKBJIDVWsZaEYfz9N-TwnMk=436"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/ByhFZLsVZ90r2cL75B4MwBn6d7LcOBRLNMrcuwSEEwE=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/rtXBVKKKiH7TkPJ7zl1gWa2zUDY7irw_z7Yc-UCUl8I=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/4DziTr8fO76Pb8pxwVcbXWzN05i0nWMpJzOIQixohUk=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/0Qev14zlNs6BMqZZMQVze0XP--EUUDHzT6HtO-cZJ5U=436"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/Huz3un0tGpofwrbdajPIsAvUnMc0MFPwPXoOMRwQAUc=436"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/i8s9D5mWefI1XYknHcrk-bg9DC7d86y2tIXd5aA469s=436"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/_MR_PaPeEw4RQ0TvPnF8OSUxmotUKj7ARifLk02euh4=436">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f1de4958-dc05-11f0-b3ab-edd59e463bfa%26pt=campaign%26pv=4%26spa=1766066569%26t=1766067368%26s=4528caba4e69ab0271942a14eda4e94c69306abb3a8c6ec54b89840188957083/1/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/ffmGS77qzH_jvdsI1egqc6Yz_6b0iYW7Ekn9hTiQwu8=436">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b31d1728c-37110ea5-0bf9-45a2-ac54-a26837024244-000000/nWnqruEXYba6EsCjDtpTK5GGbPnD-4tk0qN8HmHAHhc=436" style="display: none; width: 1px; height: 1px;">
</body></html>