<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Researchers from Riot Games discovered a UEFI flaw that could allow for Direct Memory Access capable devices to load before the operating system â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/TVTxXRxQ6ba_pFlT7mcjBS6Mojm69Hl9NdgsBHmLIaw=436" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/Z99fNIGSQOmmlC2Hb0z2lvETZaXLre5AXidXBwnprXg=436" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=bf84723e-df2f-11f0-b42b-113526ffe887%26pt=campaign%26t=1766413622%26s=2362258fc066fea6b45e30d9075e98af2e7efe3b341c4cfaac9f2d4f4653e70f/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/sWX2JcPR7ZZfyA4AzUeFAxJCKdMBJ55BYMxWGP87VOU=436"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-22</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">đ</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fcracked-software-and-youtube-videos.html%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/oIV6rnozWUiG7KY6z2iL41tZQQtM8OHxNKq6oVNhmPc=436">
<span>
<strong>Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CountLoader 3.2 and GachiLoader malware are spreading via cracked software sites and 100+ compromised YouTube videos (220K views from 39 accounts), deploying ACR Stealer and Rhadamanthys through multi-stage attacks. CountLoader uses trojanized Python interpreters that execute via mshta.exe, create persistence with fake Google scheduled tasks that run every 30 minutes, detect CrowdStrike Falcon to adapt its execution, and spread via USB drives. GachiLoader employs Node.js with novel Vectored Exception Handling PE injection techniques and kills SecHealthUI.exe to disable Windows Defender. Security teams should monitor for mshta.exe abuse, suspicious scheduled tasks that mimic legitimate software, WMI queries for AV detection, and modifications to system folders that exclude Defender, and implement application whitelisting to block execution of unauthorized Python interpreters and Node.js scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/htT8i8JsziXn3u2yK1yqpSS9nHCFSwF7zLJ4Oc2b0ic=436">
<span>
<strong>New UEFI Flaw Enables Pre-Boot Attacks From Gigabyte, MSI, ASUS, ASRock (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Riot Games discovered a UEFI flaw that could allow for Direct Memory Access (DMA) capable devices to load before the operating system. DMA allows for PCIe devices to read and write RAM without going through the CPU and relies upon IOMMU for protection. A physically present attacker would need to attach a rogue PCIe device before boot to exploit this vulnerability.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fwatchguard-warns-of-new-rce-flaw-in-firebox-firewalls-exploited-in-attacks%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/TtDAArczAoiPNtnm0sqJ9pNXPvha2FBTkx5DRU48Z-g=436">
<span>
<strong>New Critical WatchGuard Firebox Firewall Flaw Exploited in Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WatchGuard is warning users to patch a critical, actively exploited remote code execution vulnerability in its Firebox firewalls. The vulnerability is caused by an out-of-bounds write that allows unauthenticated attackers to execute remote code. Firebox firewalls are only vulnerable if they are configured to use IKEv2, or in some circumstances, even if the configuration was deleted.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">đ§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.evilsocket.net%2F2025%2F12%2F18%2FTP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/layGyCvyNXzg1JtvZtd33yG27T-84Xly-qXA8RsX4s0=436">
<span>
<strong>TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher documented AI-assisted firmware analysis of TP-Link Tapo C200 cameras using tools including Grok, GhidraMCP, and Claude Sonnet 4. They discovered hardcoded SSL private keys that enabled HTTPS traffic decryption, pre-authentication memory overflows, integer overflow crashes, and unauthenticated WiFi hijacking, affecting approximately 25,000 internet-exposed devices. The vulnerabilities enabled remote attackers to decrypt camera traffic, crash devices, force connections to malicious networks, and enumerate nearby WiFi BSSIDs for precise geolocation via Apple's location services API. TP-Link delayed patching beyond its 90-day commitment despite being a CVE Numbering Authority, raising concerns about vendor conflicts of interest when controlling their own vulnerability disclosure pipeline while marketing low CVE counts as a competitive advantage.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.fogsecurity.io%2Fblog%2Fmistrusted-advisor-public-s3-buckets%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/Zq2xHXhJ2dtv6SlIo0WeTHku_WR-ZzpcODybKhWT-p4=436">
<span>
<strong>Mistrusted Advisor: Evading Detection With Public S3 Buckets and Potential Data Exfiltration in AWS (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Fog Security discovered three methods to bypass AWS Trusted Advisor and expose S3 buckets without triggering alerts. The three methods are to create a bucket policy that denies s3:GetBucketPolicyStatus, s3:GetBucketPublicAccessBlock, and s3:GetBucketAcl. Fog Security coordinated disclosure with AWS, but noted that it took AWS two attempts to fix the vulnerability and felt that AWS's communication downplayed the severity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Ftransform%2Fhow-google-does-it-building-ai-agents-cybersecurity-defense%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/LUZKsZW-OjsGzPFkHWYJwy0MSqj2OTcPNjlTzV0BVPk=436">
<span>
<strong>How Google Does It: Building Agents for Cybersecurity and Defense (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When introducing agentic AI to its cybersecurity teams, Google began by building trust in generative AI by adding chat interfaces to existing tools. Google security then identified initial use cases for distillation and translation, focusing on bottlenecks that AI could alleviate. The team then established and monitored KPIs as they scaled their program.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">đ§âđģ</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fblog%2Fwelcome-dojo-ai-agents-soc%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-secondary/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/yJ2HeKM0jroIiU5cgNY0zHunRZ2RDGoMZvipPRnxcV8=436">
<span>
<strong>What happens when you approach InfoSec like a martial artist? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In a dojo, agents train to avoid wasted motion, to anticipate, and to endure. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fblog%2Fwelcome-dojo-ai-agents-soc%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-secondary/2/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/fh2aHF9JN7w7QEvCRCCX52-ATgi7d9q5OLUHS06UssE=436" rel="noopener noreferrer nofollow" target="_blank"><span>Sumo Logic</span></a> brings dojo thinking to the SOC. Automation delivers repeatable discipline, machine learning detects anomalies, and it's all orchestrated through natural language. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sumologic.com%2Fblog%2Fwelcome-dojo-ai-agents-soc%3Futm_medium=email%26utm_source=TLDR%26utm_term=cloud-siem%26utm_id=701VK00000KhKeHYAV%26utm_campaign=20251204-global-awsmp-TLDR-secondary/3/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/V9ppQepg62AEnkL3Z1-onYXQ__xqSCuI-IopT3yCl7A=436" rel="noopener noreferrer nofollow" target="_blank"><span>See how analysts can move with agility</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmullvad.net%2Fen%2Fblog%2Fannouncing-gotatun-the-future-of-wireguard-at-mullvad-vpn%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/i0SJEyVjGoxTRwfudcexJjKWKsSnxJ_Djt5TvNOp7wU=436">
<span>
<strong>Announcing GotaTun, the future of WireGuard at Mullvad VPN (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mullvad's GotaTun is a Rust-based WireGuard implementation forked from Cloudflare's BoringTun that replaces wireguard-go, eliminating 85% of Android app crashes attributed to the Go implementation's FFI complexity and opaque runtime debugging challenges. The Android rollout in November reduced the user-perceived crash rate from 0.40% to 0.01%, with zero GotaTun-originated crashes, while improving connection speeds and battery efficiency through safe multithreading and zero-copy memory strategies. Mullvad plans a third-party security audit in early 2026 before expanding the GotaTun deployment to desktop and iOS platforms, maintaining full WireGuard protocol compatibility while supporting privacy features, including DAITA and Multihop.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkanidm%2Fkanidm%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/PLpUva2PZ-xOsiENGk5QahyGVHNoANE_Ld0UZO3Nk-c=436">
<span>
<strong>Kanidm (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kanidm is a simple and secure identity management platform that provides a full identity provider, covering the broadest possible set of requirements and integrations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdedsec1121fk%2FDedSec%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/rTTHDNj_pu-Cjec_zOohcQSSfKMpztHpIyjcdG6aCaw=436">
<span>
<strong>DedSec (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The DedSec Project is a comprehensive cybersecurity toolkit designed for educational purposes. It provides 50+ powerful tools that cover everything from network security analysis to ethical hacking education. Everything is completely free and designed to help you shift from being a target to being a defender.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">đ</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2025%2F12%2Fdismantling-defenses-trump-2-0-cyber-year-in-review%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/M4cvI_OqZyphbNZPLX8lCqWPD0abA0UJgy5WbhnciCU=436">
<span>
<strong>Dismantling Defenses: Trump 2.0 Cyber Year in Review (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Trump administration systematically dismantled federal cybersecurity infrastructure: CISA lost 1/3 of its workforce and faces $491M budget cuts, the Cyber Safety Review Board was dissolved mid-investigation of Chinese telecom intrusions, and both NSA and Cyber Command have operated without leadership since April. DOGE accessed sensitive federal databases from SSA, DHS, OPM, and Treasury by circumventing security controls and audit mechanisms, with data exfiltration coinciding with Russian login attempts using valid DOGE credentials. Security professionals should prepare for degraded federal threat intelligence sharing after the elimination of CIPAC and MS-ISAC funding, reduced public-private coordination as agencies canceled meetings with infrastructure operators, and increased foreign intelligence recruitment of laid-off federal employees with security clearances.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2F2026-ndaa-cybersecurity-secure-phones-ai-training-cyber-troop-mental-health%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/nDnzFTTGtC9CwY8mMP5t0KR0yOY4mtEHPB06xtB4ne0=436">
<span>
<strong>Defense Bill Addresses Secure Phones, AI Training, Cyber Troops' Mental Health (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In addition to $901B in funding, the 2026 National Defense Authorization Act (NDAA) also includes a series of new cybersecurity policies. The NDAA includes a provision that secure phones provided to senior leaders meet a set of security requirements, such as data encryption. The act also includes increased mental health provisions and training initiatives around AI security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F19%2Fuk_foreign_office_hack%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/Le5k4Lj87eVabYXFoRvGhKXcYQauZt7940oiu8J2RbI=436">
<span>
<strong>Ministers confirm breach at UK Foreign Office but details remain murky (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UK ministers acknowledge a confirmed cyberattack on the Foreign Office, first reported by The Sun and widely linked in the media to Chinese state-backed hackers, though officials stress those claims are speculative. They say a technical flaw at one site was quickly closed and insist there is currently low risk to individuals, despite concerns about possible exposure of visa application data and growing warnings over China's broader cyber-espionage activity in Europe.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">âĄ</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkarpathy.bearblog.dev%2Fyear-in-review-2025%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/KCI0fNdwgmVY9yiVl44YoLeJAvLrWpFLBo6Tocq-Wc4=436">
<span>
<strong>2025 LLM Year in Review (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Six paradigm shifts occurred with LLMs during 2025.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDsoWhX/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/cAFA5rdSFEr7aGysglWJ1jRPyHiLAthyoMB8G64iuBM=436">
<span>
<strong>Ukrainian National Pleads Guilty to Conspiracy to Use Nefilim Ransomware to Attack Companies in the United States and Other Countries (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ukrainian national Artem Stryzhak pleaded guilty to conspiracy charges for deploying Nefilim ransomware against US companies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Funiversity-of-sydney-data-breach-affects-27000-individuals%2F%3Futm_source=tldrinfosec/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/uS-VWrkmMw2bhm2B9x3j4Fu_TD-_Cmj_658-DVHpzGk=436">
<span>
<strong>University of Sydney Data Breach Affects 27,000 Individuals (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers accessed an online code library at the University of Sydney that contained historical test data files.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/80qUrizEPmqXu7xYFBxrYY1qh0HBb5jFRL2b6BLa4lQ=436" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/255uaX52kHNwIOKbcTxA6QAWWGDu4en6JRnGXyQ9aPA=436" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? đ°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/iuZS0_R6DOcxcPPdaie3nRVUh2lsFvl0NKCUqA7U3sg=436"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? đŧ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/TvIeaXVOQu_hXFRUEDKOJGjBYZkoa6qHjuJqLyv21lQ=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/X4Fb0HGrfYC1jsEXqF-4dUR-R7WB-uA7lZZs92F5L60=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/H31BlVxlYclGXytysEACj2wjJ-52pRzyinalUL1gAXQ=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/VHXnPP-7lyiLDS0-NCI4rCM2_1BMhVbz68cUrgH8weY=436"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/WPnEzr-AUZ3-urVgJYCT3FlHgOIA8_ww_detDHe0KZE=436"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/MzQ6AmO3_4ydTJSr7QBkkXGkzVvmb_pSYLR2-TnqoFk=436"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/ytVq2Yn9Ed2B1KJj3gl71PrzwQYSuZJwfl_mvaeqyGI=436">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=bf84723e-df2f-11f0-b42b-113526ffe887%26pt=campaign%26pv=4%26spa=1766412126%26t=1766413622%26s=67ae46736e6b61578d5bd1cc5fc4fbf65d82e98857e5a1783d01ce0476c4c3e9/1/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/3LzWIZ0oWn0xE_81KuO057vesrtL_YzGiYa4ORLdKfE=436">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b4674ddc2-aebc580f-4c13-4ed7-83df-af580984be4f-000000/5w7mpSqLguaP2JA8SdxzMmNR77Ro5d4IvFnm84yZnX0=436" style="display: none; width: 1px; height: 1px;">
</body></html>