<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body>
<div style="display: none; max-height: 0px; overflow: hidden;">France's postal service, La Poste, suffered a widespread DDoS attack that disabled all IT systems for over twelve hours </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/ZGyW6Yd-ZBtDGyByn5jbTVuavbRNpEPo_DAfODWf2tw=437" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/NfVtYRVwMXjelfrmKUy8X_yOQL37x2OuE6riSFArgM0=437" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=372e06e6-e08f-11f0-8536-67abb6bab823%26pt=campaign%26t=1766585165%26s=4a025d0fe1ad405205ffb9761be45c2c9024477d5812187d055a90526e94f748/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/0KJekRTS6zNEoF3aq8-76TGdflS1i_j_BiAq2khUvHk=437"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-24</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnissan-says-thousands-of-customers-exposed-in-red-hat-breach%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/rkbyRjztCTGQNDs80ga_sO9uZM90u_5OytRVEic0TOk=437">
<span>
<strong>Nissan Says Thousands of Customers Exposed in Red Hat Breach (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nissan has confirmed that data belonging to approximately 21k customers was breached via a data breach at Red Hat in September. The breached data includes full names, physical and email addresses, phone numbers, and sales data for some customers who purchased or received services at Nissan in Fukuoka, Japan.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4111141%2Ffrench-mail-brought-down-by-cyber-attack.html%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/wPs7M1FTlMbCx09O-OCUKjT92a9AQ7VebiasLMrqvFc=437">
<span>
<strong>French postal service brought down by cyber attack (1 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
France's postal service, La Poste, suffered a widespread DDoS attack that disabled all IT systems for over twelve hours, affecting the website, mobile app, Digiposte digital document service, and digital ID services. The attack also disrupted La Poste's banking subsidiary Banque Postale's online services, though over-the-counter operations and payment processing remained functional. The timing raised concerns about potential Christmas delivery disruptions, with no timeline provided for service restoration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2F3-5-million-affected-by-university-of-phoenix-data-breach%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/jTiY1WCU3Xg3TlW_W-x7gZZ3JX6rqZDmTVpnu39p4yo=437">
<span>
<strong>3.5 Million Affected by University of Phoenix Data Breach (3 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware-linked campaign exploited zero-day flaws in Oracle E-Business Suite to access University of Phoenix systems, leading to data theft affecting nearly 3.5 million people. Exposed data includes names, dates of birth, Social Security numbers, and bank account details, though no leak has yet appeared online.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.lum8rjack.com%2Fposts%2Fcaddy-c2%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/Cvckh6jI9N6hbBlbRWnl_FK9TsI8bdGLQFwI4T5veBY=437">
<span>
<strong>C2 Redirectors Made Easy (8 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Red teamers traditionally must manually configure C2 redirector proxy rules by reviewing profiles and adding User-Agent strings and HTTP endpoints to configuration files, requiring updates whenever the C2 profile changes. The author developed caddy-c2, a Caddy web server module that automatically parses Cobalt Strike profiles using goMalleable to extract User-Agents and URI paths, then dynamically routes legitimate C2 traffic without manual rule configuration. The module simplifies redirector deployment by eliminating the need to manually sync proxy configurations with C2 profile changes, though current support is limited to Cobalt Strike, with plans to expand to frameworks such as Mythic and Havoc.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkibty.town%2Fblog%2Fmintlify%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/6q6Ex1Bc1wWLq9dNf4XttZIaOKqIsyey9iJWQmU1y9Q=437">
<span>
<strong>How To Hack Discord, Vercel And More With One Easy Trick - Eva's Site (11 Minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mintlify lets customers write pages in MDX, but processes that content in a way that allows attackers to run arbitrary JavaScript on the server during build. This means an attacker can take over the build environment, poison cached pages, and inject malicious scripts into many companies' docs, including big names like Discord and Vercel. Because some docs were served from the same domain or path as real apps, those scripts could steal auth tokens or perform actions as logged-in users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fblog%2Fengineering%2Fsecurity%2Fmodernizing-linkedins-static-application-security-testing-capabilities%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/GoYE_jkOakyBKYK03EW2XCoNOGpoY3DhyWUw6RGRoAU=437">
<span>
<strong>Modernizing LinkedIn's Static Application Security Testing Capabilities to protect our members (10 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LinkedIn modernized its SAST pipeline by building custom GitHub Actions workflows using CodeQL and Semgrep that deviated from paved paths to accommodate complex internal build processes, implementing dynamic rule filtering, SARIF enrichment, and extensive metrics instrumentation across tens of thousands of repositories. The team deployed a "stub workflow" approach combined with a Drift Management System that daily checks repository compliance and automatically commits workflow files, ensuring consistent security coverage while allowing centralized updates without touching individual repos. LinkedIn implemented "blocking mode" enforcement via GitHub Repository Rulesets requiring SARIF submission and zero high-risk vulnerabilities before PR merges, protected by multi-level kill switches (organization/repo/language/tool/rule-specific) and fail-safe mechanisms that upload blank SARIFs to unblock developers during scanning failures while triggering oncall alerts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fhwbp%2FCLR-Unhook%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/_HrpSUMRfgU3rTBmQzs6hXUlQUyyIX_JnCnX59xkhzs=437">
<span>
<strong>CLR-Unhook (GitHub Repo)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CLR-Unhook is a native C++ utility that bypasses EDR/AV hooks in the .NET Common Language Runtime by restoring the original nLoadImage function implementation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmandiant%2Fgostringungarbler%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/ve6sINxwX0oGhTZbCBfwlYxtvxulMIK8nxu70MBqbno=437">
<span>
<strong>GoStringUngarbler (GitHub Repo)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant released GoStringUngarbler, a Python tool that deobfuscates strings in Go binaries protected by garble's literal transformation flag, supporting Windows PE and Linux ELF executables compiled with Garble v0.11.0-v0.13.0 and Go v1.21-v1.23. The tool identifies decrypting subroutines via regex pattern matching, emulates them using the Unicorn emulator to extract plaintext strings, and patches the binary by replacing obfuscation routines with stubs that directly reference the decrypted content. Security analysts can use this to accelerate malware analysis of garble-obfuscated Go samples, though it only works when garble's "-literals" flag was used during compilation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgambitcyber.org%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/W1a5rCFtnZs12EKrok_c-yaC2GKW3NRBuozqyKHcT6Q=437">
<span>
<strong>Gambit Cyber (Product Launch)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gambit Cyber provides an AI-native, risk-centric continuous threat exposure management platform called KnightGuard. It uses coordinated AI agents to help enterprises continuously identify, validate, prioritize, and remediate cyber risks across CTI, SecOps, and IT operations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2025%2F12%2F23%2Flibxml2-narrowly-avoids-becoming-unmaintained%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/qf3WahNvCELTMOPzrrN8VOP3DMfcaDzMXkn62L1ohb4=437">
<span>
<strong>Libxml2 Narrowly Avoids Becoming Unmaintained (4 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The libxml2 library temporarily lost its sole volunteer maintainer, Nick Wellnhofer, after years of unpaid security work, creating a critical risk for GNOME, web browsers, and countless projects depending on this XML/XSLT processing library. Wellnhofer experienced burnout from companies that sent security reports, expecting immediate CVE responses and patches, with no financial compensation beyond a single Google donation, while providing no code contributions or test cases. Two new maintainers have assumed responsibility, but the incident highlights the unsustainable model in which commercial software relies on unpaid volunteers to maintain critical infrastructure components.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpulse.latio.tech%2Fp%2Fthe-5-security-features-that-will%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/4O1P8Qqs2SLr-S386mPZnpe-tCymqOS_lmLZIQp90Ys=437">
<span>
<strong>The 5 Security Features That Will Lead in 2026, and 3 That Should (6 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security market analyst James Berthoty predicts that supply chain and AI tooling will dominate the market in 2026. Berthoty predicts that the following critical product capabilities will be essential: supply chain malware detection, AI vulnerability remediation and prioritization, AI visibility, guardrails, testing, AI based detections, and SOC augmenters. Teams should also have runtime function level reachability (ADR), developer endpoint security, and realtime AI threat modeling and design review on their radar.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F12%2F22%2Fopenai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/P7yMJwxG15wmffxeNX3dtSVz-cTwR8wzXdUnVRqd8Rw=437">
<span>
<strong>OpenAI says AI browsers may always be vulnerable to prompt injection attacks (5 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI acknowledges that prompt injection attacks in AI browsers like ChatGPT Atlas are a long-term, unsolved security risk, similar to social engineering on the web. The company is layering defenses, including an LLM-based automated attacker that repeatedly probes Atlas in simulation to discover new attack strategies, tighten protections, and enforce user confirmations. Experts still question whether the current agentic browser value justifies their elevated risk.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4111148%2Famazon-has-stopped-1800-job-applications-from-north-korean-agents.html%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/Be9ENHzuCiW-tp_X60zfhVj6h-20QhnRr5fwuoX4Tgk=437">
<span>
<strong>Amazon has stopped 1,800 job applications from North Korean agents (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Amazon blocked over 1,800 job applications from suspected North Korean agents since April 2024.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fannas-archive-pirate-spotify-songs-data-scrape%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/5KB_OTdnpg-pAZu6wwZfPaUIH_xZIfhHXv2CPPMbomo=437">
<span>
<strong>Pirate Group Anna's Archive Copies 256M Spotify Songs in Data Scrape (3 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pirate preservation group Anna's Archive scraped 256 million Spotify track records and 86 million audio files through unauthorised data collection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2025%2F12%2F23%2Fservicenow-to-acquire-cybersecurity-startup-armis-for-7-75b%2F%3Futm_source=tldrinfosec/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/5x__UYfbQu2CwRpmFuZlhoPzsKzlzgNWZPfTVxIDnwI=437">
<span>
<strong>ServiceNow to acquire cybersecurity startup Armis for $7.75B (1 minute read).</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ServiceNow is acquiring Armis, a nine-year-old cybersecurity company focused on securing critical infrastructure for Fortune 500s and governments, in an all-cash $7.75 billion deal.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/xAfaIAITb86bcj5nnf7Kb5-sk8CZax8mZ2CMqnLIkIg=437" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/sXp6PZ8klUzpTgPodiCCG9wjd5hW54TGbhUCB3pb6Ck=437" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/vgGwagCHj2GsFZHefPD_bnuEi_BmXwlLnBRSj2H5N7M=437"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/GAs9emyO5sp9z0t1BfKQowJryL2Z85ZxS-YFmCXgdbU=437" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/Uf_zdgbDbFFD_lUG1KqWRd5LZQPSQmQC_wg1S0yBADA=437" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a>
or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a>
and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/66QQYCdkeY2X1ZxbXNpn9FEFi3n2BCfW1tsRuEtBOvA=437" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br>
Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/uYhZm9pMJ35vjKHn28IpwxP0mBeAtVFn90hXpAD5AmI=437"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/zmXDLOxxof88pU0dfdBHIWz4Z5bJDO46rTEbQ36tvQU=437"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/R1U2EN_KxQy4yqjienFGxGvQqQYnPXIBiXWwQwFd_-Q=437"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
All TLDR newsletters except the original TLDR are on hiatus until the new year, happy holidays!<br><br><br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/YLbRDxZlrIrMxUS2F0Rl3FeJ9aKUMwd7szdP5QBSxYE=437">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming.
Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=372e06e6-e08f-11f0-8536-67abb6bab823%26pt=campaign%26pv=4%26spa=1766584859%26t=1766585165%26s=2772faa09066d25f8f8edc1c70c7ba4fc0294b81d056b6711c4071fd082682d9/1/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/vBbU-ok75eY_VtIEvynx4HZaECS3YkaQrwNd6mAYGcc=437">unsubscribe</a>.
<br>
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b50ae6638-f5e850bb-5e29-441f-95d1-2504a79bfea6-000000/F-F4sVk32jwf1Te_8TaotAnY8ZvR3FAfxvZtPlT02Zk=437" style="display: none; width: 1px; height: 1px;">
</body></html>