<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-25049 enables any authenticated n8n user with workflow-editing permissions to escape the JS sandbox via incomplete AST-based sanitization </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/wDwMpUSIyoSdWNZ-bhXrZuHWUn_dFR6jVqZOemxYm9o=443" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/qw-sL_ekTGHhX555I72cx1VgQVXTBzwmZ_FBoitXQhE=443" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f3ffb3c-032b-11f1-8201-953eae6206a5%26pt=campaign%26t=1770386800%26s=b461e01c3a1a7bc02fb44100bda706cad6dd1b8813369781ed43ae0263062381/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/TE_E-6cdUuGgERaqGp81du637cXPDlmUxArSVlRr_4o=443"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="mailto:itcurator@tldr.tech"><img src="https://images.tldr.tech/tldr50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="TLDR"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-06</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech.<p></p><p>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcritical-n8n-flaws-disclosed-along-with-public-exploits%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/pfNl5UVAyYnPAJ7GMiAA5u85BugMVZdF9nbvo52Njng=443">
<span>
<strong>Critical n8n flaws disclosed along with public exploits (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-25049 enables any authenticated n8n user with workflow-editing permissions to escape the JavaScript sandbox via incomplete AST-based sanitization, resulting in unrestricted RCE and access to all stored credentials, API keys, and connected cloud accounts. The flaws bypass the prior patch for CVE-2025-68613 via a type confusion vulnerability in property access key validation, with public PoC exploits now available and GreyNoise reporting 33,000+ probing requests against exposed n8n endpoints. Organizations should immediately update to n8n versions 2.5.2 or 1.123.17, rotate the N8N_ENCRYPTION_KEY and all stored credentials, and restrict workflow editing to trusted users only.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F187637%2Fsecurity%2Fcve-2025-22225-in-vmware-esxi-now-used-in-active-ransomware-attacks.html%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/CE9tmlT9Fxh4mV6hxYXV7I90pc_vj-eSk_nLtoSSusA=443">
<span>
<strong>CVE-2025-22225 in VMware ESXi now used in active ransomware attacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA confirmed that ransomware gangs are actively exploiting CVE-2025-22225 (CVSS 8.2), an arbitrary kernel write vulnerability in VMware ESXi that enables sandbox escape from the VMX process, now added to the KEV catalog as used in ransomware campaigns. Huntress attributed a related exploit chain to Chinese-speaking threat actors using the MAESTRO orchestrator toolkit, which chains CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 to achieve full VM escape and deploy the VSOCKpuppet backdoor for persistent hypervisor control. Organizations running unpatched ESXi should apply VMSA-2025-0004 immediately and audit for signs of unauthorized kernel driver loading or VSOCK-based lateral movement from guest VMs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F02%2F05%2Fdata-breach-at-govtech-giant-conduent-balloons-affecting-millions-more-americans%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/EMZWUsm5I4kKVIUD6KjT1Dkj5r9cymOXbMNMU2PUNxk=443">
<span>
<strong>Data breach at govtech giant Conduent balloons, affecting millions more Americans (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware attack on Conduent in January 2025 exposed highly sensitive data, including names, Social Security numbers, medical details, and insurance information, for tens of millions of Americans across multiple states. Conduent, which supports government healthcare programs for over 100 million people, is still tallying victims and slowly issuing breach notifications. It has offered few specifics about the incident's full scale.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ioactive.com%2Fauthentication-downgrade-attacks-deep-dive-into-mfa-bypass%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/BsePHH2XEznI35oDj0ydYEEoyFegvwEOsbsuTnUcHEI=443">
<span>
<strong>Authentication Downgrade Attacks: Deep Dive into MFA Bypass (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IOActive demonstrated an authentication downgrade attack using Cloudflare Workers as a transparent reverse proxy to intercept Microsoft Entra ID login flows, modifying the JSON configuration and injecting CSS to hide FIDO2/WebAuthn options and force victims to fall back to phishable MFA methods, such as push notifications. The technique leverages trusted CDN infrastructure with valid TLS certificates and zero forensic footprint, enabling session token capture (ESTSAUTH cookies) while authentication logs appear completely legitimate. Organizations with "mixed mode" MFA policies should enforce FIDO2-only Conditional Access rules without fallback methods and alert when users unexpectedly switch from hardware keys to weaker authentication factors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fclearbluejar.github.io%2Fposts%2Fhow-llms-feed-your-re-habit-following-the-uaf-trail-in-clfs%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/bMtpnWyRJ64qnIaudh5m_U9ykuhoImiXTywu_QCgVgA=443">
<span>
<strong>How LLMs Feed Your RE Habit: Following the Use-After-Free Trail in CLFS (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI tools helped a security researcher track down a serious memory bug in a Windows file system driver. By comparing an old and a new version of the driver, the author identified a risky change and then used timing tricks to trigger a bug in which freed memory is reused. Connected to Ghidra, LLMs explained confusing functions, named important structures, and highlighted where the bug lived, so the researcher could focus on logic instead of wading through code.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpitfallen.net%2Fblog%2Fhands-on-with-aws-bottlerocket%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/HfGxDwrs9iKYX3-9Xz02joz4Qyd4JDrBmZA-PDbLgcg=443">
<span>
<strong>Hands On with AWS Bottlerocket: Evaluating the Security of Amazon's Hardened OS (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS Bottlerocket is a hardened OS designed for running Kubernetes nodes that includes several layers of protection, such as a read-only root filesystem, an always-enabled, restrictive SELinux profile, no package managers, language interpreters, or command shells, as well as removing many other common privilege escalation tools. This article compares an Ubuntu node and a Bottlerocket node with three common container escape techniques and found that Bottlerocket prevented all three of them, while they all succeeded on the Ubuntu node.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2Fpost%2Fcasting-a-net-ty-for-bugs-and-catching-a-big-one-cve-2025-59419%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=2026Q1_newsletter_TLDRInfoSec%26utm_content=secondary_placement%26utm_term=blog_post/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/ifWIXphNDKkeuBhGYsaBIur2v3sZQsTLsBdUVjJzgXw=443">
<span>
<strong>Netty zero-day CVE: spoofed email that still passes all the checks (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Netty is everywhere in the Java ecosystem - used by Apple, Meta, and Google among many others. Read about a business logic flaw around SMTP that could enable attackers to bypass SPF, DKIM, and DMARC, and how <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=2026Q1_newsletter_TLDRInfoSec%26utm_content=secondary_placement%26utm_term=blog_post/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/2P61TVwdftGCQGBRAa70QrJjAVOQzqlbx6wQaZu8HIc=443" rel="noopener noreferrer nofollow" target="_blank"><span>depthfirst's security AI agent</span></a> flagged the issue and generated a patch. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2Fpost%2Fcasting-a-net-ty-for-bugs-and-catching-a-big-one-cve-2025-59419%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=2026Q1_newsletter_TLDRInfoSec%26utm_content=secondary_placement%26utm_term=blog_post/2/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/HbRjDtYgqEZhTwHjYEiYep8vDzUIuCOMjJHCV0B3-U0=443" rel="noopener noreferrer nofollow" target="_blank"><span>Read the blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fheilancoos%2Fk8s-custom-detections%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/zto4G2dAv3MhVDhihJa386s6xd4pQtSfJNkgIMpPuM4=443">
<span>
<strong>k8s-custom-detections (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
k8s-custom-detections provides a curated collection of Falco detection rules, audit policies, and reproducible attack scripts for identifying real-world Kubernetes attack techniques, including RBAC abuse, service account token theft, CoreDNS manipulation, etcd unauthorized access, and certificate forgery. The repository includes ready-to-deploy lab setup scripts for Ubuntu 24.04 with Helm-based Falco integration and individual test scenarios that simulate attacker behavior against each detection category. Useful for security teams building Kubernetes runtime detection capabilities or validating existing monitoring coverage against common cluster compromise techniques.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSHAdd0WTAka%2FZen-Ai-Pentest%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/L5fh3-18qFpFAO702AyjeoBvTdaM2m9a9ExSFBaNoSA=443">
<span>
<strong>Zen AI Pentest (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.nullify.ai%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/AGSiRmoSHHrf3sXEMEWsnwkM5ugm13HiciiCkmBdYpg=443">
<span>
<strong>Nullify (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nullify offers an AI workforce for product security that autonomously detects, triages, validates, prioritizes, and remediates vulnerabilities in codebases and cloud environments. It integrates with tools like Jira, generates exploit proofs, and automates issue fixes via merge-ready PRs, replacing manual security engineering.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4127554%2Fthreat-actors-hijack-web-traffic-after-exploiting-react2shell-vulnerability-report.html%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/18FU-h7TF8AW6Wjx1rQCVIoHZYAZ7TrErwx8o0vazyI=443">
<span>
<strong>Threat actors hijack web traffic after exploiting React2Shell vulnerability (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog Security Labs observed threat actors exploiting the React2Shell vulnerability (CVE-2025-55182) in React 19 server components to pivot into NGINX web servers managed via Boato Panel, deploying automated toolkits that modify configuration files to hijack web traffic. Targets predominantly include Asian organizations across .in, .id, .gov, and .edu domains, with attackers using compromised servers for traffic fingerprinting, malware delivery, and credential phishing via redirect pages. Defenders should monitor NGINX configuration file integrity, ensure React server components are patched, and audit web server access controls to detect unauthorized configuration changes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4127733%2F1-5-million-ai-agents-are-at-risk-of-going-rogue.html%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/0TU0n604JgXOjZJ3QhY_B-1ntnSAKSmnZ4VtSOHupK0=443">
<span>
<strong>1.5 million AI agents are at risk of going rogue (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A survey of 750 IT executives found that 53% of the estimated three million AI agents deployed across US and UK enterprises are not actively monitored or secured. 88% of respondents reported suspected agent-related security or data privacy incidents in the past 12 months. Researchers warned that overprivileged agents operating with broad credentials and persistent access represent a new insider threat vector, with many organizations unable to even inventory how many agents they have running. Security teams should implement continuous runtime oversight, tiered access controls for AI agents, and agent discovery capabilities to address governance gaps outpacing deployment velocity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBv9R52/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/e8zp9i-rLBY3ztLmFBAVbUeeK3b8USFFsp8P4VopXrM=443">
<span>
<strong>Senator Presses AI Toy Company on Child Data Privacy (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Senator Maggie Hassan has shared a letter with bondu, a company that makes AI conversational toys for children, about their data privacy practices. This inquiry comes in the wake of a finding by security researchers that bondu accidentally exposed chat transcripts and personal data through a publicly accessible portal. Hassan's letter specifically asks bondu who has access to the portal, what steps have been taken to prevent future incidents, and whether AI coding practices were used to develop the portal.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7Ia2eX/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/dKXpO2eKFWa_ubfmSRuWIV07E3lO6h28o1TmksGhtbw=443">
<span>
<strong>Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A nation-state group tracked as TGR-STA-1030 has breached at least 70 organizations in 37 countries, targeting parliaments, telecoms, law enforcement, and critical infrastructure for espionage.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fspains-ministry-of-science-shuts-down-systems-after-breach-claims%2F%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/Brs-H9P1QeBl8_R2maQ3NrjPId8gR7EFo2hh4LXC5yY=443">
<span>
<strong>Spain's Ministry of Science shuts down systems after breach claims (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spain's Ministry of Science partially shut down its IT systems after a threat actor claimed to have exploited a critical IDOR vulnerability to obtain admin-level access and exfiltrate sensitive personal records, passport scans, and financial data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Ftech%2F874255%2Fsubstack-data-breach-user-emails-phone-numbers%3Futm_source=tldrinfosec/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/EkgaR5smxi0pKGUD-A1CdQFl-QASo7kCCxyCJyoMufk=443">
<span>
<strong>Substack data breach exposed users' emails and phone numbers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Substack disclosed that a hacker accessed its internal systems in October 2025, exposing user email addresses, phone numbers, and metadata, though passwords and payment data were not compromised.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/FK8sN6NUKOnNQA899_KmZJNnqrHUlNNXI7Hy_UoQdks=443" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/XMtAa3hGtmBIsG2kKtKY6iQ4AfccdT8_OoJMWmyfMtc=443" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/1SszX7WJrRSM7WTafgCLuxXVgPWCP56nkik_SZ4lpIo=443"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/yLeIOoFwx6hXWhRvgzf5BPKmLm09tMn8BdsQXLLQnZ4=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/s_jUKgvV47rb0c94KwsOL8ktpCuo9GnCCzRST77PIyU=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/7e0Oo3qhBN9svl6qHCxNDhciTZVVSHN5DGCAhE1iiPA=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/4jCYPtSRikpSDn1abnPzZwVKd3swCwejqaEkWgN2V-g=443"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/y9g3F96NQ6dyIC3ys6V3XCy_9ymqR8R9nPGjAQqYb6M=443"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/wobp35j-6tjMQ_MiTQacHA8DbvnTczUDXLBrNFOfcYY=443"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/Vd4_2SeaW3zQ79HjT26I7umnMc8B-byt7eKl9lCYA44=443">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f3ffb3c-032b-11f1-8201-953eae6206a5%26pt=campaign%26pv=4%26spa=1770386487%26t=1770386800%26s=6f68845d855325ba7c72b753878a956d4a9d9891fcb2246e01babb60e98f9ebe/1/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/bfudWOhFo9QuLjK2c3YZfjcoBt0sqxXq3EJ4N_uNrFM=443">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c3346bf0a-858beb61-cd1f-4096-a333-6e8c7a440716-000000/mqNN6S6p7dTfInlpp42nO13PmKVgBTUK8egHRjV7jIY=443" style="display: none; width: 1px; height: 1px;">
</body></html>