<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">There is a malware campaign that uses Meta ads offering a free version of the TradingView Premium app to spread the Brokewell malware for Android </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/4oRlNfE5c_zvaGTj6qFB_Drgj2RdXtID7rh21wWHxNM=420" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/OP2wAyjZf92p7Nfh7RBouO65zaej2O4f17xGfo2d5H8=420" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4b785c98-8728-11f0-bcd6-0b9e3a26b718%26pt=campaign%26t=1756733525%26s=126a688112b86dfa17a76173064f218935b5606ae19a87153e95cb771ca8c09f/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/lTNrA9Vm_Pr8AjPlZBm90gfGO6b1OsgXQ5yh7FaiQ7U=420"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexplore.dnsfilter.com%2Finteractive-demo%3Futm_source=tldr-newsletter%26utm_medium=paid-dedicated-email%26utm_campaign=DNSF_CT_September-2025_Paid-Newsletter-TLDR/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/D6680HefjrYOYTOsLrWSdIOoDU7V8aXrJIfA6Xx18S4=420"><img src="https://images.tldr.tech/beechstreet.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Beech Street Digital"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexplore.dnsfilter.com%2Finteractive-demo%3Futm_source=tldr-newsletter%26utm_medium=paid-dedicated-email%26utm_campaign=DNSF_CT_September-2025_Paid-Newsletter-TLDR/2/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/GjfO8vPGXjkL26MsiHixHM1uJLLgUDDHR6gEcyu106w=420">
<span>
<strong>This AI-powered DNS filtering service blocks 200 million threats <em>daily</em>. See how (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexplore.dnsfilter.com%2Finteractive-demo%3Futm_source=tldr-newsletter%26utm_medium=paid-dedicated-email%26utm_campaign=DNSF_CT_September-2025_Paid-Newsletter-TLDR/3/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/FKqyLw_-wV0O2vsAxpGNE3GQWC2GTAwm8NQUSJ50clQ=420" rel="noopener noreferrer nofollow" target="_blank"><span>DNSFilter</span></a> protects more than 43,000 organizations worldwide by blocking 200 million threats every day - like malware, phishing, and botnets - before they hit.
<p></p>
<p>Try the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexplore.dnsfilter.com%2Finteractive-demo%3Futm_source=tldr-newsletter%26utm_medium=paid-dedicated-email%26utm_campaign=DNSF_CT_September-2025_Paid-Newsletter-TLDR/4/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/lmpJiUnvAzW7-AC6AmxSi7tlqWqaKyAv8SLWyx7FBUM=420" rel="noopener noreferrer nofollow" target="_blank"><span>interactive demo</span></a> to see how easy it is to:</p>
<p>🛡️ Build threat-blocking policies in real-time</p>
<p>✋ Block unwanted content from your company network</p>
<p>⚡ Deploy protection in minutes</p>
<p>🎯 Use AI to identify threats 10 days before traditional tools</p>
<p>See why MSPs and enterprises are ditching legacy tools for DNS-layer protection that actually works.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexplore.dnsfilter.com%2Finteractive-demo%3Futm_source=tldr-newsletter%26utm_medium=paid-dedicated-email%26utm_campaign=DNSF_CT_September-2025_Paid-Newsletter-TLDR/5/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/T4ojBncVU9xbI7Aqx49cU_hc6TzEAt6C-I1qdiit9LA=420" rel="noopener noreferrer nofollow" target="_blank"><span>Play with the interactive demo (no sales call required)</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F08%2Fwhatsapp-issues-emergency-update-for.html%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/u_-BIRxi2TRiwTzGKDYhrwbRbA3X_iHeR4k_Cq0Qzhw=420">
<span>
<strong>WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WhatsApp has released an emergency security update to patch a critical zero-click exploit that allows attackers to remotely compromise iOS and macOS devices without any user interaction. The vulnerability affects WhatsApp's voice calling feature, allowing attackers to execute malicious code by simply initiating a call, even if the target doesn't answer. Users are strongly urged to update their WhatsApp applications immediately to protect against potential attacks exploiting this serious security flaw.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F08%2Fattackers-abuse-velociraptor-forensic.html%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/T8fYXjxzWPNeYo587q5um9q3nznD2dwU-E9msDpL23w=420">
<span>
<strong>Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors are using the Velociraptor forensic tool to deploy Visual Studio Code for command and control tunneling. The attackers are exploiting Velociraptor's endpoint monitoring to download and run Visual Studio Code, likely to establish persistent backdoor access. This follows the trend of cybercriminals exploiting trusted tools to evade detection and maintain covert channels.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fbrokewell-android-malware-delivered-through-fake-tradingview-ads%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/trfSVX1nyPwjx4-UE39LSysWg8FxV1JwQE3zxmMu2ww=420">
<span>
<strong>Brokewell Android Malware Delivered Through Fake TradingView Ads (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
There is a malware campaign that uses Meta ads offering a free version of the TradingView Premium app to spread the Brokewell malware for Android. The malicious ads direct users to a webpage that mimics TradingView's site and prompts users to download an APK file, which installs the Brokewell malware. The malware scans for crypto wallets and bank accounts, steals 2FA codes, steals accounts by overlaying fake login screens, records screens and keystrokes, steals cookies, activates the camera and microphone, tracks the device location, hijacks the default SMS apps, and provides remote control capability.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ftamperedchef-infostealer-delivered-through-fraudulent-pdf-editor%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/IFfog7ESMIVduyeDdlaO-mabcbf1z2FiCE5IR2a9pOE=420">
<span>
<strong>TamperedChef infostealer delivered through fraudulent PDF Editor (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The TamperedChef infostealer malware is being distributed through fake PDF editing applications promoted via Google ads across multiple malicious websites. The fraudulent PDF editor appears legitimate but secretly installs the TamperedChef malware designed to steal sensitive information from infected systems. This campaign demonstrates how cybercriminals continue to exploit trusted advertising platforms and standard software to deliver malware to unsuspecting users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurelist.com%2Fmacos-security-and-typical-attacks%2F117367%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/9W-XcMg-wSv_EFumt7jWatcMxWw3gA6xMtByICGDjI8=420">
<span>
<strong>macOS security and typical attacks (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post analyzes how attackers bypass macOS' built-in security mechanisms, including Keychain, SIP, TCC, File Quarantine, and Gatekeeper, through techniques such as TCC Clickjacking, quarantine attribute removal, and social engineering attacks that require context menu execution. The analysis provides detection rules in Sigma format to identify malicious activities, such as keychain dumping, SIP status discovery, quarantine removal, and Gatekeeper disabling, through command-line utilities. Organizations should implement third-party EDR solutions in conjunction with native macOS protections, as attackers continue to adapt and circumvent Apple's security frameworks through techniques such as privilege escalation and user manipulation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmedium.com%2Fmaverislabs%2Fhunting-malicious-shortcut-lnk-files-using-the-virustotal-api-970d3799d5a5%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/C6CkZaIGl6J1U7rzbrc4FlSJY0vvD9mcMs4XqL8W340=420">
<span>
<strong>Hunting Malicious Shortcut (.LNK) Files Using the VirusTotal API (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers frequently utilize shortcut files as an initial access vector, as they can obscure malicious commands from a user. In this post, the author compiled a corpus of 614 malicious LNK files using the VirusTotal API and employed frequency analysis to extract common command-line arguments from malicious shortcuts that execute PowerShell or CMD. The author then utilized KQL to construct threat hunting queries that search for malicious LNK files using this corpus of data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fautomating-compliance-mitigates-risk%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250901/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/3-GXa4whNVWDovWYAkDONZbXNDmwsP6chtUMnnno9sk=420">
<span>
<strong>Infographic: The Impact of Compliance Automation on Risk (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Almost anything worth doing creates some level of risk. But without mapping or monitoring, your company security posture is constantly under pressure. Grab this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fautomating-compliance-mitigates-risk%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250901/2/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/yVjLSXZH3IEwaNZPNCxmA8RmxJ6Tzlqjh3TkUlQQzhk=420" rel="noopener noreferrer nofollow" target="_blank"><span>OneTrust infographic</span></a> for a quick overview of the gap between regulations and resourcing, and how you can mitigate risk with compliance automation. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fautomating-compliance-mitigates-risk%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250901/3/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/h1hzEMXWJYDKMIHZHvM01wM9zul0FbPkVkFu05nlb7E=420" rel="noopener noreferrer nofollow" target="_blank"><span>Download →</span></a>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSenSecurity%2FFounding%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/CL4xGh02Qrw9IpSgWb3XtYrJh70Nf9sjuiXJUcnkCGw=420">
<span>
<strong>Founding (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Founding is a tool that processes shellcode in .bin, .exe, or .dll formats, applying advanced obfuscation or encryption techniques to generate stealthy binaries with sophisticated execution methods.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSpecterOps%2FJamfHound%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/0IYdeOt7AavLeNPAaEi73fNPK3LqZxVJm1RDAorj4co=420">
<span>
<strong>JamfHound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JamfHound is a Python 3 project designed to collect and identify attack paths in Jamf Pro and import them as JSON object files into BloodHound.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fstripe%2Fft3%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/bGBImn5zM3lffgdr1icH-_d0V5rcKPJHZXLdtC_jhKg=420">
<span>
<strong>FT3: Fraud Tools, Tactics, and Techniques (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FT3 is Stripe's adaptation of ATT&CK-style security frameworks designed explicitly for fraudulent activities.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181737%2Fhacking%2Flab-dookhtegan-disrupts-comms-iranian-ships.html%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/8RNTgzAAxutFNXprHykeEbgi8hlIU1HDD0_n4IIDb08=420">
<span>
<strong>Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Lab Dookhtegan hacking group allegedly disrupted communications systems on 60 Iranian ships, including 39 tankers and 25 cargo vessels operated by sanctioned companies National Iranian Oil Tanker Company (NITC) and Iran Shipping Lines (IRISL). The cyberattack targeted the maritime communication infrastructure of these state-linked shipping firms, potentially impacting their ability to coordinate operations and maintain contact with shore-based facilities. This incident demonstrates the growing trend of hacktivists targeting critical maritime infrastructure as part of geopolitical cyber operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securecrafting.io%2Fblog%2Fappsec-archetypes%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/iYcu1oLQOiwiitTqxKtVVWfmPK0yNI__tSTdf9JZ-LQ=420">
<span>
<strong>Application Security Engineer Archetypes (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The author of this post reflects on his time as an AppSec engineer in various organizations and divides AppSec roles into three buckets: AppSec Engineer in a Centralized Organization, Dedicated AppSec Engineer, and Security Partner Engineer. The author also classifies AppSec Engineers as either orchestrators, builders, specialists, or rapid responders. The post concludes with a mapping of the roles each archetype excels in and the prime traits essential for each archetype to succeed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.himanshuanand.com%2Fposts%2F2025-08-22-llm-vibe-coding-security-nightmare%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/SicitMzKcTSpHt6Y3KULcGJttKPGPfWv_QlmryPTsaY=420">
<span>
<strong>Why Relying on LLMs for Code Can Be a Security Nightmare (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher demonstrates how LLM-generated code can contain serious security flaws, such as exposing an email API with hardcoded parameters in client-side JavaScript. This allows attackers to spam recipients with simple curl commands. LLMs learn from insecure internet examples and replicate these patterns, often prioritizing functionality over security. Organizations require human oversight for security reviews and threat modeling when utilizing AI-generated code, as LLMs lack an understanding of security risks and potential for abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffeds-seize-veriftools-net-relaunch-veriftools-com%2F%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/jOs0Eesq43mvFPMcmV0wDMwCZsSoz6_GFT-jKdFiDFI=420">
<span>
<strong>Feds Seize VerifTools.Net, Operators Relaunch with VerifTools.com (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
US and Dutch authorities have seized the VerifTools marketplace, which sold counterfeit identity documents for as little as $9 to facilitate cybercrime.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181747%2Fapt%2Famazon-blocks-apt29-campaign-targeting-microsoft-device-code-authentication.html%3Futm_source=tldrinfosec/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/7V5yXJq6DRt2JHo_G1TYcd3rhRx8qgykvAC9cMGFCNE=420">
<span>
<strong>Amazon blocks APT29 campaign targeting Microsoft device code authentication (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Amazon disrupted a Russian APT29 watering hole campaign that injected malicious JavaScript into compromised websites, redirecting visitors to fake Microsoft device authentication pages designed to harvest credentials from academics and Russian critics.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FOTwxX6/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/JfdeohDdQpw21LRvfqV1oo9TBdp-cinuEOeZxx_S0Vc=420">
<span>
<strong>Meta accused of creating flirty AI chatbots of celebrities without permission (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta developed flirtatious AI chatbots impersonating celebrities such as Taylor Swift, Scarlett Johansson, Anne Hathaway, and Selena Gomez without their permission.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/L0WzXVtBdcRgxwfW_mhlRtmR7zt5AfrMmDxqmFqpM94=420" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/BG5IDdYxpF6naoP0HCY8NSPR5Re4P_TaqqLGOtZ7eGU=420" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/BzT3uMceAtJN4i-62-TOaONMkhCN2aArxuY7ksTtHRI=420"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/LePtN7r5pEfmhGgp-wzFe6-MG9zVcVyLd6FdZO_XU1s=420" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/SLWkQq76ey-fUQDN3bjNagFlaVL6FYQnXYZX6ONY-54=420"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/YUyVuAiZX2s12RlO1gAwQYAQFFuZdl5DLBQKZXu1baw=420"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/Hxv4L0b6hZ8iGmiXKsB4XjsEPIS-7euLqSWhpRg_hYk=420"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/PLIpeArdAjMqfJY1aItP4NoftYtV_oq-LP9oXItRU1k=420">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4b785c98-8728-11f0-bcd6-0b9e3a26b718%26pt=campaign%26pv=4%26spa=1756731665%26t=1756733525%26s=3083c18cae69588b5ad6f08990ee7acdbf421d157f4d882f9ee4fff384b836df/1/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/RNTyhEZZTQh23q2hwsm-OxDk4yyLW-DPrpMoYsL_yVQ=420">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/01000199057a4f98-aab815e9-1a4c-4282-a723-6dd8c5c409cc-000000/FQBJRb_In6JQvFm5AvdRjGDgkuxJ8htsj87XMU5skmQ=420" style="display: none; width: 1px; height: 1px;">
</body></html>