<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Multiple malicious versions of the popular Nx build system package were published to NPM on August 26. The attack leveraged AI command line tools β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/eXgxf9WQgRYMS-_Hhti9kBNf_qA0LtMwM8Cq2vjTP-E=420" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/Ne9Jrv6lWcTbEkGuXHSBPOmcPyIiEeArZfc8PEn0XFE=420" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=395308dc-87ab-11f0-bd12-4f20343a9472%26pt=campaign%26t=1756818362%26s=9673d6fa3200221bb3f9e326b2a36d98ec7ec0cad864715eda81dfd837766835/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/khOQkFTkvD-GDWzEj4DKj_Rmn3ZiQDnsy5DyiJ8R3y4=420"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250902/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/jYZNQHllPoUM4KG_dYjJU-BbNzbkX4LxihmhG5b98g8=420"><img src="https://images.tldr.tech/onetrust.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="OneTrust"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-02</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250902/2/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/WodiR0c2Kft9wBYYxlekE3nbBAL_hZ-ypzlKJTjwmOI=420">
<span>
<strong>43% of organizations have fewer than 5 staff members handling compliance (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meanwhile, compliance requirements keep expanding. New regulations emerge annually across privacy, financial controls, and cyber resilience. Each framework demands separate audits, evidence collection, and documentation β even when <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250902/3/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/tMOSRJxlKm085u9r3KB4eYicIScbFODWnFHWoFnGTO8=420" rel="noopener noreferrer nofollow" target="_blank"><span>requirements overlap significantly</span></a>.
<p></p>
<p>Beyond the obvious resource drain, this creates strategic blind spots when compliance teams operate in silos, miss shared controls, and duplicate work across frameworks that share common ground.</p>
<p>This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250902/4/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/Y7Csm3Ygw99BSLG4p5TEclos8qnZyDcTKS0u5qoGJBs=420" rel="noopener noreferrer nofollow" target="_blank"><span>ebook</span></a> breaks down how organizations are rethinking their approach to manage expanding compliance obligations without expanding headcount. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250902/5/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/K5Nxhh9Wj6HTkG5Uo3HJGSKjY0r-w2X35I2cQbjxzAQ=420" rel="noopener noreferrer nofollow" target="_blank"><span>Get your free copy</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fs1ngularity-supply-chain-attack%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/vUPsADIMVNdgZ_VMpDInHwrDtrdySAKIhOAYL42LKQU=420">
<span>
<strong>s1ngularity: Supply Chain Attack Leaks Secrets on GitHub (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Multiple malicious versions of the popular Nx build system package were published to NPM on August 26. The attack leveraged AI command line tools to search for sensitive files, extracted credentials, and then attempted lockout by appending `sudo shutdown -h 0` to .bashrc and .zshrc files. The root cause of the supply chain attack was a flawed GitHub Action that allowed code injection through unsanitized PR titles combined with the `pull_request_target` trigger.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F08%2Fgoogle-warns-that-mass-data-theft-hitting-salesloft-ai-agent-has-grown-bigger%2F%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/Wk5KAv8Tue8YLhc0IkcRB_oB6rDAxhlRKvli7Xe96_o=420">
<span>
<strong>Google warns that mass data theft hitting Salesloft AI agent has grown bigger (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The data theft affecting Drift AI, a Salesloft tool, is more extensive than initially reported. Attackers used compromised credentials to access Google Workspace emails, and as a result, all Salesloft Drift integrations are now considered potentially compromised. Organizations must revoke and rotate all connected credentials and check for unauthorized access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181772%2Fcyber-crime%2Ffraudster-stole-over-1-5-million-from-city-of-baltimore.html%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/vC5LzGoShCcs7raITrWwm05lF4FTb-8XCBTV13RfV5c=420">
<span>
<strong>Fraudster stole over $1.5 million from city of Baltimore (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fraudster stole $1.5 million from Baltimore between February and March by pretending to be a vendor employee, hacking into the vendor's Workday account, and convincing AP staff to redirect bank details. The city recovered $721,000, but cannot recover $803,000 despite insurance claims and reissued payments. This is Baltimore's third instance of vendor fraud since 2019, highlighting ongoing weaknesses in financial controls following losses of $62,000 in 2019 and $376,000 in 2022.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.silentsignal.eu%2F2025%2F06%2F14%2Fgitblit-cve-CVE-2024-28080%2F%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/7x61_AUMgWaszN8NrQa55_txFn8FFtIi7w89FeKx1aY=420">
<span>
<strong>Rage Against the Authentication State Machine (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers discovered an authentication bypass (CVE-2024-28080) in Gitblit's SSH service that allows attackers to log in without requiring a user's private key or password, only needing the username and public key. This post analyzes how the vulnerability arose, detailing the SSH login handshake and highlighting where the implementation deviates from secure best practices with Apache MINA SSHD.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcheckmarx.com%2Fai-llm-tools-in-application-security%2Fcvss-was-built-for-code-not-ai-agents-now-aivss-closes-the-gap%2F%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/Ze9Eq9_cu6enMnJ9mVVV9m64wkBTRsiAGQMMU9N-Bao=420">
<span>
<strong>CVSS is Built for Code, Not AI Agents. Now AIVSS Closes the Gap (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Traditional CVSS scores fail to address the unique risks posed by autonomous AI agents. The new AIVSS framework extends CVSS by evaluating behavioral factorsβsuch as autonomy, tool access, and memory useβenabling security teams to measure and manage the risks of agentic AI systems more effectively, aligning with modern security frameworks like NIST AI RMF.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fiot-malware-gayfemboy-mirai-based-botnet-campaign%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/PqgutgUSk3m5U6-Ehk7E6GxSvolu6xJTcwGax_uCrLI=420">
<span>
<strong>The Resurgence of IoT Malware: Inside the Mirai-Based Botnet Campaign (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Gayfemboy botnet exploits vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco devices to deploy a Mirai-variant that uses modified UPX packing, custom architecture naming schemes, and hardcoded process termination lists to eliminate competing malware infections. The malware implements sophisticated evasion techniques, including 50-nanosecond sandbox delays, utilizes public DNS servers (1.1.1.1, 8.8.8.8) to bypass local filtering, and scans 15 predefined ports for C2 communication with domains such as cross-compiling[.]org and i-kiss-boys[.]com. Organizations should implement network monitoring for unusual DNS queries to public resolvers, deploy IPS signatures for the listed CVEs, and monitor for processes attempting to bind to UDP port 47272 or exhibiting the malware's distinctive process termination behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pdq.com%2Fpdq-connect%2Fregister%2Fevents%2F%3Futm_campaign=ct_mc_dir_direct_vulnerability_management_campaign_2025_07_16%26utm_medium=direct%26utm_source=direct%26campaign_id=701TU00000fShYhYAK/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/2MOS3Xg8k01xTFVAAoqpQ3sxCjqphJzK1wzfyBUzOCw=420">
<span>
<strong>Ending the Turf War Between IT and InfoSec (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IT and InfoSec are technically on the same side⦠but it sometimes doesn't feel like it. In this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pdq.com%2Fpdq-connect%2Fregister%2Fevents%2F%3Futm_campaign=ct_mc_dir_direct_vulnerability_management_campaign_2025_07_16%26utm_medium=direct%26utm_source=direct%26campaign_id=701TU00000fShYhYAK/2/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/YeeDmm2mjqsUC6qc_GEEleO40Aq4vRjWxGSXpAswCew=420" rel="noopener noreferrer nofollow" target="_blank"><span>30-minute session</span></a>, you'll learn how to start working as one team:
<p></p>
<ul>
<li>Bridge the gap without restoring to passive-aggressive Slack messages</li>
<li><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pdq.com%2Fpdq-connect%2Fregister%2Fevents%2F%3Futm_campaign=ct_mc_dir_direct_vulnerability_management_campaign_2025_07_16%26utm_medium=direct%26utm_source=direct%26campaign_id=701TU00000fShYhYAK/3/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/YuR1sMNmJMMcVjiipdLa-96nQqCqBkdgKFe0jeMmzCk=420" rel="noopener noreferrer nofollow" target="_blank"><span>Align on CVE priorities</span></a> without losing your cool (or your uptime)</li>
<li>Create a process both teams can actually follow.</li>
</ul>
<p>Expect practical advice, a few war stories, and useful tips for better alignment. You'll also find out how automation and better visibility can take the sting out of security requests. </p>
<p>Maybe you can even cut those βhey, did you patch this?β emails in halfβ¦</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pdq.com%2Fpdq-connect%2Fregister%2Fevents%2F%3Futm_campaign=ct_mc_dir_direct_vulnerability_management_campaign_2025_07_16%26utm_medium=direct%26utm_source=direct%26campaign_id=701TU00000fShYhYAK/4/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/_t5r3efKmvOBD2h_PSI6tCXYTdlZIBS8HzG0rb_Kl0Y=420" rel="noopener noreferrer nofollow" target="_blank"><span>Register for the live event βοΈ</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FElectronicCats%2FCatSniffer%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/O5aeUMFo7_be2QEsmXf6jb0MoC2Gg5jAuDgyieMMzRk=420">
<span>
<strong>CatSniffer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CatSniffer is an original, multiprotocol, and multiband board designed for sniffing, communicating with, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and an RP2040 for V3 or a Microchip SAMD21E17 for V2.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fintroducing-aspm-cortex-cloud%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/hcMnRRvsF_7U0U-7yhJ9ognF1nfIfSGLhldHuPR_amI=420">
<span>
<strong>Start accelerating secure application development (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cortex Cloud ASPM is a prevention-first application security module that integrates with AppSec tools, such as Snyk, GitLab, and Checkmarx, to block vulnerabilities before they reach production. The platform offers automated remediation, inline IDE fixes, and correlates findings across code, cloud, and runtime to prioritize risks over false alarms. In early access, with general availability in H2 2025, it claims to be 10 times faster and more cost-effective than traditional reactive security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0xJs%2FBlockEDRTraffic%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/FI_exdieGGHdtOUo-e3H3ykh1SEeq7bIAg1nXpWcVGY=420">
<span>
<strong>BlockEDRTraffic (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F08%2F28%2Ffbi_cyber_cop_salt_typhoon%2F%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/7wOJktNDxoz5yF_10QoeCcgIvMDhObXKmHeZ1L1TET4=420">
<span>
<strong>FBI cyber cop: Salt Typhoon pwned 'nearly every American' (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Chinese hacking group Salt Typhoon has infiltrated U.S. telecoms, stealing personal data from nearly every American and millions globally since 2019. FBI officials say the scale and indiscriminate nature of the campaign are unprecedented, affecting at least 80 countries, 200 U.S. organizations, and high-profile political figures.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2Fscarcruft-uses-rokrat-malware-in.html%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/XysLG6uKjYkv7aAbs169fVTzh5PvVsX1e92G9uEdQI4=420">
<span>
<strong>ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korean APT37 (ScarCruft) carried out Operation HanKook Phantom using spear-phishing emails with malicious LNK files disguised as PDFs to deliver RokRAT malware to South Korean research targets. The attack utilized fake newsletter lures from the National Intelligence Research Association, employing PowerShell scripts and fileless techniques to exfiltrate data via Dropbox, Google Cloud, and Yandex. This campaign shows APT37's focus on espionage against the South Korean government, research, and academic targets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.npr.org%2F2025%2F08%2F26%2Fnx-s1-5517977%2Fsocial-security-doge-privacy%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/D4tgVD75-M9gWInmRyrALWyTfXUrbN-fb1eTbgbcNx0=420">
<span>
<strong>Whistleblower Says Trump Officials Copied Millions of Social Security Numbers (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A whistleblower at the Social Security Administration (SSA) stated that a former senior DOGE official, now at the SSA, copied the Social Security Numbers (SSNs), names, and dates of birth of over 300 million Americans to a private section of the agency's AWS cloud environment. The complaint states that the cloud environment was set up for DOGE-affiliated Social Security staffers but lacks independent security, monitoring, and oversight. The complaint also alleges that cybersecurity officials within the SSA described the decision to copy the data as βvery high riskβ and discussed the possibility of having to reissue SSNs in the event of a breach.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.openssh.com%2Fpq.html%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/lnnMC9CFqCsMPGCo4eHKZc39GX6uAG5v6_iNvxjQY80=420">
<span>
<strong>OpenSSH 10.1 will warn the user when a non post-quantum key agreement scheme is selected (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenSSH 10.1 will warn users when connecting to servers that use non-post-quantum key agreement schemes, encouraging migration to quantum-resistant cryptography such as mlkem768x25519-sha256 and sntrup761x25519-sha512 to protect against future "store now, decrypt later" attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffastcode.io%2F2025%2F08%2F30%2Fthe-69-billion-domino-effect-how-vmwares-debt-fueled-acquisition-is-killing-open-source-one-repository-at-a-time%2F%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/NrUbAHa-z5Nx85vWsEhiE9IWuvJnUlOJ7Xa5f0AFFCc=420">
<span>
<strong>The $69 Billion Domino Effect: How VMware's Debt-Fueled Acquisition Is Killing Open Source, One Repository at a Time (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Broadcom CEO Hock Tan's $69 billion debt-funded acquisition of VMware has led to the discontinuation of Bitnami's free container image repository, which manages 4 billion downloads annually, now replaced by a costly $72,000-per-year premium service, causing widespread infrastructure migrations for many organizations reliant on Docker images.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Fhotforsecurity%2Fhacker-suspected-of-trying-to-cheat-his-way-into-university-is-arrested-in-spain%3Futm_source=tldrinfosec/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/oqYLVCCNH9gHw_6rbUSeCUZPvFsrgGmdKzV3d-w2fDk=420">
<span>
<strong>Hacker suspected of trying to cheat his way into university is arrested in Spain (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spanish police arrested a 21-year-old suspected hacker in Seville for allegedly compromising at least 13 university professors' accounts on the Andalusia region's SΓ©neca educational platform to alter his own and classmates' high school and university entrance exam grades.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/deuvFTJAeGPm74P8jOTy26RacT1Pi-k6nfbLsPCv7PE=420" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/tpQdBYxJ5Xvap0EpPaFKDk_AQwuZCcViwtidKiW9SWc=420" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/6m9jGFAKr0iv7Ho6hi54cHSVoxr3tTJazw5UtrNTp2g=420"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/nq1sq5c24TEQpUfaxFKpYthOtgLh5IroHtqZOWr7A74=420" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/pAx3EZw8MphxBbLfP2l_1m3qB06Zeq0iANhKgpdy8sA=420"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/VQX8lJAVgXi6GwU1rCNFOrSArSvVZmKDo5t4EEET4u0=420"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/olWDVrUjr0QCZ1lU2H-P_Fp_JCbPQiv0FBezTwwNuWI=420"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/sQzHY3_RGjrcLa8zcYqRalwBQ7AGFaIm3XDQxwdq-iY=420">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=395308dc-87ab-11f0-bd12-4f20343a9472%26pt=campaign%26pv=4%26spa=1756818060%26t=1756818362%26s=1a2f1b05f372914988052d91191e3a03217201b6cd8f6701df1a9d8b7b98b8d4/1/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/OQbBaNpzx99Ncn9JvcHVo8KSgzCWwZY-qZqvQbUtTzA=420">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/010001990a88d231-4030fb2a-d526-4967-8f5f-963109f1098d-000000/g7WqsC22hlziqCWad9mNfYDJHGxBy7hAPy4QdoYDweA=420" style="display: none; width: 1px; height: 1px;">
</body></html>