<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Silver Fox APT exploits a Microsoft-signed but vulnerable WatchDog Antimalware driver (amsdk.sys v1.0.600) to disable security processes β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/N8pEQZM19SxGKOTYSJFM7Fh86GA53DDfMmS0hF4Xh9U=421" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/AaTn2IgeGa8WpCUqT3yFG0l74htWiYKwZQyS9FyiQ0o=421" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1f686f40-894d-11f0-97b0-573deb557fb2%26pt=campaign%26t=1756991727%26s=98d8edb0dc7b3a2a345d42b039016d980d695dd049f2a74ac546a539ba863933/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/Z6VzC7W7P_U6ijg99pVx6metMmoMMX71VwipC5fcUMs=421"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fwebinars%2Fvanta-delivers-ai-powered-risk-management%3Futm_campaign=vanta-delivers%26utm_source=tldr-infosec%26utm_medium=newsletter/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/cICF3-mYZDwD5wNFm6cwifOvYXQg1_kBJzcSKHYXXFg=421"><img src="https://images.tldr.tech/vanta50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Vanta"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-04</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fwebinars%2Fvanta-delivers-ai-powered-risk-management%3Futm_campaign=vanta-delivers%26utm_source=tldr-infosec%26utm_medium=newsletter/2/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/YjmCmoaCvLxOZOhqJ_GIJzkNK2SI69PsQhvNv_Mq6UU=421">
<span>
<strong>AI-Powered Risk Management - Join the Virtual Event (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In 2025, risk is decentralized. It's spreading across vendors, systems, and applications - and threatening to overwhelm GRC teams.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fwebinars%2Fvanta-delivers-ai-powered-risk-management%3Futm_campaign=vanta-delivers%26utm_source=tldr-infosec%26utm_medium=newsletter/3/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/SW8owEPYUcVzGC3gVZBoGzeLPm_99NNewFjUlkL23BI=421" rel="noopener noreferrer nofollow" target="_blank"><span>Join the virtual event Sept 10</span></a> to learn from <strong>Larkin Ryder (Head of Compliance at Anthropic)</strong> and <strong>Jeremy Carriger (CISO at Arcadia)</strong>, alongside <strong>Jadee Hanson (CISO at Vanta)</strong> and <strong>Jeremy Epling (CPO at Vanta)</strong>. They'll talk <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fwebinars%2Fvanta-delivers-ai-powered-risk-management%3Futm_campaign=vanta-delivers%26utm_source=tldr-infosec%26utm_medium=newsletter/4/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/hQpuEPsMiTsOEmFeFdR-NVtZ2OzYjtkaPHKdEOwimGE=421" rel="noopener noreferrer nofollow" target="_blank"><span>AI, automation, and new ways to manage risk</span></a>:</p>
<p>Learn how to:</p>
<ol>
<li>Proactively manage and centralize risk.</li>
<li>Save time by automatically flagging gaps in evidence</li>
<li>Reduce manual work with AI-powered policy drafts and bulk updates</li>
<li>Stay secure with continuous monitoring</li>
<li>Work faster with Slack integrations</li>
</ol>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vanta.com%2Fwebinars%2Fvanta-delivers-ai-powered-risk-management%3Futm_campaign=vanta-delivers%26utm_source=tldr-infosec%26utm_medium=newsletter/5/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/EfqVb6_WVELUTCmeCmXFvwBfDBorwisYgdKbGtFA1-o=421" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Register today</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fsilver-fox-apt-exploit-signed-windows-driver-valleyrat%2F%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/wSXWi7-R07A4wksPjZYRxwzYNPfwytUSM6cCrq2GJM0=421">
<span>
<strong>Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Silver Fox APT exploits a Microsoft-signed but vulnerable WatchDog Antimalware driver (amsdk.sys v1.0.600) to disable security processes on Windows 10/11 and deploy ValleyRAT malware, with the driver never being flagged by Microsoft's Vulnerable Driver Blocklist or LOLDrivers database. The attackers bypassed hash-based blocklists even after a patch by changing a byte in the driver's timestamp while keeping its valid Microsoft signature, showing how trusted signed drivers can be weaponized. The campaign exposes gaps in Microsoft's driver blocklist and the need for security teams to use additional verification beyond signature validation, as the malware terminated nearly 200 security processes targeting mainly Asian organizations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FuRvgR1/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/8gnzi8VGI5qsq3xbBUuzylXYut73nqMisBcgdTuWQpQ=421">
<span>
<strong>WordPress Woes Continue Amid ClickFix, TDS Threats (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals are exploiting vulnerable and fake WordPress plugins to hijack sites and redirect visitors to malicious destinations. Two major campaigns, ClickFix ("ShadowCaptcha") and Help TDS, have targeted thousands of websites for scams and data theft. Attackers often gain access through stolen credentials or unpatched plugins, making regular updates, strong authentication, and vigilant plugin management critical for site security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2Firanian-hackers-exploit-100-embassy.html%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/8MPYAypFHpBZ3aCfs3FLBTe5wUNTdCEjMjx7xp1o1xM=421">
<span>
<strong>Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An Iran-linked hacking group executed a broad spear-phishing campaign, compromising over 100 embassy and government accounts worldwide. Masquerading as urgent diplomatic emails, attackers distributed malware using Word documents with malicious macros. The operation, associated with the group Homeland Justice, mainly targeted Europe and Africa.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4047974%2Fagentic-ai-a-cisos-security-nightmare-in-the-making.html%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/K4w7QXRq0GS5QebhA4EYV4tW6Hl4ll9yL7vXleoxra8=421">
<span>
<strong>Agentic AI: A CISO's security nightmare in the making? (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agentic AI's autonomous decision-making poses cybersecurity risks, including shadow AI deployments without IT oversight, multi-agent systems spreading sensitive data, and AI chaining actions that mimic multi-stage attacks while evading security controls. CISOs struggle with visibility into these systems, increased attack surfaces via third-party APIs, and distinguishing between emergent AI behavior and security breaches. This calls for new defense models with real-time monitoring, tight governance, and cross-team coordination. Organizations must adopt secure-by-design methods and proactive governance to maximize AI benefits while managing risks from systems that can access data, decide, and adapt without human oversight.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FrrwVv8/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/t47QdyZTV4PTGI89udUn4ctN2xTzDzhRTt34zLvStSI=421">
<span>
<strong>How They Got In β DaVita Inc. (17 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The data breach at DaVita Inc. unfolded due to a combination of weak security controls, persistent vulnerabilities, and a lack of timely action on previous advisories. Attackers exploited leaked credentials, unpatched internet-facing systems, legacy software, and insufficient monitoring, allowing them to compromise sensitive healthcare data. The repercussions were serious: DaVita's stock value plunged over 14%, substantial regulatory fines are expected, and the company's reputation took a significant hit.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.resecurity.com%2Fblog%2Farticle%2Fazure-ad-client-secret-leak-the-keys-to-cloud%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/AruRj0w_hP38tBuGRY0yvRksxNbYAZqDszWxtgHSe14=421">
<span>
<strong>Azure AD Client Secret Leak: The Keys to Cloud (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Exposing Azure AD credentials in public configuration files (like appsettings.json) gives attackers direct access to cloud resources because with these secrets, attackers can impersonate trusted apps, exfiltrate data, escalate privileges, and persist within an organization. Leaks occur due to misconfiguration, poor secrets management, and insufficient security checks. To prevent this, restrict access, move secrets out of code, rotate exposed keys immediately, use least privilege, and monitor for misuse to prevent severe breaches.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250904/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/ZaSF44hqZFo6XDk1bFC8bP7wulOQbFlevabUD-fbyhk=421">
<span>
<strong>Is your compliance process burning through half of your security budget? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Research shows that 55% of SMBs spend over half their IT staff time on routine security maintenance - squandering vital knowledge on tedious box-ticking. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250904/2/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/97FXp7K3j3LL6GSEBJoUyjB8IY64zJPtq0K6yRedZxo=421" rel="noopener noreferrer nofollow" target="_blank"><span>OneTrust's compliance automation guide</span></a> shows how to eliminate manual processes and redirect resources to what actually matters. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.onetrust.com%2Fresources%2Ftldr-csyn%2Fthe-risk-resilient-enterprise-automating-compliance-for-security-and-scale%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20250904/3/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/_Bgk48F4P2pK9tmCtQyl2Yoiukr7NVSoWJPohxW8EQY=421" rel="noopener noreferrer nofollow" target="_blank"><span>Get the report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fscreetsec%2FSudomy%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/TcbI9QAoZJ1DO9B9a6O-DBkZ9FDpsXGbuJ-kTR8SJBA=421">
<span>
<strong>Sudomy (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sudomy is a subdomain enumeration tool that collects subdomains and analyzes domains, performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSpecterOps%2FMSSQLHound%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/N9TE5bgN1BeIL4zr7Os6H8i9ad-XLulwivK86uEn9Pg=421">
<span>
<strong>MSSQLHound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MSSQLHound is a PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKe0xes%2FDetection-Engineering-Framework%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/_NRiKnaDBD0WxqHrrSMz4cfA8eUORMfHNwFABjvZnAY=421">
<span>
<strong>Detection Engineering Framework (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Detection Engineering Framework is a comprehensive framework for SOC use case development, detection engineering, implementation, and management.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fianis-antropenko-zeppelin-ransomware-russian-cybercrime%2F%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/9VqRU2R1k4w2ssaIlY0OuZHEbxPWgc1XPOL7iihAW9Y=421">
<span>
<strong>Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Russian national Ianis Antropenko, arrested for deploying Zeppelin ransomware against 138 U.S. victims, including critical infrastructure, from 2018 to 2022, remains free on bail in California despite multiple parole violations and $2.8M in seized cryptocurrencyβa rare leniency that security experts suggest may indicate cooperation with authorities. His poor operational security, including using personal PayPal accounts linked to ransomware operations and storing cryptocurrency seed phrases in iCloud, enabled FBI investigators to trace over 101 Bitcoins through the seized ChipMixer service and build their case. The case highlights the evolving challenge of prosecuting cybercriminals operating from within U.S. borders, with Antropenko's lenient pretrial conditions (including no ban on internet use) contrasting sharply with the typical detention of ransomware suspects, raising questions about potential cooperation agreements or intelligence value.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fportswigger.net%2Fresearch%2Finline-style-exfiltration%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/qKzU3moDHfCvSSZ1ZDlX0DbyS3JxIkm6PdRL1DoW4OA=421">
<span>
<strong>Inline Style Exfiltration: leaking data with chained CSS conditionals (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers can now use only inline CSS stylesβwith the help of chained if statementsβto steal sensitive data like user IDs directly from web pages, all without external files or selectors. This creative trick works on Chromium browsers and highlights how inline CSS itself can be a security threat if user-controlled content isn't locked down properly.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sygnia.co%2Fblog%2Ffire-ant-a-deep-dive-into-hypervisor-level-espionage%2F%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/_YHrPxrypHXBWnelAPuvIAj0XGY-ZjXfy5iA6K1sgsU=421">
<span>
<strong>Fire Ant: A Deep-Dive Into Hypervisor-Level Espionage (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybersecurity firm Sygnia has been tracking a campaign targeting VMware ESXi, vCenter, and network appliances to compromise environments. The attackers compromise the hypervisor by exploiting CVE-2023-34048 to obtain code execution and install an HTTP backdoor on the hypervisors. The attackers then used PowerCLI commands to compromise guests without guest credentials and also ran unregistered VMs with the VMware CLI to bypass registration in vCenter.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmattermost.com%2Fexclusive-report-the-state-of-mission-critical-work%2F%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/Q22wpZlN1E505LeLUUCNta5UDa5aAFZVljd8K_2yQBA=421">
<span>
<strong>Report: Organizations are struggling to secure mission-critical work (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Research by Mattermost and the Ponemon Institute found that only 52% of organizations are confident in the privacy and security of their mission-critical workflows. Read <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmattermost.com%2Fexclusive-report-the-state-of-mission-critical-work%2F%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec/2/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/ru1aJGHK4byMV4SAH_AUs3zZhmAn43P0J-1wv3Cw3Ps=421" rel="noopener noreferrer nofollow" target="_blank"><span><em>The State of Mission-Critial Work</em></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdatabreaches.net%2F2025%2F09%2F01%2Fgmails-protections-are-strong-and-effective-and-claims-of-a-major-gmail-security-warning-are-false%2F%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/VVNV4jtMpHfUBPOQXwCLrXL9zUrW-s4S-TFrryfgyDE=421">
<span>
<strong>Gmail's protections are strong and effective, and claims of a major Gmail security warning are false. (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has refuted recent inaccurate claims about a major Gmail security issue, reaffirming that its protections block over 99.9% of phishing and malware attempts while recommending users adopt passkeys and follow phishing prevention best practices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fgoogle-fixes-actively-exploited-android-flaws-in-september-update%2F%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/_Hkn9BoKCAICWBYxuG-4Geb1xB8ROxkPOnJh27COIo0=421">
<span>
<strong>Google fixes actively exploited Android flaws in September update (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's September Android security update patches 84 vulnerabilities, including two actively exploited zero-day privilege escalation flaws (CVE-2025-38352 in the kernel and CVE-2025-48543 in Android Runtime) under limited targeted exploitation, plus four critical RCE vulnerabilities affecting System and Qualcomm components.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cisa.gov%2Fnews-events%2Fnews%2Fcisa-nsa-and-19-international-partners-release-shared-vision-software-bill-materials-cybersecurity%3Futm_source=tldrinfosec/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/YLywnCiUm3Grc3MqnvYPZACQicanW2hyjcUOiouIUPQ=421">
<span>
<strong>CISA, NSA, and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA, NSA, and partners release a vision document to promote global Software Bill of Materials (SBOM) adoption to improve software transparency and mitigate supply chain risks through standardized practices.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/UqM2aa3rMVqQC-63kzPlOYqrjMYTvbA54diycJIJNSY=421" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/wAmUnOUAGMVatTTGGK0_mgjiXOv4Pmxw-h3bWTjbZpM=421" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/yESFwRLzjVgbT2daDc6_o5wOlQhrN1yOQIvR6mWlxZ0=421"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/zgR0xWyuiaHtEgAi_C61Wc2K9LWbXWgPSgRSQKacKQg=421" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/-ZlzYYqXijPc2hfSDz-EtIA8vGPloyYJnhMyeA1Y50w=421"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/0SN6HvV45EgQELdHMoQOuFCd0RUhwLYROOI4mpyANJk=421"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/6A8WSO7RiJTVXNO_zjFS4dUErbtWhEYwS9YTmGCSsgE=421"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/63XvfZ7lWOU1SM7PFaYhoHUu7CyC9ZXwTm8LucjJJ90=421">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1f686f40-894d-11f0-97b0-573deb557fb2%26pt=campaign%26pv=4%26spa=1756990863%26t=1756991727%26s=e4b6570a1311b5716e6dd0300ea193c8c17725a4c18ae0ff2fc764137d9bfa01/1/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/bdg-h9nzzzgFsbWlZ8fML4ZI5KE6sXlhZ6ylqhSSnI0=421">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019914de2636-8063cd2e-e2e1-48db-bc6b-a21c93567078-000000/2UaNXSwWPgaAQyt2uDXC7Uil5NPplEnIUxN4wiwI2cM=421" style="display: none; width: 1px; height: 1px;">
</body></html>