<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Hackers are exploiting a critical CVE in SAP S/4HANA that enables low-level users to gain admin control. The flaw affects multiple versions </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/PaYu5R-NrBA8GeQzJfvV-SR2vaFs9C10PSfhuxh06BI=421" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/xvkKGlKWtGM_mWS5DRriEQYJZ3cLGgacrfQWUUje3DA=421" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=99d1daa8-8cab-11f0-8198-d9c057e8f5ac%26pt=campaign%26t=1757336851%26s=489fd50a49df4ae2d6fdab3ba7911e34484100b15fd3ff601957ef3a84cbb60d/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/5Hrqf4s-1ZJu-euHv7QvdHjI-awzWBcZcI6Lpw9O42A=421"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftry.drata.com%2Fai%3Futm_source=TLDR%26utm_medium=display%26utm_campaign=202508-18_fy26_comm_DG_COMM_%26utm_content=book_demo%26utm_term=comm_prospects/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/3NUsR8BZSNym50RqWTlfz1msGR1hfp_mcx9nc0JBYOQ=421"><img src="https://images.tldr.tech/drata50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Drata"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-09-08</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftry.drata.com%2Fai%3Futm_source=TLDR%26utm_medium=display%26utm_campaign=202508-18_fy26_comm_DG_COMM_%26utm_content=book_demo%26utm_term=comm_prospects/2/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/5O8YnfcLyPvGFOWjMsrr8mJq8Isu7VbvCvflhUML_qQ=421">
<span>
<strong>Drata drives automated outcomes for GRC (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
If you're leading governance, risk and compliance, you're under constant pressure: security reviews, audits, vendor questionnaires - it never stops. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftry.drata.com%2Fai%3Futm_source=TLDR%26utm_medium=display%26utm_campaign=202508-18_fy26_comm_DG_COMM_%26utm_content=book_demo%26utm_term=comm_prospects/3/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/m_BVN4wBGholHbsk5Pix_6PbQhHsmuqaSO44fUHmpG0=421" rel="noopener noreferrer nofollow" target="_blank"><span>Drata's AI-native Trust Management platform</span></a> streamlines the entire GRC workflow. Security questionnaires? Automated. Evidence collection? Continuous. Risk management? Built in. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftry.drata.com%2Fai%3Futm_source=TLDR%26utm_medium=display%26utm_campaign=202508-18_fy26_comm_DG_COMM_%26utm_content=book_demo%26utm_term=comm_prospects/4/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/AB0xI7y5QUzpMiDZVEuJTG8B9cNvmAMWl0YE6_876tw=421" rel="noopener noreferrer nofollow" target="_blank"><span>Get a demo</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fhackers-exploit-cve-2025-42957-sap-vulnerability%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/jScf1qtWJACZw_kXYivyqa-PBvJh1UyIGvQ5hBMyP7g=421">
<span>
<strong>Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers are exploiting a critical CVE in SAP S/4HANA that enables low-level users to gain admin control. The flaw affects multiple versions, risking data theft, backdoors, and ransomware. SAP released patches on August 12. Organizations should update immediately, as the Dutch NCSC issued a medium-high priority advisory on September 5.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fleakd.com%2Fleaks%2Fdark-web-vendor-claims-breach-of-anuvu-aws-employee-data%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/rSzCeB-Z16oHt_yVbCUZA_pecIYm11uKAEoMc74u7Jk=421">
<span>
<strong>Dark web vendor claims breach of Anuvu AWS employee data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A dark web vendor claims to have breached Anuvu (formerly Global Eagle), a major satellite provider for airlines and cruise lines, allegedly obtaining over 70 admin credentials for internal services like AWS and Postgres databases. The stolen data includes sensitive employee info, customer databases, and Starlink contract details, potentially exposing users of in-flight connectivity. Researchers verified parts of the data appear legitimate and warned that the breach could enable targeted phishing and credential stuffing attacks against airline partners like Air France, Delta, Southwest, and British Airways.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ficloud-calendar-abused-to-send-phishing-emails-from-apples-servers%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/HTQNTVtdOiQ_5VAyN92ZAO2f_GZnBmzYN7d0IIfeCig=421">
<span>
<strong>iCloud Calendar Abused to Send Phishing Emails From Apple's Servers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new phishing campaign that leverages iCloud Calendar invites was reported to BleepingComputer. The phishing email notifies the user that their PayPal account is being charged and requests the user to call a given phone number. The notable thing is that the email is sent from Apple's servers because the attackers add the user's email to an Office 365 group, which they invite to the event, and include the phishing text in the Notes field.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.magonia.io%2Fwhat-framing-security-alerts-as-a-binary-true-or-false-positive-is-costing-you%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/XFY2ifRsbJ4h61SCiVhFlyGIJ6uvcYxxfexYDzS0RJQ=421">
<span>
<strong>What Framing Security Alerts as a Binary True or False Positive is Costing You (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The true/false positive binaries only capture whether an alert accurately alerts on a signal, but not if it is impactful. The author proposes adding a layer of intent or disposition to alert metrics to measure whether the alert had an actual business impact. This leads to a refined classification with the steps: True Positive - Malicious, True Positive - Suspicious, True Positive - No Business Impact, and False Positive.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgoteleport.com%2Fblog%2Fsecuring-model-context-protocol-with-teleport-and-aws%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/XfvSvnaXxOrClDCNe4N9tiE26qEvv6xynwUGqO5_rzs=421">
<span>
<strong>Securing Model Context Protocol (MCP) with Teleport and AWS (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MCPs pose security issues like poor auditing, insecure credentials, and excessive privileges. Teleport offers a Unified Identity Framework, giving each MCP a unique cryptographic identity with dynamic credentials, fine-grained access, and thorough logging. This post covers deploying and securing MCP access to a database.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackhillsinfosec.com%2Fdetecting-adcs-privilege-escalation%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/KVrKVhc9HW3-c6LsBpna78bXmLXe8I9Oq9wlEUaCS6E=421">
<span>
<strong>Detecting ADCS Privilege Escalation (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Active Directory Certificate Service (ADCS) is used in Active Directory environments to manage certificates for systems, users, applications, and more, and provides a variety of potential privilege escalation vectors. ADCS logging is not enabled by default and must be enabled via certsrv. This post demonstrates how to create and test KQL alerts for a common privilege escalation technique.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fform%2Fleave-your-legacy-pam%3Ftrk=strongdm-newsletter-trial%26utm%5B%E2%80%A6%5Dmpaign=2026-q3-leave-your-legacy-pam-trial%26utm_content=trial%26utm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/4eazefZ6aeHRjlPWNHM0OgRt_a0CewwE4ZKjs7YzOPA=421">
<span>
<strong>Palo Alto Just Spent $25B Validating What You Already Know (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The 2nd biggest cybersecurity acquisition in history confirmed what every CISO suspected: <strong>legacy PAM is a liability. </strong>The question isn't if you replace it — it's how long you can wait.<p></p><p>While others scramble to stitch decades-old tools, StrongDM has an <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fform%2Fleave-your-legacy-pam%3Ftrk=strongdm-newsletter-trial%26utm%255B%25E2%2580%25A6%255Dmpaign=2026-q3-leave-your-legacy-pam-trial%26utm_content=trial/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/J6KWk24_JDENlu9SHzu95dS85U1V-Xus7bm94rC-uLo=421" rel="noopener noreferrer nofollow" target="_blank"><span>exclusive offer</span></a>. Move now and leapfrog straight to the model everyone is chasing: <strong>real-time identity control that accelerates developer productivity. </strong>Modern access control is faster, simpler, and removes the friction strangling your DevOps velocity. Early movers are already ahead.</p>
<p>Still under contract? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.strongdm.com%2Fform%2Fleave-your-legacy-pam%3Ftrk=strongdm-newsletter-trial%26utm%255B%25E2%2580%25A6%255Dmpaign=2026-q3-leave-your-legacy-pam-trial%26utm_content=trial/2/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/ECZ_TicFjCdyDyVfs0ctnZb7FsVrAku_4Kg9umyTy6s=421" rel="noopener noreferrer nofollow" target="_blank"><span>Switch fast and FREE with StrongDM</span></a>. We'll bridge you out of modem-era legacy software and into Zero Trust PAM.
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjonaslejon%2Fmalicious-pdf%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/yMURq74REdG1dfnOw3IR46ovNykjFi3Iw5aVcKw_YXk=421">
<span>
<strong>Malicious PDF Generator (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The repository contains ten variations of malicious PDF files that include phone-home features. These can be used with Burp Collaborator or Interact.sh.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FDataDog%2Fghbuster%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/Ee4b-1iWfK0An07oZtD0wzRXAk0u3hEnX-DIqcWYMPg=421">
<span>
<strong>ghbuster (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ghbuster is a tool from Datadog that detects suspicious GitHub users and repos using heuristics. The tool analyzes patterns like coordinated star manipulation, commits from unlinked emails, users with only forked repositories, and accounts with minimal community activity to flag threat actors weaponizing trust in the open-source ecosystem. It provides a command-line interface with modular detection rules and requires a GitHub API token.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0x4D31%2Ffinch%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/QszHugGOgRR_XNmLoFld031_un6fGH0Rel25EmHhQhs=421">
<span>
<strong>Finch (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Finch is a fingerprint-aware TLS reverse-proxy that inspects TLS handshakes and HTTP requests to extract JA3, JA4, JA4H, and Akamai HTTP/2 fingerprints, then evaluates them against hot-reloadable rules.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fvirustotal-finds-hidden-malware-phishing-campaign-in-svg-files%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/6zXZ2vc-zbZWZ79KdBiR7plamPRR1MiSe5hgOPJBbtA=421">
<span>
<strong>VirusTotal finds hidden malware phishing campaign in SVG files (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VirusTotal discovered a phishing campaign using SVG files with embedded JavaScript to impersonate Colombia's judicial system, delivering malware through fake government portals. The campaign used 44 unique SVG files that evaded all antivirus engines but were detected by VirusTotal's AI Code Insight feature, which also uncovered 523 additional samples dating back to August. The malicious SVGs create convincing fake judicial portals with progress bars and security tokens, while secretly downloading ZIP archives containing malware to victims' systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQ52n4y/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/Az4bZl4bRP3l-lCG1O9biIzLiHfcwswyQmGdvL6QKsE=421">
<span>
<strong>Google fined $3.5 billion for breaching EU's antitrust laws (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The EU fined Google €2.95 billion for abusing its dominant position in advertising tech by favoring its AdX exchange since 2014. This is Google's fourth major EU antitrust penalty, totaling nearly €10 billion over ten years. Google has 60 days to suggest compliance or risk divestment. It plans to appeal.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181976%2Fintelligence%2Fczech-cyber-agency-nukib-flags-chinese-espionage-risks-to-critical-infrastructure.html%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/hMsLG7sQ3BUzkRPIz64JcQOiKLqUBe9-c3XhKsGR0bs=421">
<span>
<strong>Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Czech cybersecurity agency NUKIB warned of increasing risks from Chinese-linked technologies in vital sectors such as energy, healthcare, transport, and government, citing APT31's attacks on Czech ministries. The agency pointed out risks from Chinese devices like IP cameras, PV inverters, smart meters, phones, cars, and AI models that can send data to or be controlled remotely from China. NUKIB stressed that Chinese laws give authorities broad powers to access data and force private companies to cooperate in state-led spying, urging Czech organizations to implement proper protections against these cyber threats.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevent.on24.com%2Fwcc%2Fr%2F4988643%2FE70446A846AD15473BDDE342790A0A14%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec9-8/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/aQoWMYICpFZ6CuAHHm08msQp3hOcZjvmJMwqLS6M4h8=421">
<span>
<strong>DoD compliant Zero Trust Security with Mattermost (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Learn how Mattermost Enterprise Advanced secures classified data with spillage controls, disappearing messages, mobile security enforcement, post-quantum encryption, and uncompromising Zero Trust access for defense, intelligence, and critical infrastructure. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevent.on24.com%2Fwcc%2Fr%2F4988643%2FE70446A846AD15473BDDE342790A0A14%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec9-8/2/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/WSAi9MR6YKUhqpFPs3jGuB9MO1RedvI4gQG9ad_vLQc=421" rel="noopener noreferrer nofollow" target="_blank"><span>Join the webinar</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FXxt87X/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/OZjfz1dywb6Ma27aeNHoK7kA2QHqEiluD2clpPT4iUQ=421">
<span>
<strong>Waymo says it won't surrender camera footage without a fight (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Waymo co-CEO Tekedra Mawakana announced the company will "challenge, limit, or reject" law enforcement requests for robotaxi camera footage that lack valid legal processes like warrants, as each vehicle's 29 cameras create privacy concerns about potential surveillance misuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fbridgestone-cyberattack-disrupt-north-american-plants%2F%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/ERGQoiZBxEEa8OWMYwS7Li0M0wFNjYwDihNs4-G3W-U=421">
<span>
<strong>Bridgestone Confirms Cyberattack Disrupting North American Plants (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tire manufacturing giant Bridgestone confirmed a cyberattack disrupted operations at multiple North American facilities, including plants in South Carolina and Quebec.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F181954%2Fdata-breach%2Fqantas-cuts-executive-bonuses-by-15-after-a-july-data-breach.html%3Futm_source=tldrinfosec/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/GY7nq6j2GKajxrUyolrKNuw7L_ELq8rjliGyYv-4gFM=421">
<span>
<strong>Qantas cuts executive bonuses by 15% after a July data breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Australian airline Qantas cut executive bonuses by 15% after a July cyberattack linked to Scattered Spider compromised the data of 5.7 million customers through a third-party call center platform.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/HqaQHgj5gaLtz-A6YrUBeKqenhkrgODcVHWXicNu5bI=421" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/5dP8WGpdIhREIf5368_6mUMeIPAjnprTr3LO7457bHs=421" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/evfDZENWh6L7kRQAoNbJb0JzorbA0gqSck02CIMoDSM=421"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/HyUrOJ4gM08uNWTo-JMN4Sq3bi8DRslc8EwsRpUoZkQ=421" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/TaMxvD7Nglyf2A0pQKSo3TE2lrXI9UXJRCOeaQQa9rg=421"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/Gb3MVwxzYcBrKT8iDS2-7vGfg4vBepNPOj-yxE8fsqs=421"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/GwXZqvaoJLkfCFxnmk7nscqPiWevqxrt2XFUL7dYJPo=421"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/09eVm7nF1mFtqJ9ZSHTvqs1x3-jKyYpJRqysIDhO3tw=421">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=99d1daa8-8cab-11f0-8198-d9c057e8f5ac%26pt=campaign%26pv=4%26spa=1757336523%26t=1757336851%26s=02216ba381221e2ccb59ce9473e4ed8d8941761ca21d7e08413bfca6dfaf630b/1/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/AFCPnCM3e6LQVt0SD54IrXUAm6qgREdiYzEBC7yLSKc=421">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019929705601-69e83eff-b977-4208-9531-0b9c971b002e-000000/_S6OQeg-nRIiMeikfd53KT7MibXx1oWzKiFOCqwbbtA=421" style="display: none; width: 1px; height: 1px;">
</body></html>