Email Content

<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
			:root {
				color-scheme: light dark; supported-color-schemes: light dark;
			}
			
			*,
			*:after,
			*:before {
				-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
			}
			
			* {
				-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
			}
			
			html,
			body,
			.document {
				width: 100% !important; height: 100% !important; margin: 0; padding: 0;
			}
			
			body {
				-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
			}
			
			div[style*="margin: 16px 0"] {
				margin: 0 !important;
			}
			
			table,
			td {
				mso-table-lspace: 0pt; mso-table-rspace: 0pt;
			}
			
			table {
				border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
			}
			
			img {
				-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
			}
			
			*[x-apple-data-detectors] {
				color: inherit !important; text-decoration: none !important;
			}
			
			.x-gmail-data-detectors,
			.x-gmail-data-detectors *,
			.aBn {
				border-bottom: 0 !important; cursor: default !important;
			}
			
			.btn {
				-webkit-transition: all 200ms ease; transition: all 200ms ease;
			}
			
			.btn:hover {
				background-color: #f67575; border-color: #f67575;
			}
			
			* {
				font-family: Arial, Helvetica, sans-serif; font-size: 18px;
			}
			
			@media screen and (max-width: 600px) {
				.container {
					width: 100%; margin: auto;
				}
				.stack {
					display: block!important; width: 100%!important; max-width: 100%!important;
				}
				.btn {
					display: block; width: 100%; text-align: center;
				}
			}
			
			body,
			p,
			td,
			tr,
			.body,
			table,
			h1,
			h2,
			h3,
			h4,
			h5,
			h6,
			div,
			span {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			
			@media (prefers-color-scheme: dark) {
				body,
				p,
				td,
				tr,
				.body,
				table,
				h1,
				h2,
				h3,
				h4,
				h5,
				h6,
				div,
				span {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
			
			a {
				color: inherit !important; text-decoration: underline !important;
			}

		</style><!--[if mso | ie]>
		<style type="text/css">
			a {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			@media (prefers-color-scheme: dark) {
				a {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
	 </style>
			<![endif]--></head><body class="">



<div style="display: none; max-height: 0px; overflow: hidden;">Hackers used stolen secrets from Nx to expose over 6,700 private repositories in a major supply chain attack that targeted hundreds of organizations ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ </div>

<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>

<table align="center" class="document"><tbody><tr><td valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">

<table width="100%"><tbody><tr><td class="container">



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/IRMvUMzPYM6ZJddEC0wzv25xK0QxXEU9akdZeazJ-jA=421" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/dF0q-6-r5395ZE2UkOxBnBw4vlKMFV5HSCiwnFpl5Nk=421" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e32dd84a-8d56-11f0-9fa9-69a82754c4a6%26pt=campaign%26t=1757423095%26s=49070bd7f408f50626eb1c10e587a099c5cbacc771363a4f526f9cad1796de86/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/jpWO1CwyNkOO-7yjE8QPGBZ4gDX1oR9u7rmde1q4HrI=421"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>

<br>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/tKAx2PDnB8J9Yqre-hE_aJ9MCGU1KIkUOU30276qKYU=421"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>


<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">

<h1><strong>TLDR Information Security <span id="date">2025-09-09</span></strong></h1>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/2/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/saTpsSboDe0zPKXe4cgb1bFQcErTB4EO8B7cYbBCO9s=421">
                                    <span>
                                        <strong>AI and Threat Intelligence: The Defenders' Guide (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    In this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/3/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/Yjd3I70aRrzsSDPnedwHtVPI1kl-eBp-Y81w8x2VKo0=421" rel="noopener noreferrer nofollow" target="_blank"><span>guide</span></a>, you'll learn how to:

<p></p>

<p><strong>🕵️‍♀️ Track how adversaries are operationalizing AI tools - </strong>from jailbroken LLMs to deepfake-as-a-service.</p>

<p>⚡️ Build AI-enhanced workflows that <strong>improve signal detection</strong>, speed up analysis, and sharpen investigations.</p>

<p><strong>⚠️ Avoid common AI pitfalls:</strong> automation overreach, blind trust in models, and losing human context.</p>

<p>The findings are based on <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/4/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/vLc08cYl18wF-SC4Y3WPDXf5GMfuzixfmW-ts-O9njY=421" rel="noopener noreferrer nofollow" target="_blank"><span>Flashpoint's analysis of 2.6M+ AI-related posts</span></a> published in off-the-radar sources in just five months — including jailbreak prompts, fraud toolkits, and deepfake services.</p>

<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fai-and-threat-intelligence-guide%3Futm_campaign=Resource_RP_AI_Threat_Intelligence%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000RZE8cIAH/5/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/_gx8ybW0ARXtoFIXatbvjNQ_cZvCxjHNuLX0LKQMXis=421" rel="noopener noreferrer nofollow" target="_blank"><span>Get the guide 📥</span></a>


</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffinancial-services-firm-wealthsimple-discloses-data-breach%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/a9xpsIP9W4aMqXzKpneif2OqUMmm7erj_RdNOT-hfrg=421">
                                    <span>
                                        <strong>Financial services firm Wealthsimple discloses data breach (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Canadian financial services firm Wealthsimple disclosed a data breach detected on August 30 that exposed the personal information of fewer than 30,000 customers (less than 1% of its 3 million client base) through a compromised third-party software package. The stolen data included contact details, government IDs, financial account numbers, Social Insurance Numbers, IP addresses, and dates of birth. No passwords or customer funds were compromised. Wealthsimple is providing affected customers with two years of free credit monitoring, dark-web monitoring, identity theft protection, and insurance. It confirmed the incident was unrelated to recent Salesforce breaches.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fghostaction-attack-steals-github-projects-secrets%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/-24l-2gg5UAFH0luu2nmMuKiHc9w9Qc8qRUbIIZha1g=421">
                                    <span>
                                        <strong>GhostAction Attack Steals 3,325 Secrets from GitHub Projects (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    The GhostAction supply chain attack compromised 817 GitHub repositories by injecting malicious workflow files that appeared to be routine automation scripts but actually exfiltrated CI/CD secrets to an external server. The campaign affected 327 developers across multiple programming languages, stealing 3,325 secrets, including npm, PyPI, DockerHub tokens, and AWS credentials that could enable further attacks on software supply chains. The attackers personalized each commit and analyzed legitimate workflows to identify which secrets to target. At least 24 projects (9 npm and 15 PyPI) remain at risk from compromised tokens despite no confirmed malicious package releases yet.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fover-6700-private-repositories-made-public-in-nx-supply-chain-attack%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/9bpKuF1eZjENZxyFfF4xGOcnTVIstg4Ix-ZtxqgNiBI=421">
                                    <span>
                                        <strong>Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Hackers used stolen secrets from Nx to expose over 6,700 private repositories in a major supply chain attack that targeted hundreds of organizations. The threat actors leveraged malicious Nx packages to steal API keys and credentials, and exploited the compromised accounts to publish sensitive data from private repositories to public GitHub repositories.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>


<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farcticwolf.com%2Fresources%2Fblog%2Fgpugate-malware-malicious-github-desktop-implants-use-hardware-specific-decryption-abuse-google-ads-target-western-europe%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/Zbz6gCBnMBZmLAUM87JXtlnpZgEqy7_QZn4JgyNnJmI=421">
                                    <span>
                                        <strong>GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (30 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Russian-speaking threat actors deployed the "GPUGate" campaign using a sophisticated multi-stage attack combining Google Ads malvertising, GitHub commit manipulation, and hardware-specific GPU-gated decryption to target Western European IT professionals with fake GitHub Desktop installers. The attackers leveraged Google's paid search results, modified legitimate GitHub repository commits to include malicious download links, and created 128MB installers with OpenCL-based decryption that only executes on systems with real GPUs (device names >10 characters), effectively bypassing sandbox analysis. The campaign demonstrates advanced evasion tactics, including UAC bypass, Windows Defender exclusions, persistence through scheduled tasks, and modular payload delivery, with the ultimate goal of credential theft, lateral movement, and potential ransomware deployment targeting high-value IT sector victims.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.quarkslab.com%2Fpatch-analysis-of-Apple-iOS-CVE-2025-43300.html%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/jaBl2_DQG0lbLgEIEfQtQdCeSqETOrRqyrWYJBkwQ3A=421">
                                    <span>
                                        <strong>Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter (15 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    CVE-2025-43300 is a zero-click out-of-bounds write vulnerability in the ImageIO framework that occurs when processing DNG images with JPEG lossless compression. Exploited in the wild, the vulnerability stems from incorrect buffer allocation and loop bounds in the lossless JPEG decompression code, where the system assumes at least two components per pixel but processes images with only 1 component, causing writes beyond allocated memory. Apple's patch adds bounds checking to verify buffer size before each write operation and raises an exception when the buffer would be exceeded, fixing the mismatch between allocated buffer size (based on components per pixel) and actual write operations.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fblog%2F2025%2F07%2F24%2Fescaping-the-confines-of-port-445-ntlm-relay%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/rE84BU742kSmk3gF9qKHHpYk3HiFC-8n5ndT-B9rYwg=421">
                                    <span>
                                        <strong>Escaping the Confines of Port 445 (10 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Attackers are restricted to using port 445 when performing NTLM relay attacks on SMB in Active Directory environments. A common strategy to get around this limitation is by extracting the SAM and SYSTEM registry hives to dump NT hashes, but this often triggers alerts or is blocked by EDR. This article details a technique that uses Service Control Manager (SCM) to start the Webclient service, which offers more lateral movement options.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑‍💻</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcontent.dropzone.ai%2Fresources%2Fgartner-hype-cycle-security-operations-2025%3Futm_%5B%E2%80%A6%5Dip%26utm_medium=newsletter%26utm_content=Gartner%2520Hype%2520Cycle%26utm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/7SqZGRIyX69uOPXX7H-bgG3yB0oB6HoBrgserBfxIzw=421">
                                    <span>
                                        <strong>Gartner®Hype CycleTM for Security Operations, 2025 (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Download This Gartner® Report to Learn Dropzone's Takeaways:<p></p><ul><li>Which AI SOC agents deliver value now, and which technologies to avoid </li><li>How to evolve from vulnerability scanning to exposure management (CTEM) </li><li>Where to invest: emerging AI agents vs. proven platforms (EDR, SIEM)</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcontent.dropzone.ai%2Fresources%2Fgartner-hype-cycle-security-operations-2025%3Futm_%5B%E2%80%A6%5Dip%26utm_medium=newsletter%26utm_content=Gartner%2520Hype%2520Cycle/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/lPRFH-TJTS7bm_IC0PeA0e_mtv2ffGvfHWCtHBdn-aA=421" rel="noopener noreferrer nofollow" target="_blank"><span>Download the Report</span></a>


</p>
</span></span></div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftijme%2Fdittobytes%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/E0jZAHY8QC3AyvPqBgUJaTMl79HOEVP8U9LLHho81nA=421">
                                    <span>
                                        <strong>Dittobytes (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Dittobytes compiles C-code into truly Position Independent Code (PIC) for Windows, macOS, and Linux. Supporting AMD64 and ARM64, it has a metamorphic engine that ensures each compile produces unique, functional shellcode. The resulting shellcode is very small and simple and has minimal overhead.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffirecompass.com%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/YMG52NmFO0BaBAJVy68XeFiT75gVNGt7dqZw3iKN0B0=421">
                                    <span>
                                        <strong>FireCompass (Product Launch)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    FireCompass is a platform that integrates attack surface management, continuous threat exposure management, network and application penetration testing, penetration testing as a service, and red teaming.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fanirudhbiyani%2Ffindmytakeover%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/9awt4aL6G1MImNsVzYXqyqmbpLV3B_pOIroMisgllHI=421">
                                    <span>
                                        <strong>findmytakeover (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    findmytakeover is a tool that detects dangling DNS records in a multi-cloud environment. It achieves this by scanning all DNS zones and infrastructure within the configured cloud service provider, whether in a single or multiple accounts, to identify DNS records for which the underlying infrastructure no longer exists, rather than relying on a wordlist.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>


<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.exponential-e.com%2Fblog%2Fgermany-charges-hacker-with-rosneft-cyberattack-in-latest-wake-up-call-for-critical-infrastructure%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/4d4psMooYR5ClQD7nHpUUFTHBTHGdmbsV_qXthwxRBE=421">
                                    <span>
                                        <strong>Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    German prosecutors charged a 30-year-old man with computer sabotage, data alteration, and espionage for attacking Rosneft Deutschland in March 2022, stealing and deleting 20 terabytes of data while leaving a "Glory to Ukraine" message, costing the company €12.36 million in damages. The attack, conducted in the aftermath of Russia's invasion of Ukraine, exposed sensitive internal communications and corporate documents, with the stolen data later distributed by the Anonymous hacktivist collective. The incident highlights the vulnerability of critical energy infrastructure to cyberattacks, particularly during geopolitical tensions, emphasizing the need for enhanced cybersecurity measures in essential services sectors.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2025%2F09%2Fsextortion-with-a-twist-spyware-takes-webcam-pics-of-users-watching-porn%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/Tr_3rT2FBFQQyj-_edFHeQhBOGXJjvH5Zbj_jEt_My4=421">
                                    <span>
                                        <strong>Sextortion with a twist: Spyware takes webcam pics of users watching porn (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    A new variant of spyware called Stealerium can automatically take webcam photos of people while they watch porn, then send these to hackers for possible blackmail. Distributed as free, open-source code, it infects users via phishing emails. Researchers say this marks a move from large-scale ransom to more personal extortion, and warn it's hard to track individual victims.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F09%2F05%2Freal_story_ai_ransomware_promptlock%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/lEjHTdshVppkTGMKx4mYFPSAlVkYIcFJPQdpK7v2NjI=421">
                                    <span>
                                        <strong>The crazy, true story behind the first AI-powered ransomware (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    NYU researchers built an AI-powered ransomware as a proof-of-concept, showing how large language models can automate targeted ransomware attacks. Their project, initially intended for research purposes, was flagged by security experts as a real threat after it was uploaded to VirusTotal. The experiment highlights growing concerns that, soon, cybercriminals will be able to easily weaponize AI for sophisticated, undetectable attacks.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmattermost.com%2Fexclusive-report-the-state-of-mission-critical-work%2F%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec9-9/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/W0evwjJVEa6Yw0VIGL78WgJ9FHBiS--GtG_pYLvewqY=421">
                                    <span>
                                        <strong>Ponemon + Mattermost research: 64% of organizations suffered mission-critical workflow disruptions last year (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    According to the report, cyberattacks are the leading cause of mission-critical failures, with average costs hitting $1M per incident. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmattermost.com%2Fexclusive-report-the-state-of-mission-critical-work%2F%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=InfoSec9-9/2/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/E0Pq_mwTgnVtJymVNqLU8wmteqq94QgS9lRdDLV_ISA=421" rel="noopener noreferrer nofollow" target="_blank"><span>Read the full analysis</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmax-severity-argo-cd-api-flaw-leaks-repository-credentials%2F%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/yC2pF2a2p2GYIL5ie78UuUqXKUnOCUAiyNgOK3aet6Y=421">
                                    <span>
                                        <strong>Max severity Argo CD API flaw leaks repository credentials (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    A maximum severity vulnerability (CVE-2025-55190, CVSS 10.0) in Argo CD allows API tokens with minimal project-level get permissions to bypass isolation mechanisms and retrieve all repository credentials, including usernames and passwords.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.aikido.dev%2Fblog%2Fnpm-debug-and-chalk-packages-compromised%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/ZqpZ794sU-StbNKVJJpzqmqWTUs3dHk271hAXuJLZEw=421">
                                    <span>
                                        <strong>npm debug and chalk packages compromised (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Attackers injected malware into npm packages like debug, chalk, supports-color, and strip-ansi, targeting crypto/web3 wallets in browsers.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F09%2Fgithub-account-compromise-led-to.html%3Futm_source=tldrinfosec/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/9zvwMyvlWi49kHFl7TDnJuT5djJi4PK3OxRu1XSB0Tw=421">
                                    <span>
                                        <strong>GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Hackers accessed Salesloft's GitHub account between March and June, stealing security tokens linked to 22 companies and prompting the company to disable Drift, reset credentials, and enhance security measures.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/Ne6lkZcxwPqljJDn9qPR6qjVJp-YQTKfAOFBOaQQsZA=421" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/hcdyjr73Ml4RJxWC9iESC4lQJ9A6q2b6yJhLymg_7eY=421" style="font-size: 16px; line-height: 1.6;  padding: 10px 0; display: inline-block;  text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>




<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/iuKl3mvxf30_7eMG-BoIgRQJKbQuCryhisKBM46E8bM=421"><strong><span>advertise with us</span></strong></a>.
</div>
<br>

<!-- New "Want to work at TLDR?" section -->

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/VOeaCl9u3aH71f2eUQQDxTG7Z6_gB_wexlP6cAEYYBw=421" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>

<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/rmn54rSkhrT_anlrzmrvJa2MSImSKAHblzNsH-twcRw=421"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/2jpxKGuZ3LCuNIErE8m4NLWA7QuIgotdoU5zglPBcaM=421"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/w_jqbhHV1oJrNT9hMuDFsULwjLZwXoltBaR0hry91Mk=421"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/eAJ17LSY4MQG1k_EtiOQ7wBsWuYzbkNRkhvBmTu-OVE=421">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e32dd84a-8d56-11f0-9fa9-69a82754c4a6%26pt=campaign%26pv=4%26spa=1757422888%26t=1757423095%26s=343ad4812cbbcbcf8d8363cce44116966610947bf863acdfe15ee8a09faa5d26/1/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/B9EfADlUz19m4GEs-zxeeFzoyZqXGSLt3lcDdrguz8s=421">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>



<img alt="" src="http://tracking.tldrnewsletter.com/CI0/010001992e944f5f-e57a3751-ca8d-4f88-ac05-247130039c7b-000000/LC2ZXVYSdoc9Bh8mgcm-wVC0ThvJ0QAOSyklR20UCSE=421" style="display: none; width: 1px; height: 1px;">
</body></html>