<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Security researcher Luke Marshall examined all 5.6 million public GitLab Cloud repositories with TruffleHog and found 17,430 verified β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/IPnCZDNrx7Np4rbWPqvTbkIGFjFM7103ZQk16qK_T5Q=433" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/SbRSFCJA0VRVFJKFslP83qU52stFtPiz9TYr2uSIswI=433" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=93cc96f0-ce75-11f0-aabf-db07538f9256%26pt=campaign%26t=1764599492%26s=1349e5b66c6157649e4e221d5e84abfd4275d930a09dc4def25554393763c11f/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/dlijEVEOiLuBNe8B3i6ttQuXMjlW1kFBv0IsHVDTnFo=433"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsecurity-in-the-age-of-ai-agents-and-shadow-it%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_security-in-the-age-of-ai-agents-and-shadow-it_consideration_2025-12%26utm_content=text%26utm_term=live-december-1-primary-infosec-newsletter/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/B4XFGeO4PrW12cnECR2uUBLLKZTYbrf26S0tDDYAFLQ=433"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsecurity-in-the-age-of-ai-agents-and-shadow-it%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_security-in-the-age-of-ai-agents-and-shadow-it_consideration_2025-12%26utm_content=text%26utm_term=live-december-1-primary-infosec-newsletter/2/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/fBQYF5vIEHnoy6Hb8zQBP6xbEdW-FGZPHeiriWfuEjc=433">
<span>
<strong>1Password Webinar: Security in the age of AI agents and shadow IT (Sponsor)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In the age of AI and SaaS, IT and security leaders are confronting a new reality. Productivity and innovation are racing ahead, and legacy security tools are struggling to keep up.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsecurity-in-the-age-of-ai-agents-and-shadow-it%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_security-in-the-age-of-ai-agents-and-shadow-it_consideration_2025-12%26utm_content=text%26utm_term=live-december-1-primary-infosec-newsletter/3/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/qSwyG7bMbYA4salkTFPLl0oZ2DSnIK_FqfgyVGE2-XM=433" rel="noopener noreferrer nofollow" target="_blank"><span>1Password invites you to a panel on December 2nd, with CISOs from Oracle Red Bull Racing, Headway, and Brex</span></a>. Together, they'll share how they're tackling the new era of access risk. Registrants will hear practical, real-world strategies to govern AI use, manage SaaS sprawl, and extend access security beyond the limits of SSO. </p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsecurity-in-the-age-of-ai-agents-and-shadow-it%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_commercial_amer_english_security-in-the-age-of-ai-agents-and-shadow-it_consideration_2025-12%26utm_content=text%26utm_term=live-december-1-primary-infosec-newsletter/4/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/30xrmKi_YwKudpddw99Bj4Mq-PSPp6UyQGffdLTFQH0=433" rel="noopener noreferrer nofollow" target="_blank"><span>Register now</span></a>
</p></span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpublic-gitlab-repositories-exposed-more-than-17-000-secrets%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/jbccB4ySU2Dw8e8vLLirWEQjH-vr5FYTAATIgJbJoNM=433">
<span>
<strong>Public GitLab repositories exposed more than 17,000 secrets (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researcher Luke Marshall examined all 5.6 million public GitLab Cloud repositories with TruffleHog and found 17,430 verified active secrets across 2,804 distinct domains. This exposure is nearly three times that found in a similar scan of Bitbucket. The leaked credentials included over 5,200 Google Cloud Platform keys, MongoDB credentials, Telegram bot tokens, and OpenAI keys. Some secrets date back to 2009 and are still valid today. Although many organizations revoked their credentials after receiving automated alertsβearning the researcher $9,000 in bug bountiesβsome secrets continue to be exposed on GitLab repositories.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fw4rH7g/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/luKZ6KQmn3IUmbAy5DabAfGWXj17JiHAIgIV1ZTHmRM=433">
<span>
<strong>Upbit admits security flaw that could have allowed attackers to infer private keys after $30m hack (3 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korean crypto exchange Upbit suffered a $30 million breach on November 27 when attackers drained assets from a Solana hot wallet. North Korea's Lazarus Group is suspected of being the threat actor. Post-incident analysis revealed a critical vulnerability that allowed inference of a private key from publicly disclosed blockchain wallet transactions, though Upbit's CEO did not explicitly confirm that this flaw enabled the breach. The exchange has suspended deposits and withdrawals for a complete wallet system overhaul and will cover all customer losses using company assets. $1.5 million of the stolen funds have already been frozen.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Falbiriox-malware-attacking-android-users%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/4LFEWT-Rv8m79NzzTniAv5NrQj4EaiK1wiSRmqx8edk=433">
<span>
<strong>New Albiriox Malware Attacking Android Users to Take Complete Control of their Device (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new Malware-as-a-Service called Albiriox has been observed providing customers with remote access to victim Android devices. Victims typically receive messages promising them discounts or prizes for an app. The links lead to fake versions of legitimate apps that request permissions to install applications, then fetch and install the malware. In addition to traditional infostealer capabilities, Albiriox includes a VNC module that streams the victim's device screen to the attacker.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dexpose.io%2Finside-valkyrie-stealer-capabilities-evasion-techniques-and-operator-profile%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/GSxIXFkhxUfy6f7RNzT1fR93qFFbNer9TGaei6Me-WQ=433">
<span>
<strong>Inside Valkyrie Stealer: Capabilities, Evasion Techniques, and Operator Profile (20 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Valkyrie Stealer is a C++ infostealer developed by threat actor "Lawxsz" that employs Themida protection, ChaCha20-encrypted payload with reflective DLL loading, and comprehensive anti-VM defenses. The malware targets Chromium browsers by extracting AES master keys and parsing SQLite databases using an embedded engine, steals Discord and Telegram sessions, harvests credentials from 20+ gaming platforms, and exfiltrates cryptocurrency wallets from MetaMask, Exodus, Atomic Wallet, and Electrum. Stolen data is compressed using dual-method ZIP packaging, encrypted with AES-GCM using hardcoded keys, and exfiltrated to C2 servers resolved dynamically via Steam profile scraping. The operator maintains active distribution channels on Telegram, GitHub, YouTube, Discord, and Signal under the Prysmax Software brand.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fherish.me%2Fblog%2Fcache-poisoning-case-studies-part-1-foundational-attacks%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/Kpaa5M82iDELxAxQbrtm1KGGykAXXDsXiaT5-Kmz1BU=433">
<span>
<strong>Cache Poisoning Case Studies Part 1: Foundational Attacks Behind a $100K+ Vulnerability Class (7 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cache poisoning is a web security vulnerability in which attackers trick caching systems, such as CDNs or proxies, into storing malicious responses, serving them to other users, and causing widespread harm. Early real-world examples from platforms such as HackerOne, GitHub, and Shopify show that unvalidated headers like X-Forwarded-Host or Content-Type can trigger global redirects, denial-of-service attacks, or stored XSS across multiple domains. These foundational cases, often yielding bounties of $2,500 to $6,300, highlight risks such as method overrides in cloud storage and social media amplification via Open Graph tags.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F46QQR5H%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/FEeiRkQzL2MtRgc8sd1x_LXmUPWOlt336Ho7l6bnJwE=433">
<span>
<strong>PAM without vaults (Sponsor)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
If engineer access to resources means passwords, vaults, or tickets, your PAM is slowing you down. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F46QQR5H/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/GVyRQdB1BK8lGvwb6w0EDMjyAW_NmjLXvmBpZbDMLjg=433" rel="noopener noreferrer nofollow" target="_blank"><span>Teleport</span></a> removes access blockers by replacing vaulted credentials and ticket queues with short-lived, cryptographic identity and ephemeral authorization. No more standing privileges, access friction, or credential handling. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F46QQR5H/2/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/rCIfwKAq7HiMMdTjifGjPwFtcyK8-82vmDNSwHfBBvQ=433" rel="noopener noreferrer nofollow" target="_blank"><span>Try Teleport for yourself.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKoifman%2FLUMEN%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/7hpmx9yMHv2kkYv-Ex7rT262tTgkWjw7YKr9OUQB2lQ=433">
<span>
<strong>LUMEN (GitHub Repo)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LUMEN is a browser-based Windows Event Log analyzer built with React and WebAssembly that processes EVTX files entirely client-side without uploading logs to external servers. It supports files up to 500MB with both binary EVTX and XML exports. The tool features a curated SIGMA detection engine with platform-specific rule loading, automated event correlation that chains related activities into investigative storylines, IOC extraction with optional VirusTotal integration, and AI-powered analysis. Security teams can perform guided investigations while maintaining complete data privacy through local-only processing with session persistence via localStorage and no telemetry or data transmission.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ffr0gger%2Fproximity%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/RFwqer-DMasb-XJdu8f7CML3IFoWivI5td6TV_8RezY=433">
<span>
<strong>Proximity (GitHub Repo)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Proximity scans MCP servers to discover tools, prompts, and resources. It provides a detailed analysis of server capabilities and optional security evaluation using NOVA rules.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgmsgadget.com%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/HsxrWozvdQRd7BvbIJQ2Ieu4YSZ-JsOLRFhCtJmcHYE=433">
<span>
<strong>GMSGadget (WebApp)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Give Me a Security Gadget (GMSGadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations like Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fhashjack-attack-url-control-ai-browser-behavior%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/B_oIvWnM_TrmcrJJRU-lhtr_uHGzQLBeqOCH5_GL5Ew=433">
<span>
<strong>HashJack Attack Uses URL '#' to Control AI Browser Behavior (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HashJack is a novel indirect prompt injection technique that embeds malicious commands in URL fragments (after the # symbol) to manipulate AI browser assistants such as Google Gemini, Microsoft Copilot, and Perplexity Comet. The attack takes advantage of AI assistants' handling of full URLs, letting threat actors weaponize legitimate websites without compromising them and execute malicious instructions that bypass traditional security controls, enabling credential theft, data exfiltration, and more. Microsoft and Perplexity updated their products by October-November, but Google considered the Gemini vulnerability as expected behavior and chose not to fix it, leaving users vulnerable to this emerging AI security threat.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F11%2F28%2Fbrsk_breach%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/h1niuxJIZ6PkLDqXGrp-ydVHHfrthmFOrYrjNarcwrk=433">
<span>
<strong>Brit telco Brsk confirms breach as bidding begins for 230K+ customer records (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Brsk, a UK broadband provider, is investigating a cyberattack after criminals advertised more than 230,000 customer records for sale, allegedly including contact details, installation data, location information, phone numbers, and flags for vulnerable customers. It says only basic contact data was accessed. No passwords or payment details were taken. The company is offering affected users 12 months of credit monitoring while regulators and law enforcement investigate.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F11%2Flegacy-python-bootstrap-scripts-create.html%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/OqiPs800ZOqMqteDlRG05UUI83QpD7zwIgDgfu2ayK0=433">
<span>
<strong>Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Old Python bootstrap scripts in several PyPI packages still reference a long-abandoned domain used to fetch an installer for the legacy Distribute fork of Setuptools. The domain is now for sale. An attacker could buy it and serve malicious code to anyone running those scripts, exposing developers to supply-chain compromise and potential remote takeover via additional malware, such as RATs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://www.infosecinstitute.com/form/lp/iq-security-awareness/?utm_source=tldr%20newsletter&utm_medium=paid%20media&utm_campaign=iq%20skills%20promo&utm_term=&utm_content=&crmid=%%CRMLongId%%">
<span>
<strong>Train your entire organization with Infosec IQ & Infosec Skills (Sponsor)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unlock on-demand cybersecurity ranges and labs for your technical team with any new Infosec IQ security awareness training contract. Act now to get your <a href="https://www.infosecinstitute.com/form/lp/iq-security-awareness/?utm_source=tldr%20newsletter&utm_medium=paid%20media&utm_campaign=iq%20skills%20promo&utm_term=&utm_content=&crmid=%%CRMLongId%%" rel="noopener noreferrer nofollow" target="_blank"><span><strong>3 free Infosec Skills seats.</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fps8DJW/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/-CZ89hSWREAxVdFIyoFggGTkbBWJjn9HI6-_84ZP3-s=433">
<span>
<strong>Pressure rising: European Parliament urges to ban social media for under-16s (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The European Parliament proposed a non-binding resolution for a harmonized EU minimum age of 16 for social media.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0x90n%2FInfoSec-Black-Friday%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/hoX_F2cdXYj2Fl8c8XRBFs9CTI6EXns29QCr_LJnagg=433">
<span>
<strong>InfoSec Black Friday and Cyber Monday Deals (GitHub Repo)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A collection of deals on InfoSec training, tools, gear, and more for Black Friday and Cyber Monday.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Ffrench-soccer-federation-hit-by-cyberattack-member-data-stolen%2F%3Futm_source=tldrinfosec/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/uNydVJum0Kwe9F488S8E82ldfsUyvld-HaoxBKECEx8=433">
<span>
<strong>French Soccer Federation Hit by Cyberattack, Member Data Stolen (2 minute read)</strong>
</span>
</a>
<br><br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A cyberattack on the French soccer federation compromised the software used by clubs to manage registered members.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/gKsgNFpTFrirvbYXISYopQw8dzAu-z74OJrYJ91GAaI=433" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/cOxGpkSTfZAgD1jot0GxUMCu_aoP7itZ_6dEvlnq8es=433" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/iFWZigGK2LGocTAf_W7FrlgPpayUSHtDwRJNENrlzuQ=433"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/WcbqXwf9AYivEKZbAOvgWDLNwVtvVGHqO-7QAR6RjfI=433" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>
or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a>
and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br>
Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/0Lp-m-uO-F97hybkoGcMimWRDSTUB-sMw3dL604gAHY=433"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/6GeAZHXbaWpmLx6QC3V5RldtDHmBLWUIYqackTI968c=433"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/mQOmnUsz39VLTSX-L1TRyQ7xlIiuDhP6R4qQxw0s0Mg=433"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/OYs_VbXu8qMSpTv7-C5VrDklq7yAODpAFs0CGA2jbT8=433">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming.
Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=93cc96f0-ce75-11f0-aabf-db07538f9256%26pt=campaign%26pv=4%26spa=1764597792%26t=1764599492%26s=8d372b6b50cd2f086faf97b714c8250c044549904fdd697623ffa43240bb2e24/1/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/jl_t57yILy0kQrOHI3Y3tdVNOiMiaf6MX0muTGQ04Io=433">unsubscribe</a>.
<br>
<br>mlrch-2ea7263bbe5ec8
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ada5370d8-73f3dc1e-0396-4948-a80d-902992c17797-000000/8dhr-CduvfKMJjYuLy2Qj40jFkpW2FDax5oKm_VI280=433" style="display: none; width: 1px; height: 1px;">
</body></html>