<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">ShadyPanda, a threat actor, compromised 4.3 million Chrome and Edge users through a seven-year campaign that published legitimate extensions β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/3uVB7UCToTHBSCqmAd75uZA07MbFZ34KqsVkdUx1HZg=434" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/CLUzrKKcmf8Qi5ILESLlzM7kIpksK8SqLH0jS5yixeo=434" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=c678bc58-d02a-11f0-80a3-9517dcdf782c%26pt=campaign%26t=1764770868%26s=3c2c160ad053d70766bdaa7f76723e979c304c1b550a08dfe9973585fc975246/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/rrzyF9s2jiO55C9injvM84ht_Z9jAA2gZ-2CF_oa5aQ=434"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/U_cMVHd_DYD5M03Nx-XR7JarAPahUAGVhnOOzqdc0Qk=434"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/2/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/Q-_4x7UHAlsg23sjmZa6weA-gu3biKdbYoW78Dm9Ai0=434">
<span>
<strong>The $10 tool behind most ransomware attacks (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Before the ransomware hits, and much before the breach makes headlines β there's usually an infostealer. These cheap, widely available tools have become the <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/3/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/ivdZc0GEoMtLxGzLgx49SZlWG4h3NXA2m33rlTSFwhk=434" rel="noopener noreferrer nofollow" target="_blank"><span>#1 driver of identity-based attacks</span></a>. They quietly harvest credentials that get sold, traded, and weaponized downstream.
<p></p>
<p>Billions of stolen credentials are already out there - and you need to be proactive about protecting yours. <a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/4/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/CWl37EMauYejDUQWNj9u05BtTJjlBwCxvaRqEXT7zEM=434" rel="noopener noreferrer nofollow" target="_blank"><span>Flashpoint's guide</span></a> covers:</p>
<p>β Which infostealer strains dominate underground markets and how they're deployed</p>
<p>β How attackers turn stolen identities into ransomware, fraud, and breaches</p>
<p>β How to use your existing logs to spot compromised accounts before attackers do</p>
<p><a class="underline" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fproactive-defenders-guide-to-infostealers%3Futm_campaign=Resource_RP_DefendersGuide_Infostealers%26utm_source=tldrinfosec%26utm_medium=newsletter%26sfcampaign_id=701Rc00000W7BAoIAN/5/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/nDESCJaNECa1kgWKks9X1pcFv_chiFU135OHoRj95Ak=434" rel="noopener noreferrer nofollow" target="_blank"><span>Download The Proactive Defender's Guide to Infostealers</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F01%2Fchrome_edge_malicious_browser_extensions%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/PlF1dGHZ_i4sRmBnozLlNP3uUznfnCl4VikXmko_9_Y=434">
<span>
<strong>Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShadyPanda, a threat actor, compromised 4.3 million Chrome and Edge users through a seven-year campaign that published legitimate extensions, accumulated Featured and Verified status, and then weaponized them via malicious updates containing backdoors and spyware. The malware enabled complete browser surveillance, with remote code execution capabilities, hourly C2 communication to a server, arbitrary JavaScript execution with full browser API access, and real-time exfiltration of browsing data. ShadyPanda exploited the fundamental gap that allows marketplaces to review extensions only at submission, rather than monitor post-approval updates. Five extensions with over 4 million combined installs remain active on the Edge marketplace.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Ffake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/p9QjIVcnzzyTs9uOql6419vuH6lVeGxYIrsAgGHKQek=434">
<span>
<strong>Fake Calendly Invites Spoof Top Brands to Hijack Ad Manager Accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
There is an ongoing phishing campaign that uses Calendly to impersonate popular brands to phish for business ad manager accounts. These accounts are tempting for threat actors as they can be used as a springboard to launch malvertising campaigns with advanced features like geo-targeting, domain filtering, and device-specific targeting. The victims receive a Calendly invite from the threat actor impersonating a recruiter with a fake meeting invitation, which directs the user to an Attacker-in-the-Middle phishing page that attempts to steal login credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnorth-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/arMO5ZNzvpRsVKggkzDWzm9kZ0JGOp6EHWv-drijxpQ=434">
<span>
<strong>North Korea Lures Engineers to Rent Identities in Fake IT Worker Scheme (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korea's Famous Chollima are running a campaign in which they attempt to lure developers into renting their identities for illicit fundraising. The attackers offer legitimate engineers a percentage of the salary for a remote job if they grant the threat actor remote access to their computer. In some cases, they act as a frontman for the agent in interviews.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.synapticsystems.de%2Fhow-a-russian-threat-actor-uses-recent-winrar-vulnerability-in-their-ukraine-operations%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/GDIGXXL-8Otb2OkDYC2bkPdVxgTGWy0Il200URCYXIc=434">
<span>
<strong>How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Primitive Bear (Gamaredon), an FSB-attributed APT group, exploited CVE-2025-6218, a critical WinRAR path traversal vulnerability affecting versions through 7.11, in targeted spear-phishing campaigns against Ukrainian military units and government entities using military-themed lures. The attack chain leveraged malicious RAR archives containing HTA files with obfuscated VBScript, weaponizing a path traversal flaw to write payloads directly to Windows Startup folders, then used mshta.exe as a LOLBIN to fetch secondary-stage malware from a DynDNS-based C2 infrastructure across 14 active domains. The campaigns demonstrated sophisticated tradecraft, including minimal obfuscation, multi-stage payload delivery, phishing URL masquerading (president.gov.ua@malicious-domain), and infrastructure leveraging InterLIR IP marketplaces and No-IP dynamic DNS services. Defenders are recommended to update WinRAR to 7.12+, block HTA execution via AppLocker/WDAC, and monitor LOLBIN abuse and Startup folder modifications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Faws-secrets-manager-launches-managed-external-secrets-for-third-party-credentials%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/xQlJXlXY1HhqGiG6xPsfg3vHwFkMO6tg4xm6VZ5YHKo=434">
<span>
<strong>AWS Secrets Manager Announces Managed External Secrets (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Managed external secrets is a new capability in AWS Secrets Manager that allows automatic rotation for participating third-party SaaS secrets without the overhead of rotation, Lambda function creation, or management. At present, the supported third-party vendors are Salesforce, BigID, and Snowflake. AWS has released a guide for becoming an integrated third-party vendor. The guide demonstrates how to create, manage, and view external secrets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fred.anthropic.com%2F2025%2Fsmart-contracts%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/hefTeb9xboLSHDO3O9IH771i5QCRTdNrvxGbBEInldY=434">
<span>
<strong>AI agents find $4.6M in blockchain smart contract exploits (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SCONE-bench, created by Anthropic researchers, contains 405 exploit-prone smart contracts. Claude Opus 4.5, Sonnet 4.5, and GPT-5 exploited 34 contracts worth $4.6 million. Sonnet 4.5 and GPT-5 found two new zero-day vulnerabilities in 2,849 new contracts, producing exploits worth $3,694 at an API cost of $3,476 for GPT-5. This shows that profitable autonomous exploitation is feasible with current models. Security teams should adopt AI agents for smart contract auditing before deployment, as the decreasing window for exploitation and dropping costs ($1.22 per run) give attackers advantages, while enabling proactive vulnerability detection and fixing.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fso-con%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/5X4GAKvt0KgnOvRmAbcj5-sNMXa0i4dzSK1KdSmyNk4=434">
<span>
<strong>Where Identity Security Meets Community (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fso-con%2F/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/BulcEe6Exxa2pynmKeJMKcaIf7YJ503oNNQ4VYAAP2Q=434" rel="noopener noreferrer nofollow" target="_blank"><span>SO-CON 2026 (April 13-18, 2026)</span></a> is where the community comes together to advance the practice of Attack Path Management<strong>.</strong> The week begins with a two-day main conference packed with talks, research, and community exchange, followed by four days of deep-dive, hands-on trainings led by adversary-experienced practitioners.
<p></p>
<p><a class="Hyperlink SCXW89184267 BCX0" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fso-con%2F%3Futm_source=newsletter%26utm_medium=TLDR%26utm_campaign=TLDR_So_Con%26utm_id=contentsyndicationlatest_campaign%26utm_content=TLDR1/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/5x7gKCqT9K0b33_eAwzbj-0s9MDbDQNEDnq40olapCE=434" rel="noreferrer noopener" target="_blank"><span>Early Bird Registration Now Open!</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FkIRctT/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/GC3IuCYYKyW1MXxQxLlIaFGtNyn6qFU79XAv1daHWc4=434">
<span>
<strong>Telegram's Cocoon network goes live, challenges Amazon, Microsoft in AI compute (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Telegram Cocoon is a TON blockchain-based decentralized AI compute network that connects GPU providers (compensated in toncoin tokens) with privacy-focused applications that require AI model execution. It is positioned as a confidential alternative to centralized cloud providers like Amazon and Microsoft. The network employs attested compute layers to process AI requests while settling payments on-chain. Security professionals should note ecosystem concerns, including hardware limitations restricted to specific Intel processors, potential scrutiny of the "100% confidentiality" claims, and the strategic implications of a central messaging platform controlling AI compute infrastructure that could process sensitive organizational workloads.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FVirusTotal%2Fvt-py%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/At2zGDChQS-AKj4ZoDr2TAPpH-aqzNVd83Gf2iGu7MA=434">
<span>
<strong>vt-py (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
vt-py is the official Python client library for VirusTotal. The library allows for interacting with the VirusTotal REST API v3.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.saporo.io%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/euiI200mcbrLYCvxyYA9FWC39elH3i9n9J6oSPeRwdM=434">
<span>
<strong>Saporo (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Saporo provides a graph-native identity security platform that analyzes relationships, events, and misconfigurations across onβprem, cloud, and machine identities to surface attack paths, reduce exposure, and harden access to critical assets before exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fglassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/E7UDJeDbHANwZPmOHef5Es7JzkA4-PA3OozETFls0eo=434">
<span>
<strong>Glassworm malware returns in third wave of malicious VS Code packages (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Glassworm malware returned for a third wave on OpenVSX and Microsoft Visual Studio marketplaces with 24 new packages impersonating popular developer tools. The supply chain attack evolved to use Rust-based implants alongside invisible Unicode character obfuscation, steals GitHub, npm, and OpenVSX credentials plus cryptocurrency wallet data from 49 extensions, deploys SOCKS proxies for traffic routing, and installs HVNC clients for stealthy remote access while manipulating download counts to boost search rankings. Development teams should immediately audit installed VS Code extensions against published IOC lists, verify publisher authenticity before installation, monitor for suspicious extension updates, and implement controls to detect invisible Unicode characters in code reviews to prevent credential theft and environment compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FkIRctT/2/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/_2mYx-_4ZiTZJnO8rmh6EPwZqZYxxn-ZI941rOGuMsg=434">
<span>
<strong>India Orders Smartphone Makers to Preload State-Owned Cyber Safety App (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
India's telecoms ministry has privately asked smartphone makers to preload all new devices with a state-owned cybersecurity app that cannot be deleted. Smartphone makers will have 90 days to ensure the government's Sanchar Saathi app is preinstalled on new devices and should push the app to existing devices in the supply chain via software updates. Apple is expected to push back on this requirement and may come to a compromise in which it agrees to nudge users to install the app.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Fvulnerability-in-openai-coding-agent-could-facilitate-attacks-on-developers%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/Gkd1Ty-d9-bcd89k2AAsRQY81m0TWV8W8czuWtBRhXQ=434">
<span>
<strong>Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A command-injection vulnerability in OpenAI's Codex CLI allows trusted local configuration files to execute attacker-controlled commands without user approval. By slipping malicious configs into a repository, an attacker could gain remote access, run arbitrary commands, steal secrets, and even poison supply chains via CI and build systems. OpenAI fixed the issue in Codex CLI version 0.23.0 after disclosure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/gKTuRGcOwniA2citqOButrbNiYLlqxdnecRl9vy5fwU=434">
<span>
<strong>Train your entire organization with Infosec IQ & Infosec Skills (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unlock on-demand cybersecurity ranges and labs for your technical team with any new Infosec IQ security awareness training contract. Act now to get your <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecinstitute.com%2Fform%2Flp%2Fiq-security-awareness%2F%3Futm_source=tldr%2520newsletter%26utm_medium=paid%2520media%26utm_campaign=iq%2520skills%2520promo%26utm_term=%26utm_content=%26crmid=%257CCRMLongId%257C/2/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/iCBmSNZ7ezh-ue_Z-kKpTuWcjBzUpGGueD8uRwW4QNg=434" rel="noopener noreferrer nofollow" target="_blank"><span><strong>3 free Infosec Skills seats.</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securityweek.com%2Faustralian-man-sentenced-to-prison-for-wi-fi-attacks-at-airports-and-on-flights%2F%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/f1kVMhKiSdDH-6NydrRBO7s7XGGw4Vr7eOdoK84vCwU=434">
<span>
<strong>Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Australian hacker Michael Clapsis was sentenced to seven years and four months in prison for using a WiβFi Pineapple to run evil twin attacks at major Australian airports and on domestic flights.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fmalicious-npm-package-uses-hidden.html%3Futm_source=tldrinfosec/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/liO4QYrF6M_mG4Oaj4XlTq6pBL5W0UXZ3yXmm9BAoNE=434">
<span>
<strong>Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A typosquatted npm package, eslint-plugin-unicorn-ts-2, poses as a TypeScript ESLint plugin and runs a post-install script that steals environment variables and embeds a deceptive prompt apparently intended to confuse AI-based scanners.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/BsFmiph0KB4Dv3kMdeKYWyyvBW7zcIF8coRuGw-9w8o=434" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/l6ktFqNS4cKqyA-YMmIwOA-WFxYoe4RrvKqaF9iGVKo=434" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/-Gfe1qckrus45sSTTw9OHJuOBLxhOyokgRVB7wy9O3U=434"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/Byufh0ap6o7DtOKqKEq7BimD2Aakh1qAgjJ3qN9WAII=434" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them!
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/jBjXOVU62h5DZMKtvj5H4C3ZfSRQYjEyhdCqUNhjI7o=434"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/sRJLe6eY63rzCBydL4R_GgPxcfTq6LpG1jFNEu8_MNs=434"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/7A7OsZnRt9xw0iaF_1I5a5-Sd6cXR_k1mwEtbb1vsMg=434"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/8W4wDS-UMJrerb4JbV0kmvuOMlTsb-lsyJrggpzH7Q0=434">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=c678bc58-d02a-11f0-80a3-9517dcdf782c%26pt=campaign%26pv=4%26spa=1764770571%26t=1764770868%26s=6b1c7ef5007008df74188b0430ec7e8ad64f47380b24299c33755843989518ee/1/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/lKy3Q000Ehs87tjYQA5xQj2IHYHDupnDVA5cE8Kmfrs=434">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ae48a6ed7-93e12dcc-fc81-405a-bfd6-14a7408d4018-000000/Z6xs81SQBrOeLtkxULvMJ9oIiGgQDG1oF7HB8AvMPeA=434" style="display: none; width: 1px; height: 1px;">
</body></html>