Samsung Zero Day Patched 🩹, Fake Carrier Apps 📱, Animal Crossing AI Mod 🎮

Samsung patched a remote code execution vulnerability that impacted Samsung devices running Android 13. Apple patched the relevant vulnerability ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-09-15 Email threats are rising—basic defenses still lag (Sponsor) 83% of IT leaders have faced email-related security incidents, and nearly half saw them happen in just the past year. Phishing and spoofing top the list—making email not just a communication tool, but a frontline risk surface. But despite the risk, only 33% have implemented core protections like DMARC, DKIM, or SPF.  The disconnect is clear: exposure is rising, but the fundamentals are still missing.  Exclaimer's latest research reveals how IT leaders are reassessing their defenses and building email into their broader risk posture—without adding more manual work.  → Explore the security trends → Get the full research 🔓 Attacks & Vulnerabilities HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya (3 minute read) The HybridPetya ransomware on VirusTotal echoes the infamous Petya/NotPetya attacks but adds UEFI bootkit capabilities and exploits CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. Unlike NotPetya, HybridPetya functions as actual ransomware with decryption capabilities, encrypting the Master File Table after compromising EFI partitions and displaying fake CHKDSK status before showing ransom demands. This marks the fourth known UEFI bootkit with Secure Boot bypass capability, joining BlackLotus, BootKitty, and the Hyper-V Backdoor PoC, indicating these sophisticated attacks are becoming more common. WhiteCobra Floods VSCode Market With Crypto-Stealing Extensions (2 minute read) A threat actor named WhiteCobra has been flooding the VSCode marketplace and OpenVSX registry with malicious extensions targeting VSCode, Cursor, and Windsurf users. The extensions contain an extension.js file that is nearly identical to the Hello World example but loads a prompt.js file, which downloads and executes a platform-specific infostealer payload from Cloudflare Pages. An Ethereum core developer reported on X that their wallet was drained after downloading a seemingly legitimate extension with a professional logo, detailed description, and 54K downloads. Samsung Patches Actively Exploited Zero-Day Reported by WhatsApp Devs (2 minute read) Samsung patched a remote code execution vulnerability that impacted Samsung devices running Android 13 or later. The vulnerability arose from an out-of-bounds write in the libimagecodec.quram.so library, which is used for image parsing. Apple patched the relevant vulnerability in its devices last month after it was reported to it by WhatsApp and Meta researchers as well. 🧠 Strategies & Tactics The curious tale of a fake Carrier.app (17 minute read) Google Project Zero found a fake carrier app exploiting a heap overflow in Apple's DCP firmware on iPhone 12/13. The exploit bypassed kernel protections by targeting the DCP's weaker security, using a fake Vodafone app distributed via enterprise certificates to sideload malware. The vulnerability (CVE-2021-30983) caused memory corruption through an unbounded loop in display code, allowing attackers to gain kernel access by corrupting C++ objects and manipulating memory between the DCP and main system. Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed (12 minute read) The Gentlemen ransomware group has executed sophisticated attacks across 17 countries, focusing on sectors like manufacturing and healthcare. Their operations use custom tools to bypass security measures, exploit privileged accounts, and deploy ransomware with double extortion tactics. The campaign demonstrates a shift to highly tailored, evasive strategies, raising the bar for enterprise defense and incident response recommendations. Supabase Security Best Practices (2025 Guide) (20 minute read) This comprehensive guide addresses frequent security pitfalls seen in Supabase deployments, offering precise and practical solutions grounded in recent audits. It covers how components like authentication, database schemas, Edge Functions, storage, and CORS interact from a security perspective and how to secure them with simple, effective policies—such as "read-only by default", automate audits, and revisit configurations as the platform evolves. 🧑‍💻 Launches & Tools AI-powered email attacks just met their match - an AI detection engineer (Sponsor) Email attacks are evolving faster than security teams can write rules. Sublime's ADÉ (Autonomous Detection Engineer) fights fire with fire: while hackers automate phishing and social engineering attacks, ADÉ automatically creates and backtests Detection Rules in response to missed attacks. Unlike black-box AI solutions, ADÉ writes transparent, explainable rules that analysts can understand and verify. When attacks slip through, ADÉ analyzes signals, creates or updates rules, validates against historical data, and presents clear logic for human review. It closes detection gaps in hours - and it does so per-environment, rather than with one-size-fits-all rules. Read more on the Sublime Security blog GroupPolicyBackdoor (GitHub Repo) GroupPolicyBackdoor is a tool for Group Policy Objects (GPOs) manipulation and exploitation. RedAccess (Product Launch) Red Access provides an agentless security platform that protects web sessions and assets across browsers and apps, enabling secure access, data loss prevention, and visibility for remote and hybrid enterprise environments. GarudRecon (GitHub Repo) GarudRecon is an automated reconnaissance framework designed for asset discovery, vulnerability detection, and continuous monitoring. 🎁 Miscellaneous 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (3 minute read) Hacktivists from Enlace Hacktivista leaked nearly 600 GB of data supposedly from China's Great Firewall, exposing source code, communications, and documents from Geedge Networks and MESA Lab, key to the censorship system. The leak reveals that the Great Firewall operates as a commercial platform called "Tiangou," which has been exported to Myanmar, Pakistan, Ethiopia, Kazakhstan, and other Belt and Road countries for surveillance purposes. The 500 GB archive includes source code, project records, and internal documents revealing how China's censorship functions and spreads globally through public-private partnerships. Modder injects AI dialogue into 2002's Animal Crossing using memory hack (4 minute read) A modder connected AI chatbots to the 2002 game Animal Crossing, enabling villagers to discuss their indebtedness and organize against Tom Nook. Using memory hacking and two Python scripts, the mod injects dynamic, AI-generated dialogue into the game, with a writer creating the dialogue and a director adding technical elements. What I Learned From Getting Rejected By Amazon: A Security Engineer's Interview Experience (6 minute read) A security engineer shares their experience preparing for and interviewing for an AppSec role at Amazon. The author walks through their screening interview and three days of onsite interviews, which included scripting and automation questions, a coding challenge, a threat modeling exercise, and other questions. The article wraps up with lessons learned after a rejection and the resources the author used to prepare. TLDR Infosec 2025 Reader Survey (1 minute) How can we improve TLDR Infosec? We'd really appreciate it if you could fill out this three question survey to give us a bit of feedback! 🙏 ⚡ Quick Links SMBs are being hunted - learn to fight back at N-able Cyber Resilience Summit (Sponsor) Join Francis Odum and cyber experts from Microsoft and Align for a full day virtual event. Featuring exclusive threat intelligence, AI-driven defense strategies for SMBs, and unfiltered insights. Register for free Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet (2 minute read) Qrator Labs thwarted a record Layer 7 DDoS from a botnet of 5.76M compromised IoT devices targeting government infrastructure, a 333% increase since March 2025, mainly from Brazil (1.41M), Vietnam (661K), and the US (647K). Popular AI chatbots leaking data: millions of users could be affected (3 minute read) Researchers revealed that Vyro AI's server leaked 116GB of data, exposing user prompts, authentication tokens, and putting over 150 million users' privacy and accounts at risk. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.