Attacks & Vulnerabilities |
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems (2 minute read)
CISA added CVE-2025-32463, a critical sudo vulnerability with a CVSS score of 9.3, to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation in the wild. The flaw affects sudo versions before 1.9.17p1 and allows local attackers to leverage the --chroot option to execute arbitrary commands as root, even without sudoers file permissions. Federal agencies must patch by October 20, while organizations should immediately update sudo to version 1.9.17p1 or later to prevent privilege escalation attacks. |
Japan's largest brewer suspends operations due to cyberattack (2 minute read)
Asahi Group Holdings, Japan's leading brewery with $20 billion in revenue and holding a third of the market, experienced a cyberattack that disrupted ordering, shipping, call centers, and customer service. The incident, which began at 7 AM and impacted only Japan, did not result in confirmed data leaks, although investigations are ongoing, and no group has claimed responsibility. Companies should enhance their business continuity plans, adopt network segmentation, and develop incident response strategies to manage disruptions, including communication with customers and partners. |
Tile's lack of encryption could make tracker owners vulnerable to stalking (3 minute read)
Security flaws in Tile's tracking devices have raised concerns about user vulnerability. Researchers found that these devices lack proper encryption and fail to adequately rotate identification details, making them easily exploitable for stalking and tracking purposes. Despite noting recent improvements, Tile's approach falls short compared to other brands, as anti-theft features can be abused, and privacy remains at risk for users relying on the technology. |
|
Coherence: Insider risk strategy's new core principle (7 minute read)
This article proposes "coherence" as a new foundational principle for insider risk management, arguing that traditional control and surveillance approaches fail because they don't address human alignment and organizational meaning. The author identifies "drift" - gradual detachment from purpose and clarity - as an early warning signal that precedes both malicious actions and human errors, manifesting through compliance without conviction, corporate messaging noise, and reduced employee initiative. Security professionals should focus on building semantic consistency in messaging, creating feedback channels to detect narrative drift, partnering cross-functionally to align organizational language, and treating coherence as operational infrastructure rather than just cultural enhancement. |
Abusing Notion's AI Agent for Data Theft (3 minute read)
Notion's AI agents are susceptible to prompt injection attacks exploiting Simon Willson's 'lethal trifecta'—access to private data, exposure to untrusted content, and external communication. Attackers can embed malicious instructions in PDFs with white text instructing AI to extract and exfiltrate confidential data through web searches to attacker-controlled URLs. Security professionals should evaluate AI deployments carefully, as current systems lack effective defenses against such attacks, and organizations should enforce strict data access and network controls for sensitive AI systems. |
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails (8 minute read)
MCP servers, designed to help AI assistants automate tasks like sending emails, can pose significant security risks if abused. Recently, a popular npm package called postmark-mcp was discovered to be exfiltrating emails—including sensitive content like password resets and confidential memos—to a remote server controlled by its developer. The backdoor was introduced in a single line of code within an otherwise trustworthy tool, highlighting how quickly legitimate infrastructure can become compromised. |
|
SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding (2 minute read)
Chicago-based SafeHill (formerly Tacticly) emerged from stealth with $2.6 million in pre-seed funding, notable for having reformed LulzSec leader Hector Monsegur (aka Sabu) as chief research officer. The company offers SecureIQ, a continuous threat exposure management platform that combines AI-driven penetration testing with human validation to provide continuous asset discovery, automated threat assessments, and real-time monitoring. Security teams can leverage this hybrid approach for ongoing penetration testing, rather than conducting point-in-time traditional evaluations, with compliance mapping for frameworks such as PCI-DSS, CMMC, and ISO27001. |
MalifiScan (GitHub Repo)
MalifiScan is a security tool that identifies and blocks malicious packages before they compromise your software supply chain. It monitors vulnerability databases, such as OSV, for new malicious packages and scans your registries and repositories for existing threats. When used with platforms like JFrog Artifactory, it automates exclusion patterns to prevent future downloads of flagged packages, ensuring secure dependencies across development pipelines. |
Code Pathfinder (GitHub Repo)
Code Pathfinder, the open-source alternative to GitHub CodeQL, was built with GoLang. Built for advanced structural search, derive insights, and find vulnerabilities in code. |
|
E-commerce Fraud-as-a-Service: How Scammers Exploit Brand Trust at Scale (8 minute read)
Cybercriminals target e-commerce brands through three primary fraud-as-a-service operations: credential phishing via fake login pages promoted on Facebook and Instagram, fraudulent storefronts that offer fake deals to harvest payment data, and fake job campaigns for work-from-home scams. These attacks utilize Phishing-as-a-Service platforms that simplify the deployment of sophisticated scams, even for non-technical actors, targeting mobile users to evade detection. Organizations should monitor their brand with Google Alerts, educate customers about official sites, deploy Digital Risk Protection tools to detect phishing setups, and establish rapid response procedures for takedown requests and evidence collection. |
'Trifecta' of Gemini Flaws Turn AI Into Attack Vehicle (4 minute read)
Google's Gemini AI suite had three critical flaws: Search Personalization enabled injection and data leaks via Chrome history, Cloud Assist allowed prompt manipulation through raw logs, and the Browsing Tool exposed saved data through a side channel. All vulnerabilities could be exploited for data exfiltration. Google has now fixed them. |
SVG Phishing hits Ukraine with Amatera Stealer, PureMiner (7 minute read)
A phishing campaign targeting Ukrainian organizations has emerged using emails disguised as official notices from the country's police. These emails contain SVG attachments that trigger fileless attacks when opened, deploying malware including Amatera Stealer and PureMiner. The SVG initiates a download chain using password-protected files that ultimately execute malicious code via in-memory, process-hollowing techniques. The Amatera Stealer collects sensitive information and credentials, while PureMiner hijacks victim resources for cryptocurrency mining. Both can then install additional malware. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments