WordPress Plugin Auth Bypass 🔓, Repairing Corrupt Ransomware Files 🛠️, Natural Language Browser History 🧠

Hackers quickly exploited a security flaw in the OttoKit plugin for WordPress. Users are urged to update to version 1.0.79 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-04-11 AI agents just closed a SOC 2 audit in 19 hours (Sponsor) No more manual paperwork. No more endless technical questions. No more compliance killing your deals. Delve's AI doesn't just fill out forms—it understands your tech stack, integrates automatically, and handles the tedious back-and-forth with auditors. Founders and security leaders: get back to building while our AI helps handle compliance for you. Join Lovable, Bland, 11x, and 100s of other hyper-growth companies switching to Delve. Book a demo today with TLDR for $1,000 off. 🔓 Attacks & Vulnerabilities AkiraBot Spammed 80,000 Websites by Employing CAPTCHA Bypass & Network Evasion Techniques (4 minute read) AkiraBot has spammed 80,000+ websites since September 2024. It uses AI to create personalized messages that mention specific website content, helping bypass spam filters. The framework employs advanced CAPTCHA-bypassing techniques and rotates IP addresses to avoid detection. US Sensor Giant Sensata Admits Ransomware Derailed Ops (3 minute read) Sensor manufacturer Sensata reported a ransomware attack on April 6 that encrypted devices and disrupted operations including shipping, manufacturing, and support functions. While the company is still investigating the breach with cybersecurity experts, it doesn't expect material financial impact yet the situation is still developing. Hackers Exploit WordPress Plugin Auth Bypass Hours After Disclosure (2 minute read) Hackers quickly exploited a security flaw in the OttoKit plugin for WordPress, allowing unauthorized access to websites. Users are urged to update to version 1.0.79 to prevent potential breaches. 🧠 Strategies & Tactics The S in MCP Stands for Security (3 minute read) Model Context Protocol (MCP) is a new standard that defines how LLMs integrate with tools. It lacks authentication or other security integrations by default. Some risks associated with MCPs are injection risks due to poor coding practices, tool poisoning due to embedding malicious instructions inside the MCP tool's description, silently redefining tool definitions, and cross-server tool shadowing. Users and developers should continue to employ security fundamentals such as using trusted sources, employing input validation, and pinning MCP server + tool versions. Platform builders can enhance security by displaying full tool metadata, using integrity hashes for server updates, and enforcing session security. How to Use the New CloudTrail Network Activity Events for VPC Endpoints (5 minute read) AWS recently launched a new class of CloudTrail logs that track network activity events for VPC endpoints. These logs can be used to assess the impact of proposed VPC endpoint policies in organizations that don't currently use endpoint policies and to detect data exfiltration. Any organization that uses VPC endpoints should enable network activity events for VpceAccessDenied errors and evaluate further events based on cost and utility. Entropy Triage: A Method to Repair Files Corrupted by Failed Ransomware Encryption (6 minute read) Sometimes after an organization pays a ransom and receives a decryptor, the decryption process may still fail due to the encryption process failing or being interrupted. Researchers from MOXFIVE have developed a technique called entropy triage that processes each block of a file by comparing the Shannon entropy before and after decryption and writing the lower entropy block to disk. MOXFIVE has had success with this method but notes that it requires skilled cryptographers and data to be sufficiently encrypted or decrypted for the analysis. 🧑‍💻 Launches & Tools Octane Security (Product Launch) Octane continuously reviews on-chain code to detect security weaknesses and recommend one-click fixes. Agent-Wiz (GitHub Repo) A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more. FrogPost (GitHub Repo) FrogPost is a Chrome extension that helps developers test and analyze the security of postMessage communications between iframes, helping developers and security professionals find vulnerabilities in implementations. 🎁 Miscellaneous UK Cyber Security Breaches Survey 2025 Reveals Persistent Threats in Evolving Digital Landscape, Bats for Enhanced Cyber Resilience (7 minute read) The 2025 UK Cyber Security Breaches Survey shows 43% of businesses experienced cyber attacks. Phishing was the most common attack pattern while ransomware attacks doubled. Despite improved cybersecurity measures among small businesses, board-level responsibility has declined, creating gaps as threats continue to evolve. Google Eyes User Browsing Data Search in New Patent Filing (3 minute read) Google has filed a patent for a system that helps users search their digital history using natural language. This system aims to make it easier for users to find previously viewed content without remembering exact keywords. While promising convenience, concerns about data privacy and user control have been raised. Researchers Hack Source Code From Google Gemini (7 minute read) As part of Google's bugSWAT event, a group of security researchers managed to exfiltrate a sensitive binary from Gemini's Python Sandbox. The researchers first discovered that the sandbox provides full access to the os library which allowed them to map the sandbox's filesystem and locate the /usr/bin/entry/entry_point binary which they exfiltrated by returning 10MB chunks of base64 encoded data to the frontend. After reassembling it, the researchers found source code for the sandbox's Python interpreter and protobufs that describe how sensitive data is classified, handled, and transmitted within Google. ⚡ Quick Links China-based SMS Phishing Triad Pivots to Banks (7 minute read) The Smishing Triad, based in China, is expanding rapidly and selling mobile phishing kits to target global financial institutions and a wide range of industries worldwide. Microsoft: Licensing Issue Blocks Microsoft 365 Family for Some Users (2 minute read) Some Microsoft 365 Family users are experiencing a licensing issue that prevents access to services, prompting reports of subscription renewals despite the fact that their subscriptions are still active. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.