Another Grocery Chain Hack 🥦, High Impact Security Work 💥, Authentication Fatigue 😩

Dutch conglomerate Ahold Delhaize disclosed that over 2.2 million people had personal data stolen in a November cyberattack ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-06-30 Airia: Because AI Security Shouldn't Be an Afterthought (Sponsor) Is your enterprise data at risk from unchecked AI use? Don't let employees run wild with AI tools. Airia provides the guardrails you need for safe, productive AI adoption across your organization. Our platform lets you rapidly prototype, deploy, and manage AI agents that transform workflows - all with built-in security and governance. No more choosing between innovation and data protection. Airia's comprehensive security controls include runtime security, prompt injection protection, and data leakage prevention. Let everyone build with AI while maintaining visibility and control over sensitive information. Secure your AI future today. Plans start at just $49/month. Get a demo now. 🔓 Attacks & Vulnerabilities Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains (2 minute read) Dutch conglomerate Ahold Delhaize disclosed that over 2.2 million people had personal data stolen in a November cyberattack. The breach exposed Social Security numbers, financial information, and health data. The INC ransomware gang has claimed responsibility, allegedly stealing six terabytes of data. Aloha, you've been pwned: Hawaiian Airlines discloses 'cybersecurity event' (2 minute read) Hawaiian Airlines disclosed a cybersecurity incident on June 23 affecting IT systems, though flights continue operating normally. Security experts suspect the Scattered Spider gang, known for targeting retail and insurance sectors, was involved. The airline immediately engaged authorities and cybersecurity experts. Bluetooth flaws could let hackers spy through your microphone (2 minute read) Three vulnerabilities in Airoha Bluetooth chipsets affect 29 audio devices from major brands like Bose, Sony, and JBL, allowing attackers within Bluetooth range to eavesdrop on conversations and hijack phone connections. The flaws enable the extraction of call history and contacts and the ability to initiate calls to arbitrary numbers by exploiting missing authentication in Bluetooth protocols. While technically serious, practical attacks require physical proximity and high technical skills, limiting the threat to high-value targets in sensitive industries. 🧠 Strategies & Tactics Dissecting RDP Activity (2 minute read) This blog post examines RDP activity using Windows event logs for cybersecurity forensics. It identifies important event IDs for successful logins (1149 and 4624), failed attempts (4625), and session changes to detect brute-force attacks. The author demonstrates how correlating these events helps create timelines to reconstruct attacker behavior. Leveraging Google ADK for Cyber Intelligence (6 minute read) This blog explains how to set up a multi-agent system for threat intelligence gathering and analysis. It uses Kafka, DSPy, and Neo4j to coordinate specialized agents that discover, collect, and process security feeds. The system extracts IOCs, maps threats to MITRE ATT&CK, and builds comprehensive threat intelligence graphs with natural language querying capabilities. What Should I Work on Next? A Framework for High-Impact Security Work (6 minute read) To drive maximal efficiency on teams, security managers should optimize the work they assign based on business goals, implicit interest, and personal growth. Security managers should seek out projects that allow them to establish a strong connection between business goals and the engineering roadmap. Given multiple projects with similar levels of business impact, managers should then consider assigning work that fits best with engineers' interests and personal growth objectives. 🧑‍💻 Launches & Tools RevEng AI (Product Launch) RevEng AI enables security engineers and malware analysts to identify malicious components and verify the integrity of software supply chains without requiring access to source code. Sbt-SBOM (GitHub Repo) The sbt-sbom plugin creates CycloneDX-compatible Software Bill of Materials (SBOM) files from sbt projects for security tools. You can customize the BOM and choose dependencies. It supports both XML and JSON formats. Cloudflare open-sources Orange Meets with End-to-End encryption (2 minute read) Cloudflare has added end-to-end encryption to its open-source video app, Orange Meets, making video calls more secure. The app utilizes a robust group encryption protocol and allows users to verify their safety number to prevent potential attacks. Orange Meets is a demo for developers and privacy fans, not a full-featured video chat tool like Zoom or Google Meet. 🎁 Miscellaneous Identity theft hits 1.1M reports — and authentication fatigue is only getting worse (4 minute read) This article discusses the balance between security and user convenience in authentication. With fraud increasing, businesses must offer multiple authentication options (passwords, passkeys, 2FA, and MFA) since customer preferences vary. Future authentication will use continuous risk-based signals rather than one-time logins, while AI complicates bot detection. Try This One Weird Trick Russian Hackers Hate (5 minute read) Installing a Russian or Ukrainian virtual keyboard can block many ransomware strains that check the system language to avoid infecting their home countries. Microsoft's June 2021 patches fix six actively exploited zero-day vulnerabilities that attackers use for privilege escalation and ransomware deployment. Security researchers have identified connections between the DarkSide and REvil ransomware groups, with both sharing exclusion lists and operational patterns. Schrems' Privacy NGO Files Complaint Against Dating App Bumble's AI Feature (2 minute read) Privacy group Noyb has filed a complaint with the Austrian authorities against the dating app Bumble's use of generative AI in its "AI Icebreaker" feature. Noyb is concerned about how data is being sent to OpenAI's servers while only displaying a pop-up, which Noyb considers "fake" consent. Bumble has responded that it takes precautions with its users' data and does not send any special category data. ⚡ Quick Links The FBI warns that Scattered Spider is now targeting the airline sector (2 minute read) The FBI has issued a warning that the cybercrime group Scattered Spider is now targeting the airline industry by deceiving employees and IT help desks to steal data and bypass security measures. Let's Encrypt ends certificate expiry emails to cut costs, boost privacy (2 minute read) Let's Encrypt discontinued its certificate expiration email notifications as of June 4, citing high costs, privacy concerns, and the widespread adoption of automated certificate renewal tools that make manual notifications unnecessary. Qilin Ransomware Attack on NHS Causes Patient Death in the UK (2 minute read) A ransomware attack by the Qilin group in June 2024 compromised London's NHS hospitals, leading to treatment delays, a patient's death, and widespread disruption of care. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.