Citrix Auth Vulnerability 🖥️, Swiss Health Data Stolen 🇨🇭, Browser Agents As Weakest Links 🔗

Over 1,200 Citrix NetScaler ADC and Gateway appliances remain unpatched against CVE-2025-5777, a critical authentication bypass vulnerability ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-07-01 Exposing the inner workings of North Korea's cyber threat operation (Sponsor) A new report by DTEX Systems reveals the surprising motivations and intricate operations behind DPRK's covert cyber workforce—which operates more like an international crime network than a state-sponsored group. It covers: An org chart detailing DPRK's cyber structure. Details of active DPRK cyber operatives, methods, and infiltration tactics. Inside Research Center 227—DPRK's AI unit actively enabling hacking operations. Why DRPK operatives are motivated by survival rather than ideology, and the implications. Behavioral and technical markers to detect embedded DPRK cyber operatives early. Read the full findings → 🔓 Attacks & Vulnerabilities Over 1,200 Citrix servers unpatched against critical auth bypass flaw (2 minute read) Over 1,200 Citrix NetScaler ADC and Gateway appliances remain unpatched against CVE-2025-5777 ("Citrix Bleed 2"), a critical authentication bypass vulnerability that allows attackers to hijack user sessions and bypass multi-factor authentication. ReliaQuest reports with medium confidence that the flaw is already being actively exploited, with indicators including hijacked web sessions, suspicious IP address usage, and Active Directory reconnaissance activities. Organizations must immediately patch their NetScaler appliances and terminate all active ICA and PCoIP sessions to prevent session hijacking attacks similar to those seen in previous CitrixBleed ransomware campaigns. Stablecoin Protocol Resupply Loses $9.6M to Price Manipulation Exploit (2 minute read) Decentralized finance (DeFi) protocol Resupply confirmed a security breach in its wstUSR market which resulted in $9.6M in losses. The attacker used a price manipulation exploit to inflate the share price which allowed them to borrow $10M reUSD with minimal collateral. Resupply paused the contracts to prevent further damage upon detection. Zurich non-profit hit by ransomware, Swiss federal data at risk (2 minute read) Radix, a Zurich-based non-profit health foundation, was hit by a ransomware attack on June 16. The Sarcoma group released 1.3TB of stolen data after ransom demands failed. The breach affected data from Swiss federal offices that trusted Radix, though attackers didn't access Federal Administration systems directly. Swiss authorities are investigating the attack and warned of potential future phishing campaigns using the stolen data. 🧠 Strategies & Tactics Hacker Conversations: Rachel Tobac and the Art of Social Engineering (8 minute read) Rachel Tobac, CEO of SocialProof Security, demonstrates how social engineers exploit psychological principles, such as the principles of urgency, authority, and scarcity, to trick targets into revealing sensitive information or credentials. Her methods involve OSINT research, AI-generated voice clones, background audio effects, and caller ID spoofing to craft convincing stories that bypass human verification. Organizations should enhance identity checks beyond simple data, such as birthdates and addresses, as attackers can easily obtain this information from data brokers to impersonate real customers. Using AI to identify cybercrime masterminds (6 minute read) Sophos researchers created an AI framework that analyzes 11,558 posts from 4,441 individuals across 124 dark web forums, mapping discussions to CVE exploits and MITRE CAPEC patterns. It clusters threat actors by skill, commitment, and activity, identifying 14 "professional" actors (3.9%) with high expertise and a focused approach. This automated method helps threat teams prioritize investigations and reduce manual analysis when spotting key criminals. Comparing Semgrep Pro and Community Whitepaper (15 minute read) Static Application Security Testing (SAST) is crucial for modern application security. Semgrep has become popular due to its accessible Community Edition. This research compares Semgrep's free and commercial versions, showing that Semgrep Code identifies more findings and achieves better true positive rates than the Community Edition. 🧑‍💻 Launches & Tools ZeroRISC (Product Launch) ZeroRISC offers cloud security solutions aimed at ensuring transparency and reliability for data centers, ICS, other OT systems, and IoT devices. PWN (GitHub Repo) PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules. Professional Pentester Toolbox (3 minute read) The TCM Security team has compiled a list of their favorite tools for external pentests, internal pentests, AD tools, reconnaissance, web app testing, and physical pentesting. 🎁 Miscellaneous Nordic's largest Apple Premium partner breached, hackers claim (2 minute read) The Kraken ransomware group claims to have breached Humac, the Nordic region's largest Apple Premium Partner, stealing financial information, customer data, and employee details. Cybernews verified that the leaked data appears legitimate. The data includes employee records, internal files, and database samples from the retailer, which has over 120 stores across Europe. The breach poses risks - stolen employee data could enable phishing to access Apple support platforms, and customer info could aid fraud. Canada Gives Hikvision the Boot on National Security Grounds (3 minute read) Canada ordered Chinese surveillance company Hikvision to cease operations on national security grounds. The partly state-owned firm is banned from government use, with existing equipment under review. Hikvision called the decision unfounded and said it was geopolitically motivated. Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants (3 minute read) A Sinaloa cartel informant told the FBI in 2018 that the drug gang was paying hackers to spy on federal agents and people working with law enforcement. The hackers could break into phones, hack into Mexico City's security cameras, and track where people went. The cartel used this information to threaten and kill witnesses. ⚡ Quick Links SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are (3 minute read) SquareX's research indicates that Browser AI Agents are now more vulnerable to cyberattacks than employees due to their limited security awareness and inability to recognize warning signs, such as suspicious links. Joint Statement from CISA, FBI, DC3, and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (1 minute read) Iranian hackers might target US systems with weak passwords and outdated software, so agencies advise vigilance. Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects (4 minute read) Europol dismantled a crypto scam operation involving 'pig butchering' schemes that defrauded over 5,000 victims worldwide of €460 million, leading to five arrests in Spain. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.