Attacks & Vulnerabilities |
Apple patches critical zero-day in ImageIO amid reports of targeted exploits (2 minute read)
Apple patched a critical zero-day vulnerability CVE-2025-43300 in its ImageIO framework after reports that it was exploited in extremely sophisticated attacks targeting specific individuals, with the out-of-bounds write flaw allowing memory corruption when processing malicious image files. The company released patches for iOS, iPadOS, and macOS systems, including older devices, bringing the total number of actively exploited zero-days fixed by Apple in 2025 to seven. Users are urged to update immediately as the vulnerability affects a core image processing framework that cannot be disabled or replaced, making patching the only effective mitigation against potential spyware or nation-state attacks. |
Lotte Card Data Breach Impacts Over 1M Users (2 minute read)
Korean credit card company, Lotte Card, reported a data breach of at least 1M users, though estimates suggest that several million of the firm's 9M users' data may have been leaked. The breach occurred in a server related to Lotte Card's payment system, leading to card information and online payment request details being included in the breach. |
SonicWall Warns Customers to Reset Credentials After Breach (2 minute read)
SonicWall warned customers to reset their credentials after firewall configuration backup files were exposed in a breach impacting MySonicWall accounts. It stated that these accounts were breached in targeted brute-force attacks and not due to ransomware or similar activity. SonicWall has also provided a checklist to give admins a structured approach to ensure all relevant passwords, keys, and secrets are updated consistently. |
|
Mitigating supply chain attacks (2 minute read)
pnpm v10 introduces several security measures to mitigate supply chain attacks, including disabling automatic execution of postinstall scripts in dependencies by default and requiring explicit whitelisting of trusted packages that need build scripts. The package manager also introduces a minimumReleaseAge setting that delays package installation for a specified time period after publication, allowing security companies to detect and report compromised packages before they can be installed. These measures work alongside traditional best practices like using lockfiles to prevent unexpected updates and reduce the window of exposure to malicious packages that historically exploit postinstall scripts to execute malware immediately upon installation. |
What Makes System Calls Expensive: A Linux Internals Deep Dive (18 minute read)
System calls cause significant overhead beyond kernel execution, disrupting CPU microarchitecture with pipeline draining, branch buffer clearing, and return stack untraining during entry and exit. The Linux syscall handler performs costly tasks like switching page tables, stacks, and applying security measures against speculative attacks such as Spectre. Benchmarks show vDSO clock_gettime runs 89% faster than kernel syscalls. These costs force CPUs to rebuild optimizations after each call, making batching with io_uring, memory-mapped I/O, and eBPF essential for reducing syscall frequency. |
Hiding Your C2 Traffic With Discord & Slack (7 minute read)
Discord and Slack are applications commonly found on networks. This post introduces two tools, SierraOne and SierraTwo, which demonstrate a proof-of-concept C2 server that utilizes either of these platforms to camouflage with existing traffic on a network. While the encrypted traffic may be able to hide from admins on a network, users should be aware that Slack and Discord may be able to view traffic. |
|
Sauron (GitHub Repo)
Sauron is a tool that enumerates Active Directory groups, permissions, and other contexts for obtained credentials. |
Windows (GitHub Repo)
This project provides an ISO downloaded and KVM acceleration to run Windows in Docker. |
|
Gucci, Balenciaga, and Alexander McQueen Breach Linked to ShinyHunters (2 minute read)
ShinyHunters breached Kering in April, stealing 7.4 million customer records from luxury brands like Gucci, Balenciaga, and Alexander McQueen. The data included names, emails, phones, addresses, and purchase histories, with some customers spending over $86,000. The breach was found in June, with ransom talks where ShinyHunters claimed Balenciaga agreed to pay $750,000 in Bitcoin but backed out. Kering denies negotiations or ransom payment. The attack is linked to a campaign possibly involving Scattered Spider. The stolen data poses risks of spear-phishing using purchase details. |
The New Commandments of Security Teams (10 minute read)
Security teams should shift from being a "team of no" to enablers and partners. This post outlines New Commandments to foster this cultural change, emphasizing better collaboration with other teams to reframe security as an enabler, bridge IT and security, empower developers, leverage external knowledge, fix issues, prioritize vendor reviews, and focus on usability, tradeoffs, and results. |
Why Secure Document Editing is More Important than Ever (3 minute read)
Organizations face increasing cybersecurity threats targeting document workflows, making secure editing platforms essential for protecting sensitive data through encryption and compliance controls. Traditional document editing tools often lack adequate security measures, leaving businesses vulnerable to costly data breaches that can damage reputation and result in regulatory penalties. Implementing secure document editing solutions helps organizations maintain data integrity, meet compliance requirements, and build customer trust while reducing the risk of unauthorized access to confidential information. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments