Plex Data Breach 📺, LunaLock AI Threat 🤖, Celebrity Impersonation Scams 🎭

Plex disclosed a breach exposing user data, including usernames, emails, scrambled passwords, and some auth data. The passwords are unreadable ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-09-10 USB drives are still a problem - but they're not your only data exfiltration risk (Sponsor) While most organizations focus on blocking USB devices, attackers and insiders can just as easily steal data through network shares, cloud storage, or even local folder access. You need visibility and control over ALL storage access points. ThreatLocker Storage Control provides granular policies across every storage type - from USB drives to network shares to local folders. Set policies as simple as "block all USBs" or as detailed as "only allow backup apps to access the backup share." ⚡ Unified audit logs every file access with device serial numbers ⚡ 60-second approval workflow for storage access requests ⚡ Granular policies by user, time, application, and device type See Storage Control in action 🔓 Attacks & Vulnerabilities Plex urges users to change passwords after data breach (2 minute read) Plex disclosed a breach exposing user data, including usernames, emails, scrambled passwords, and some auth data. Though the passwords are unreadable, Plex urges users to reset and sign out of connected devices. No gains, just pains as 1.6M fitness phone call recordings exposed online (4 minute read) Security researcher Jeremiah Fowler uncovered an unprotected HelloGym database with 1.6 million audio recordings from major gym franchises, exposing customer and staff names, phone numbers, and sensitive conversations. Risks include voice cloning, deepfakes, and social engineering. 160,000 Impacted by Wayne Memorial Hospital Data Breach (2 minute read) Over 160,000 people had personal and medical data stolen in a ransomware attack on Wayne Memorial Hospital in May 2024. Hackers accessed sensitive personal, health, and financial information. The hospital responded quickly, restored systems, and offered affected individuals free credit monitoring. 🧠 Strategies & Tactics LunaLock Ransomware threatens victims by feeding stolen data to AI models (2 minute read) LunaLock, a new ransomware group, has threatened to submit stolen artwork from the Artists&Clients website to AI companies for training datasets if its $50,000 ransom demand isn't met. This approach, a unique extortion technique, represents a dangerous precedent as it compromises victims' intellectual property permanently by incorporating stolen data into AI models, unlike traditional dark web leaks that may fade over time. The attack targets artists who are already vulnerable to AI data scraping by companies like OpenAI and Google. GitHub Actions: A Cloudy Day for Security - Part 1 (16 minute read) Security challenges in GitHub Actions can affect even trusted teams, as attackers may exploit workflows or inject malicious code. Using branch protection, pull request approvals, environment variable management, and safeguards like the "four-eyes" principle reduces risks. Regular reviews and testing further strengthen CI/CD pipeline security. Memory Integrity Enforcement: A complete vision for memory safety in Apple devices (12 minute read) Apple's Memory Integrity Enforcement (MIE), introduced in the iPhone 17 and iPhone Air, combines secure memory allocators with Enhanced Memory Tagging Extension (EMTE) hardware to provide continuous memory safety against advanced spyware exploiting memory corruption. It uses hardware-enforced memory tagging to prevent buffer overflows and use-after-free attacks by assigning secret tags to memory and terminating processes when tags are incorrect. Tag Confidentiality Enforcement also defends against side-channel attacks, including Spectre V1 mitigations. Apple's tests show MIE defeats all recent real-world exploits, forcing attackers to restart development with new techniques and making memory corruption exploits more difficult and costly. 🧑‍💻 Launches & Tools Nearly every major AI agent is exposed to 0click exploits (Sponsor) From hijacked ChatGPT sessions to leaked Copilot data and rerouted Salesforce comms — real attacks show why exploring these issues are so critical. Join the AI Agent Security Summit to delve deeper. Built from 100+ community submissions, it brings together top researchers and security experts to share defenses that keep agents secure. 👋 Register now (San Francisco | Oct 8) 📘 Read Zenity Labs' AgentFlayer 0click Exploit research VMDragonSlayer (GitHub Repo) VMDragonSlayer is a framework for analyzing binaries protected by VM-based protectors like VMProtect 2.x/3.x, Themida, and custom malware VMs. It combines Dynamic Taint Tracking, Symbolic Execution, Pattern Classification, and Machine Learning to automate reverse engineering. Sola Security (Product Launch) Sola Security has built an AI-powered no-code security platform that can design, customize, and deploy security tools in minutes. Dalec (GitHub Repo) Dalec provides a declarative format for building system packages and containers from those packages. It is designed for building containers for Azure and supports Azure Linux 2 and 3 and Windows containers. 🎁 Miscellaneous AI-Powered Celebrity Impersonation Scams: A Threat Intelligence Report by RedHunt Labs (15 minute read) RedHunt Labs discovered a complex AI-driven investment scam targeting Indian users through Facebook and Instagram ads featuring deepfake videos of celebrities like Nirmala Sitharaman, Sadhguru, and Neha Kakkar promoting fake investment platforms. Victims lost an average of over ₹50,000. The scammers use deepfake technology to create convincing fake interviews and endorsements, bypassing Facebook's ad review system through short-lived campaigns and fake Amazon links. They redirect victims to counterfeit news websites impersonating major Indian media outlets like NDTV and India Today. The campaign involves a network of over 1,000 interconnected fraudulent websites and uses multiple payment methods, including UPI transfers and international bank accounts. It has expanded beyond social media to include compromised websites, fake Medium blog posts, and SEO manipulation to reach victims across multiple platforms. Nepal social media ban sparks protests, dozens injured (2 minute read) At least 14 people were killed and dozens injured in Nepal after police clashed with "Gen Z protesters" demonstrating against the government's ban on 26 major social media platforms, including Facebook, Instagram, WhatsApp, Signal, YouTube, and X. The restrictions were imposed after foreign tech companies failed to register locally under new regulations, citing concerns about cybercriminals spreading disinformation with fake accounts and unregistered platforms. Rights groups condemned both the ban and the police force, calling the restrictions a "dangerous precedent for press freedom" that could harm Nepal's business and tourism sectors, heavily reliant on social media. Treasury Department targets Southeast Asia scam hubs with sanctions (2 minute read) The U.S. Treasury Department sanctioned 19 individuals and organizations operating cyberscam hubs in Burma and Cambodia, responding to Americans losing at least $10 billion to Southeast Asian scam operations in 2024—a 66% increase from the previous year. The sanctions target notorious hubs like Shwe Kokko, Burma, where criminal organizations use debt bondage, violence, and threats of forced prostitution to coerce workers into conducting virtual currency investment scams and other online fraud against victims worldwide. The action aims to disrupt industrial-scale fraud operations that not only threaten Americans' financial security but also subject thousands of people to modern slavery conditions in forced labor compounds. ⚡ Quick Links Authorization vulnerabilities in public APIs are shockingly common (Sponsor) Intruder ran its Autoswagger tool against targets from several large bug bounty programs - and came back with exposed credentials in APIs offered by Microsoft and other massive companies. See the examples and get the tool Microsoft hits pause on Copilot ... in SQL Server Management Studio (3 minute read) Microsoft temporarily removed Copilot functionality from SQL Server Management Studio (SSMS) 22 Preview 1 after 75% of survey respondents preferred GitHub Copilot integration over the current implementation. Venezuela's President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies (2 minute read) Venezuelan President Nicolás Maduro claimed his Huawei Mate X6 smartphone, reportedly gifted by China's Xi Jinping, is "the best phone in the world" and cannot be hacked by US cyber spies, despite cybersecurity experts noting that well-resourced nation-state actors can compromise any device and that HarmonyOS may contain undiscovered vulnerabilities due to limited global scrutiny. Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace (1 minute read) Kosovo national Liridon Masurica, also known as "@blackdb," pleaded guilty to conspiracy to commit access device fraud for operating the BlackDB.cc cybercrime marketplace from 2018 to 2025. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.