Satellites Exposing Data 🛰️, Unmonitored Javascript Holiday Threat 🎅🏼, Multi-Country Botnet Targets RDP 🤖

Sensitive personal, corporate, and military data is being transmitted unencrypted via about half of Earth's geostationary satellites ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-10-15 OSINT for Executive Protection: The Flashpoint Guide (Sponsor) Doxxing. Deepfakes. Targeted harassment. Executives are prime targets for cyber and physical attacks—are you equipped to protect them? Threats against high-profile individuals often start online—and can escalate into serious security risks. In The Complete Guide to OSINT for Executive Protection, Flashpoint breaks down how security teams can: Identify and neutralize digital threats before they escalate Set up real-time alerts and remove sensitive data Use AI-powered analysis, social intelligence, and geospatial data to track bad actors Download the Guide 🔓 Attacks & Vulnerabilities SimonMed Imaging: 1.27M Individuals Affected by January 2025 Cyberattack (3 minute read) In early 2025, a cyberattack at SimonMed Imaging exposed the data of over 1.27 million patients, including medical and personal information, with the ransomware group Medusa claiming responsibility. Medusa likely received a ransom to prevent data release. SimonMed responded with improved security measures and offered credit monitoring and identity theft protection to impacted people. Satellites found exposing unencrypted data, including phone calls and some military comms (1 minute read) Sensitive personal, corporate, and military data is being transmitted unencrypted via about half of Earth's geostationary satellites, according to researchers. Using a basic satellite receiver, they accessed voice calls, texts, and critical infrastructure communications, exposing serious privacy and security risks. Pixel-stealing "Pixnapping" attack targets Android devices (3 minute read) "Pixnapping" is an advanced attack where a malicious Android app can secretly steal individual pixels from your device's screen—enabling it to extract sensitive data like 2FA codes, even from supposedly secure apps. The attack exploits Android's app messaging system and nearly invisible overlays. 🧠 Strategies & Tactics Why Signal's post-quantum makeover is an amazing engineering achievement (9 minute read) Signal Messenger has rolled out a major upgrade to its encryption protocol, making it resistant to future quantum computer attacks. This technical overhaul adds a third layer—a quantum-safe ratchet—to its already-robust system to ensure strong privacy even if classical encryption breaks. Thanks to clever use of chunking methods and erasure codes, Signal's triple ratchet protects users' messaging by combining classic and quantum-safe security mechanisms, all without impacting everyday use. Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk (5 minute read) Client-side JavaScript attacks pose a critical blind spot for e-commerce security as 73% of sites load 50+ third-party scripts on checkout pages while only 23% use dedicated client-side monitoring, allowing attackers to steal payment data through browser-based skimmers that bypass WAFs and traditional server-side defenses entirely. Major 2024 attacks, including the Polyfill.io breach affecting over 500,000 websites and Cisco's Magecart incident, demonstrate how compromised third-party scripts and supply chain vulnerabilities enable data theft that often goes undetected for an average of 7.5 months, with incidents costing $2.4 million plus regulatory fines. Security teams should immediately implement Content Security Policy with nonces (avoiding 'unsafe-inline'), deploy Subresource Integrity tags for third-party scripts, establish comprehensive script inventories with regular audits, and deploy specialized client-side monitoring tools to detect unauthorized data collection, DOM manipulation, and suspicious script behavior before the 2025 holiday shopping season. How Do Timing Attacks Work? (3 minute read) Timing attacks that target string comparison work by measuring how long it takes a vulnerable server to verify a string, such as a password or other secret. When a vulnerable function compares two strings, it loops through each character to check for equality, causing the function to take slightly longer to complete with each correct character. The page includes a demo for how this attack works in practice. 🧑‍💻 Launches & Tools Comparing Semgrep vs. AppSec Alternatives (Sponsor) Independent reviewers confirm that using Semgrep can cut false positives by over 90% compared to popular alternatives: With Semgrep, there's no need to manually filter and prioritize findings because developers only see exploitable, high-priority issues. Instead of asking devs to trust a black box, Semgrep offers explainable findings with rule-level visibility. Semgrep then delivers AI-assisted, step-by-step fix guidance to reduce issue resolution time.  👉 The bottom line? Developers spend 86% less time reviewing findings and sifting through alert noise. That's 15+ hours saved every week. See the difference and start shipping faster Maltrail (GitHub Repo) Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists. Forensic Timeliner (GitHub Repo) Forensic Timeliner is a high-speed forensic processing engine built for DFIR investigations. It can quickly consolidate CSV output from tools to create a mini timeline, with built in filtering, artifact detection, keyword tagging, and deduplication. MCP-Snitch (GitHub Repo) MCP Snitch is a macOS application that intercepts and monitors MCP server communications, providing security analysis, access control, and audit logging for AI tool usage. 🎁 Miscellaneous Here's How Apple Is Locking Down iPhones to Comply With Texas' Age Verification Law (3 minute read) Starting next year, Texas will require companies to verify the ages of people who use their app stores. Apple has announced that beginning January 1, Texans trying to create a new Apple Account must confirm their age. If they are under 18, they must join a Family Sharing group. Parents and guardians will be required to give their consent to download apps or make in-app purchases, and developers will be required to implement the Declared Age Range API. Discord blamed a vendor for its data breach — now the vendor says it was 'not hacked' (2 minute read) Discord reported a breach impacting 70,000 users, claiming a third-party vendor, 5CA, was responsible, but 5CA denies any hacking of its systems or handling of government ID photos. The company argues the incident likely resulted from human error outside its systems, and both parties are conducting ongoing investigations to clarify further responsibility and the extent of affected data. Asahi breach leaves bitter taste as brewer fears personal data slurped (3 minute read) Japanese beer maker Asahi suffered a ransomware attack in late September that disrupted operations across Japan and may have resulted in unauthorized access to personal information. The ransomware group Qilin claims to have stolen 27 GB of data, including employee and financial records. ⚡ Quick Links Don't Spend Millions Managing Your Slack (Sponsor) Avoid seven-figure legal bills before they happen. BENlabs uses Onna as "insurance" to keep Slack data risks predictable and costs under control. Future-proof your legal ops with Onna. Read the Case Study to Learn How Massive multi-country botnet targets RDP services in the US (1 minute read) A large-scale botnet comprising over 100,000 IP addresses is conducting coordinated attacks against Remote Desktop Protocol services in the United States. UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling (2 minute read) The UK's National Cyber Security Centre reported 429 cyberattacks from September 2024 to August 2025, with significant incidents more than doubling from 89 to 204, and highly significant incidents rising nearly 50% to 18, posing severe risks to essential services. Workforce termination orders affect several CISA divisions (1 minute read) Several divisions of CISA are facing job cuts as part of a government plan to reduce staff during a shutdown, amid criticism from the administration over its work combating misinformation. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.