Attacks & Vulnerabilities |
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation (2 minute read)
A critical vulnerability in Grafana's SCIM user management feature (CVE-2025-41115) allowed attackers to impersonate users or escalate privileges if certain settings were enabled. Only Grafana Enterprise versions 12.0.0 to 12.2.1 with SCIM activated were affected. The flaw, found internally, was quickly patched. Users are strongly urged to update to the latest secure release to prevent exploitation. |
LINE Messaging Bugs Open Asian Users to Cyber Espionage (2 minute read)
Researchers discovered major security flaws in the messaging app LINE, which is widely used in Asia. These bugs let attackers replay messages, impersonate users, and access plain-text details, all due to weak custom encryption. The risks are amplified because LINE handles everything from banking to government services, yet there are no current plans to fix the vulnerabilities, leaving millions exposed. |
Iberia Discloses Customer Data Leak After Vendor Security Breach (2 minute read)
Spanish flag carrier Iberia suffered a data leak after a third-party vendor was breached. Iberia has notified customers. The exposed data includes full names, email addresses, and loyalty card numbers, but not passwords or financial information. This notice comes days after a 77GB trove of data allegedly stolen from the airline surfaced on hacker forums. |
|
Hitchhiker's Guide to Attack Surface Management (13 minute read)
Attack Surface Management is about continuously identifying and tracking all digital assets and potential entry points that attackers could exploit within an organization. This includes everything from obvious domains and public APIs to obscure subdomains, old servers, cloud resources, mobile apps, code repositories, and even collaboration tools such as Slack or Trello. The attack surface changes constantly as new assets are spun up and others become forgotten or misconfigured, often outside regular security practices. The key is ongoing discovery and reduction - eliminating unnecessary assets, restricting access, hardening configurations, securing supply chains, and monitoring for leaks - because attackers look for what you overlook, not just what you defend. |
From Code to Boardroom: A GenAI GRC Approach to Supply Chain Risk (4 minute read)
Traditional GRC approaches fail to address GenAI-driven supply chain risks, such as shadow AI adoption (vendors using public LLMs for code generation without disclosure) and model drift (AI systems changing behavior over time, exposing data or introducing regulatory violations). This article proposes a GenAI GRC framework that uses LLMs for contextual intelligence across unstructured data sources, continuous monitoring via a "digital trust ledger" that dynamically scores vendor risk, and regulatory synthesis to maintain compliance with evolving requirements such as the EU DORA and AI Act. CISOs should pilot this approach by monitoring critical vendors' self-attestations against their public digital footprint, shifting from static compliance reporting to predictive risk velocity metrics that translate technical vulnerabilities into boardroom-ready strategic resilience indicators. |
Intuition-Driven Offensive Security (5 minute read)
Penetration tests typically focus on finding long lists of bugs in a small time scope and limited attack surface, but attackers are not restricted by time or other scoping and hunt for smaller numbers of critical vulnerabilities. To address this gap, testers should have a holistic view of the application from a user, source code, and architectural perspective, test assumptions that were made during development, and search for a small number of deep bugs. Real offensive security should focus on following intuition, finding the truth, and focusing on impact. |
|
Apono (Product Launch)
Apono provides organizations with an understanding of privileged access within their cloud environments, enforces robust security guardrails, and leverages AI-driven least privilege and anomaly detection capabilities to enhance security measures. |
Quiet Riot (GitHub Repo)
Quiet Riot is an unauthenticated enumeration tool that validates the existence of AWS Account IDs, Azure AD users, and Google Workspace users by exploiting differences in error messages across cloud service APIs. The tool achieves ~1,100 checks/second by using a multi-threaded API to AWS services like SNS, ECR, and KMS, though exhaustively scanning all possible AWS Account IDs would still take years from a single account. It requires valid AWS credentials to provision resources, but performs unauthenticated reconnaissance by observing service-specific error responses when accessing non-existent versus existing principals. |
|
How to know if your Asus router is one of thousands hacked by China-state hackers (3 minute read)
A China-linked hacking group has compromised thousands of older Asus routers, mainly in Asia, by exploiting vulnerabilities in unsupported models. The hacked devices, named in the WrtHug campaign, are likely being reserved for covert espionage. Users can check for compromise by examining their router's certificate details. They are advised to upgrade hardware and disable remote access features to enhance security. |
FCC reversal removes federal cyber safeguards targeting telecom weaknesses post-Salt Typhoon attacks (3 minute read)
The FCC reversed a ruling from January that required US telecom providers to implement and annually certify cybersecurity risk management plans under CALEA, removing federal mandates established after the Salt Typhoon attacks that compromised major carriers and exposed at least 200 US organizations. Security experts criticized the rollback as "shockingly incompetent," noting it eliminates the only concrete federal regulatory response to attacks that allowed Chinese state actors to access wiretap systems, record calls, and geolocate millions of individuals, including high-ranking US officials. The reversal came after heavy lobbying by compromised telecom providers that failed to document their remediation efforts, raising concerns about national security at a time when telecommunications infrastructure remains vulnerable to nation-state attacks. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments