Attacks & Vulnerabilities | Freedom Mobile Discloses Data Breach Exposing Customer Data (2 minute read)
Freedom Mobile, Canada's fourth-largest wireless carrier, disclosed a data breach impacting an undisclosed number of customers. The breached data includes first and last names, home addresses, dates of birth, home and/or cell phone numbers, and Freedom Mobile account numbers. The data was breached via the account of a subcontractor. Ransomware was not involved. | | Evaluating AI Agents in Security Operations (6 minute read)
Cotool tested an AI agent's ability to solve security operations tasks using the Splunk BOTSv3 dataset and frontier models from Claude, OpenAI, and Gemini. Cotool found that while GPT-5.1 and Opus 4.5 achieved the top accuracy at 63%, Opus was 3x more expensive than GPT-5.1 but also completed tasks in half the wall-clock time of any other model. The Gemini models performed notably poorly on the tasks and failed to complete several tasks. | The Exploitation of Legitimate Remote Access Tools in Modern Ransomware Campaigns (8 minute read)
Ransomware operators often use remote access tools such as AnyDesk and UltraViewer to maintain persistence, execute remote tasks, and transfer files while avoiding detection. Their typical attack involves using stolen credentials to compromise an employee, then either hijacking existing tools or installing legitimate remote access software, followed by establishing persistence, escalating privileges, and disabling security tools. Subsequently, they deploy payloads, move laterally within the network, and finally execute their ransomware attack. | Smile, You're on Camera: A Live Stream from Inside Lazarus Group's IT Workers Scheme (20 minute read)
Researchers trapped North Korean operatives from Lazarus Group's Famous Chollima division inside an extended ANY.RUN sandbox environments, documenting their full operational workflow for infiltrating Western companies as remote IT workers. The operators recruit developers via GitHub spam. They offer 20-35% salary cuts in exchange for using victims' identities and laptops for job applications, relying on AI interview tools, AstrillVPN, and remote access software rather than malware. Poor operational security allowed researchers to delay, monitor, and ultimately expose the scheme targeting the finance, crypto, and healthcare sectors. | | 7AI (Product Launch)
7AI builds an "agentic security" platform where autonomous AI agents investigate alerts, correlate data, and take or recommend actions to reduce alert fatigue. | God's Eye (GitHub Repo)
God's Eye is an ultra-fast subdomain enumeration and reconnaissance tool with local LLM analysis via Ollama. | | GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections (7 minute read)
GoldFactory is a cybercrime group targeting Android users in Indonesia, Thailand, and Vietnam with tampered banking apps that still appear legitimate while secretly installing remote-access malware. The malware abuses accessibility services and hooking frameworks to bypass security checks, hide its presence, control devices in real time, and steal banking data at scale. At least 11,000 infections have been identified so far. | Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims (2 minute read)
Arizona Attorney General Kris Mayes has joined several other states in suing Temu and its parent company over allegations that the online retailer is stealing customers' data. Mayes stated that the app collects a startling amount of data without users' consent, specifically citing GPS location and a list of other apps on users' phones. Mayes also expressed concerns over the quality of products sold on Temu and whether the retailer has "ripped off" other businesses. | Frontier AI Models Demonstrate Human-Level Capability in Smart Contract Exploits (4 minute read)
Anthropic evaluated ten frontier models on a dataset of 405 historical smart contract exploits and found that the agents produced working attacks against 207 of them, totaling $550M in simulated stolen funds. Anthropic measured the model's current capabilities by plotting each model's total exploit revenue against its release date. The models also discovered two previously undisclosed zero-days. | | | Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. | | Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
| | | |
0 Comments