Attacks & Vulnerabilities
|
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now (2 minute read)
Multiple Critical Vulnerabilities have been identified in Planet Technology's industrial switches. CVE-2025-46275 and CVE-2025-46271 allow complete control of the router, while CVE-2025-46273 reveals hard-coded communication credentials between the NMS and managed devices, enabling remote interception and configuration changes. There are also vulnerabilities affecting specific switches. Researchers also found lax security practices, including the use of default or weak credentials for MQTT and MongoDB.
|
SAP zero-day vulnerability under widespread active exploitation (3 minute read)
SAP Netweaver software has an unrestricted file upload vulnerability identified by CVE-2025-31324. After querying internet server search engines Shodan and Censys, Onapsis estimates that about 10,000 SAP instances are potentially vulnerable. It is a CVSS 10 vulnerability, remotely exploitable through HTTP unauthenticated, that allows for complete system compromise.
|
Novel Universal Bypass for All Major LLMs (8 minute read)
A new technique called "Policy Puppetry” can bypass safety guardrails in all major generative AI models. The attack involves crafting prompts that appear as policy files, tricking AI systems into interpreting them as instructions that override safety alignments. This universal vulnerability demonstrates fundamental flaws in AI model training and security.
|
|
Cross-Site WebSocket Hijacking Exploitation in 2025 (9 minute read)
Cross-Site WebSocket Hijacking is a vulnerability that arises from WebSockets being unprotected by the Same Origin Policy, allowing malicious sites to connect to targeted sites impersonating the user. Modern browsers have implemented security features that make CSWSH harder to exploit, such as Chrome's SameSite=Lax default cookie and Firefox's Total Cookie Protection. However, proper Origin validation during the server-side WebSocket handshake is the most reliable defense, as browser settings can change, and Chrome still permits CSWSH under certain conditions.
|
Using AI to analyse cyber incidents (7 minute read)
This post shows how to use AI to create a timeline of the April 2025 Marks & Spencer cybersecurity incident, which impacted contactless payments and click-and-collect services, ultimately escalating to a suspension of online orders by April 25. The timeline details the progression from initial reports on April 19th to April 26th, documenting customer experiences, official communications, and media coverage with timestamps. Although M&S has not confirmed the nature of the attack, the company's response involved taking processes offline and consulting cybersecurity experts, causing operational disruptions across over 1,000 stores and a temporary 5% drop in their share price.
|
io_uring Is Back, This Time as a Rootkit (10 minute read)
ARMO researchers exposed a critical security gap where Linux runtime security tools fail to detect malware using the io_uring interface. Their proof-of-concept rootkit, "Curing," bypasses traditional system call monitoring, affecting tools such as Falco and Microsoft Defender. While some vendors have implemented fixes, most security solutions remain vulnerable to this evasion technique.
|
|
GRC doesn't have to be a bottleneck (Sponsor)
With Drata, GRC is a growth enabler. Automate governance, risk and compliance with access to 25+ frameworks & 300+ integrations. Eliminate manual security reviews and speed up vendor assessments. Build trust faster with real-time monitoring and AI-powered automation. Join leading companies like Superhuman, Notion and Kandji, who have transformed their GRC programs with Drata: schedule a live demo today.
|
Cloud Snitch (GitHub Repo)
Cloud Snitch is a tool inspired by Little Snitch for macOS that visualizes AWS account activity with a focus on security and exploration. It's able to map activities, filter by AWS region, principal, IP addresses, etc, and also highlight any errors in prominent colors so that issues can be surfaced more easily.
|
Jericho Security (Product Launch)
Jericho enables organizations to run AI Agent-based, hyper-realistic, personalized attack simulations to train employees to identify real-world threats, track their progress, and escalate difficulty and rewards based on completion.
|
scary-strings (GitHub Repo)
Flag potentially dangerous API calls in source code, a.k.a.. lines containing scary strings from a security perspective.
|
|
South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days (2 minute read)
North Korean APT Lazarus targeted six South Korean organizations in finance, IT, semiconductors, software, and telecommunications through Operation SyncHole. They employed watering hole attacks and exploited zero-day vulnerabilities in security software, targeting Cross EX and Innorix Agent for online banking and government sites. The attack utilized malware such as ThreatNeedle, wAgent, SignBT, and CopperHedge for reconnaissance and access maintenance, while Lazarus further developed tools to evade detection.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? 📰
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼
Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|
