Bouygues Telecom suffered a cyberattack that exposed the data of 6.4 million customers, including names, emails, and phone numbers ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

TLDR

Together With Wiz

TLDR Information Security 2025-08-12

Is your team exploring MCP integrations? (Sponsor)

The Model Context Protocol (MCP) is quickly emerging as the go-to standard for connecting LLMs to external tools and data. But as adoption picks up, many teams are implementing MCP without a clear security playbook.

This practical guide breaks down real-world MCP security risks and offers actionable steps to help teams secure LLM integrations.

🔓

Attacks & Vulnerabilities

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation (1 minute read)

Security researchers found an exploit chain in Windows Endpoint Privilege Management (EPM) that lets attackers escalate privileges to domain admin. The attack poisons EPM policies to bypass security controls and elevate privileges. Organizations using Windows EPM should review their settings and update security measures.
Bouygues Telecom Hit by Cyberattack, 6.4 Million Customers Affected (2 minute read)

Bouygues Telecom, a French provider, suffered a cyberattack that exposed the data of 6.4 million customers, including names, emails, and phone numbers, but not payment info. It notified affected customers and authorities during its investigation.
Connex Credit Union Data Breach Impacts 172,000 People (2 minute read)

Hackers breached Connex Credit Union systems June 2–3, likely stealing files with names, account numbers, debit card data, Social Security numbers, and government IDs. Connex reported 172,000 impacted, but there was no evidence of access to accounts or funds.
🧠

Strategies & Tactics

The security principles guiding 1Password's approach to AI (5 minute read)

Seven core security principles for AI integration: encrypting secrets, using deterministic authorization over probabilistic LLM decisions, preventing raw credentials in LLM contexts, maintaining auditability, ensuring transparency, implementing least privilege, and balancing security with usability. AI agents must follow strict access controls, similar to humans, with credentials delivered securely (e.g., OAuth) rather than through LLM prompts, maintaining a zero-knowledge architecture. These principles show that traditional siloed privileged access management is inadequate for the AI era, which will require unified frameworks for both human and AI interactions.
Three Dots to Root: How I Found a Path Traversal in Microsoft's Agentic Web (6 minute read)

Microsoft's NLWeb is a new framework designed to allow AI agents to interact with websites and APIs via natural language. This author describes how they discovered a path traversal vulnerability that could lead to the disclosure of arbitrary files such as `/etc/passwd` or `.env`. The vulnerability was caused by the use of the `os.path.normpath()` function, which does not prevent “climbing out” of the directory using `../`.
Constructing a Trustworthy Evaluation Methodology for Contextual Security Analysis (7 minute read)

DryRun Security uses an AI engine called Contextual Security Analysis (CSA) to analyze code changes probabilistically. Each PR goes through three steps: whole-PR synthesis to understand the goal, hunk-scoped reasoning to isolate individual code hunks and filter out unrelated changes, and on-demand context acquisition to retrieve supporting files and dependencies. DryRun also has a secondary audit model that randomly samples production findings every 24 hours to check instruction compliance, hallucination detection, and vulnerability accuracy.
🧑‍💻

Launches & Tools

Free copy of the latest Gartner Hype CycleTM for Security Operations (Sponsor)
  • AI SOC agents: Which ones are delivering value? What are technologies to avoid?
  • The transition from vulnerability scanning to exposure management (CTEM) 
  • Emerging AI agents vs. proven platforms (EDR, SIEM)

Get the Hype Cycle Report (via Dropzone AI)

IDA Pro Cross-Reference Generator for Mandiant XRefer (GitHub Repo)

Professional IDAPython script that generates additional cross-references for IDA Pro that aren't automatically detected, specifically designed for use with the Mandiant XRefer plugin.
EPSS Pulse (Product Launch)

RunZero's EPSS Pulse is a free tool that tracks trends in Exploit Prediction Scoring System (EPSS) data to help security teams prioritize vulnerability remediation. It shows which vulnerabilities are gaining or losing exploitation likelihood over time, helping defenders focus on critical patches. Monitoring EPSS score changes enables organizations to make better vulnerability management decisions beyond static CVSS scores.
Tonic Security (Product Launch)

Tonic Security provides an AI agent–driven exposure management platform that ingests org data and threat intel to contextualize risk, prioritize remediation, reduce alert noise, and accelerate fixes. The company claims 50% faster MTTR and 90% fewer remediation actions needed.
🎁

Miscellaneous

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol (3 minute read)

OPC UA, a widely used industrial protocol, contains cryptographic design flaws that enable authentication bypass and message confusion attacks. Researcher Tom Tervoort has disclosed CVEs and PoCs that affect multiple vendors. He recommends applying patches, disabling OPC UA over HTTPS and Basic128Rsa15, and enforcing network restrictions like IP allowlists to limit exposure.
AppSec/ProdSec's Reality Gap (12 minute read)

Application and Product Security face a disparity in connecting theoretical security concepts to practical environments. A lack of context defines the problem space, teams trying to avoid slowing down development, security tools not addressing where teams are struggling or organizational scale, and tooling being designed for gates instead of guardrails. AI-based tools may help in providing more context and tailored experiences, but they will not alleviate the resource constraints that many teams face.
Security Flaws in a Carmaker's Web Portal Let One Hacker Remotely Unlock Cars From Anywhere (3 minute read)

Security researcher Eaton Zveare found a vulnerability in a carmaker's web portal that let him create an admin account with full access. He could access customers' personal and financial data, track vehicles, and enroll customers in features to control some car functions remotely. During testing, Zveare remotely unlocked and took control of a friend's vehicle.

Quick Links

Google confirms Salesforce CRM breach, faces extortion threat (2 minute read)

Google disclosed a breach in its Salesforce CRM instance that exposed data of prospective Google Ads customers.
UK retail giant M&S restores Click & Collect months after cyber attack, some services still down (2 minute read)

Marks & Spencer restored Click & Collect and most core online services months after the cyberattack in April, while some features remain down, such as online stock check, international orders, Sparks Pay, and occasion-cake ordering.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/82c59482/8
Track your referrals here.

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.

Want to work at TLDR? 💼

Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile


Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.