Attacks & Vulnerabilities
|
Matrix protocol bugs could let hackers seize control of sensitive chat rooms (5 minute read)
Matrix Foundation identified two high-severity vulnerabilities (CVE-2025-49090 and CVE-2025-54315) that allow attackers to hijack creator privileges or predict room addresses, disrupting communications used by government and military groups. These flaws affect federated Matrix servers (external servers - internal ones are unaffected) and were fixed in Room Version 12. Administrators are urged to upgrade immediately and restrict access to trusted servers. No exploits have been observed in the wild.
|
Manpower Discloses Data Breach Affecting Nearly 145K Individuals (2 minute read)
Manpower, one of the world's largest staffing companies, is notifying nearly 145K individuals that attackers stole their data in a December 2024 attack. The stolen data includes passports, IDs, SSNs, addresses, contact information, corporate communications, financial statements, HR data, and confidential contracts and NDAs. The RandomHub ransomware group stole the data, but the data has since been removed from its website, suggesting that the ransom may have been paid.
|
Fortinet Warns of FortiSIEM Pre-Auth RCE Flaw With Exploit in the Wild (2 minute read)
Fortinet is warning of a new critical (CVSS 9.8/10) pre-auth remote code execution vulnerability affecting multiple branches of FortiSIEM. The vulnerability is an OS command injection caused by “improper neutralization of special elements.” Fortinet has also stated that working exploit code is publicly available and urges immediate remediation.
|
|
Kubernetes security fundamentals: Networking (8 minute read)
Kubernetes clusters use a flat network that allows all pods to communicate, which poses security risks. To secure the network, deploy CNI plugins like Calico or Cilium that support policies, then set default-deny ingress/egress rules, allowing only necessary traffic between pods and namespaces. Essential measures include restricting host networking, shielding cloud metadata from pod egress, and testing network policies with application manifests before production.
|
Cybersecurity Spending Slows & Security Teams Shrink (2 minute read)
Security budgets are slowing to 4% YoY growth, the lowest in five years, driving understaffed teams and delayed initiatives. Pressure stems from geopolitics, tariffs, and macroeconomics. Budgets are tightest in healthcare, services, retail, and hospitality, while finance, insurance, and tech still grew more than 5% by prioritizing cloud, IAM, SecOps automation, and zero trust.
|
How We Automated GitHub Actions Runner Updates With Claude (8 minute read)
Depot had an arduous process in which developers needed to spend hours maintaining arm64 versions of GitHub Actions runners. The team first developed a workflow in which Claude first attempted to apply the Depot team's patch file and then cyclically modified it until it applied successfully without removing any existing patches. The second workflow involved Claude tracking upstream changes, summarizing them, and highlighting any breaking changes.
|
|
Veles (GitHub Repo)
Veles is Google's new open-source secret scanner. Built as a standalone module within the OSV-SCALIBR ecosystem, it was designed to detect leaked credentials in source code and artifacts. It currently supports the detection of GCP API keys, GCP service account keys, and RubyGems API keys. Veles is actively used at Google to scan internal repositories and powers credential detection for deps.dev's hundreds of millions of open-source packages. The tool will be integrated into Google Cloud services, including Artifact Registry and Security Command Center, with a future roadmap including expanded secret detection types, automated validation, and remediation workflows.
|
Vendetect (GitHub Repo)
Vendetect is a CLI tool for automatically detecting censored and copy/pasted code between repositories.
|
ReconPro (GitHub Repo)
ReconPro is a specialized web reconnaissance tool designed for cybersecurity professionals and bug bounty hunters. It provides instant access to carefully curated Google dorks organized by vulnerability type and risk level, significantly accelerating the initial reconnaissance phase of security assessments.
|
|
Charon Ransomware targets Middle East with APT attack methods (4 minute read)
Charon is a new ransomware targeting Middle East public sector and aviation organizations using advanced persistent threat tactics, including DLL side-loading, process injection, and EDR evasion techniques similar to China-linked Earth Baxia operations. The ransomware employs partial file encryption with Curve25519/ChaCha20, network propagation capabilities, and includes a dormant Dark-Kill driver for disabling security tools via BYOVD attacks. The targeted nature of attacks, evidenced by victim-specific ransom notes, highlights the concerning convergence of APT-level sophistication with ransomware operations.
|
Passkey Login Bypassed via WebAuthn Process Manipulation (3 minute read)
SquareX researchers showed a passkey bypass that doesn't break cryptography but manipulates the WebAuthn flow via JavaScript injection. By tricking users into installing a malicious browser extension or exploiting site XSS, attackers can hijack registration/authentication, impersonate users, or force password fallback—even with Face ID—by forging WebAuthn API calls in the browser.
|
From Interns to Intelligence: How Agentic AI Will Transform AppSec and DevSecOps (5 minute read)
In this conference talk, Balaji Sundara introduces the concept of agentic AI systems as a self-prompting, self-correcting, and self-balancing orchestration system. Sundara suggests a multi-pronged defense model that includes proactive measures like secure design principles, reactive measures such as rollback for flawed decisions, and detective measures such as human-in-the-loop monitoring. He also stresses that APIs underpin AI agents and, therefore, agentic systems inherit existing API issues and defenses.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
Want to advertise in TLDR? 📰
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼
Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
|
|
