Attacks & Vulnerabilities |
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors (3 minute read)
Operation SkyCloak uses phishing emails with military document lures to deploy sophisticated backdoors targeting defense sectors in Russia and Belarus, establishing persistent access through legitimate OpenSSH services and customized Tor hidden services with obfs4 traffic obfuscation. The malware performs environmental checks to evade sandboxes, creates scheduled tasks for persistence, and enables remote access to critical Windows services (RDP, SSH, and SMB) through anonymous Tor addresses using pre-installed cryptographic keys. Security professionals should monitor for unusual scheduled tasks named after legitimate applications, implement network monitoring for Tor traffic patterns, and enhance email security controls to detect phishing campaigns using military-themed lures targeting defense organizations. |
Media Giant Nikkei Reports Data Breach Impacting 17K People (2 minute read)
Japanese publishing giant Nikkei, which owns international brands such as The Financial Times, reported that its Slack platform was breached. An account was breached via stolen credentials from an employee's computer. Messages sent by over 17K members of the Slack organization were stolen. Nikkei stated that no data related to confidential sources was available. |
|
Security Leadership Master Class 1: Leveling Up Your Leadership (4 minute read)
Effective security leaders understand that they must act like a business executive, not an IT manager, and must focus on creating a high-level strategy, master business-oriented communication, manage executive expectations, and proactively communicate successes and manage the maritime. Security leaders should also work at the team level to build resilient teams, develop scalable systems, prioritize areas that require more effort, take personal accountability, and engage with the professional community. This is part one of a 7 part series by Phil Venables on security leadership. |
Defeating KASLR by Doing Nothing at All (7 minute read)
Kernel Address Space Layout Randomization (KASLR) on Android ARM64 devices can be completely bypassed without any exploits due to the Linux kernel's linear mapping being placed at a predictable virtual address (0xffffff8000000000) and Pixel phones loading the kernel at a static physical address (0x80010000). This allows attackers to calculate exact kernel virtual addresses for any data structure using simple arithmetic, effectively nullifying KASLR's protection against local kernel exploits on affected devices. The vulnerability stems from engineering decisions that prioritize memory hot-plugging support over security randomization, with both the Linux kernel team and Google considering this intended behavior and having no immediate plans for mitigation. |
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control (10 minute read)
A new cybersecurity threat called SesameOp leverages the OpenAI Assistants API as a covert channel for command and control, allowing attackers to communicate with malware undetected. By embedding its communication within legitimate API traffic, SesameOp enables persistent access and remote control of compromised systems while evading traditional detection methods. It achieves this by leveraging obfuscated code, secure encryption, and creative misuse of built-in API functionality, rather than exploiting specific software vulnerabilities. |
|
Three words: Live. Hacking. Demo. š„ (Sponsor)
Join Huntress CEO and former NSA operator Kyle Hanslovan on November 13 at 11am ET as he breaks into a Microsoft 365 account to show you how hackers spin up believable phishing lures, scrape browser creds, and reuse other people's logins without breaking a sweat. Register now. |
netvisor (GitHub Repo)
netVisor is an open-source network topology discovery and visualization tool that automatically scans networks to identify hosts, services, and their relationships, generating interactive documentation of network infrastructure. The tool employs a server-daemon architecture, where lightweight agents perform network scanning from multiple vantage points (supporting VLAN mapping) and report to a central PostgreSQL-backed server. This server generates visual topology maps, automatically detecting over 50 common services, including virtualization platforms, network infrastructure, and security tools. Security teams can leverage this for asset inventory, network segmentation validation, and maintaining up-to-date network documentation without the need for manual diagramming. |
SlopGuard (GitHub Repo)
SlopGuard detects AI-hallucinated packages, typosquatting, and supply chain attacks with automated trust scoring. Zero maintenance, <3% false positives, and multi-ecosystem support |
Neon Cyber (Product Launch)
Neon Cyber protects organizations by embedding a browser extension on managed devices, providing real-time protection against phishing and insider threats. It delivers deep visibility into user actions in the browser, following threats and giving analysts a complete forensic context without adding user friction. |
|
Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive (2 minute read)
The SleepyDuck malware, disguised as a legitimate Solidity extension for Visual Studio Code, uses an innovative Ethereum smart contract-based command and control infrastructure to maintain persistent access even if primary servers are taken down. The malware activates when opening .sol files, connects to Ethereum RPC providers to communicate with contract address 0xDAfb81732db454DA238e9cFC9A9Fe5fb8e34c465, and polls for commands every 30 seconds while collecting system information and providing remote access capabilities. Security professionals should implement strict extension vetting processes, monitor network traffic for Ethereum RPC connections originating from development environments, and establish policies that require extensions to be sourced only from verified publishers with established reputations. |
US cybersecurity experts indicted for BlackCat ransomware attacks (2 minute read)
Three former cybersecurity incident response professionals from DigitalMint and Sygnia face federal indictment for allegedly operating as BlackCat/ALPHV ransomware affiliates, attacking five US organizations between May and November 2023 with ransom demands ranging from $300,000 to $10 million. The defendants exploited their insider positions as ransomware negotiators and incident response managers to gain unauthorized network access, steal data, deploy encryption malware, and demand cryptocurrency payments while only successfully extracting $1.27 million from one Tampa medical device manufacturer. Security teams should scrutinize third-party incident response providers and implement strict access controls. This case highlights the severe risk of insider threats when trusted security professionals abuse privileged access for financial gain. |
MIT Sloan quietly shelves AI ransomware study after researcher calls BS (3 minute read)
MIT Sloan has withdrawn a paper claiming that over 80% of ransomware attacks are AI-driven following strong criticism by cybersecurity experts who found its claims unsubstantiated and its evidence lacking. Critics argued the research exaggerated AI's role in cyberattacks and pointed to possible conflicts of interest, causing MIT to promise an updated version. |
|
Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching (2 minute read)
Microsoft's emergency patch, KB5070881, for the actively exploited CVE-2025-59287 WSUS remote code execution vulnerability inadvertently disabled hotpatching on Windows Server 2025 systems, forcing affected organizations to choose between vulnerability remediation and zero-downtime patching capabilities until the corrected KB5070893 update or the January 2026 baseline becomes available. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? š° If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? š¼ Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
VHAVENDA I.T SOLUTIONS
![[Happening Next Week!] From Silence to Disclosure: Rethinking the Measurement of Intimate Partner Violence](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v4dGZNgsfMerzDNvzALePTA3W3pk2dEweFaaBadEBSYWx6Q5giiBlez1UNHjNV8isPZi9e53SamvYCwpc_CLx8sxBuDm3Nez3aR2nTYJ-ywSxnj4hEYdvZLE0saoocqja0nfsQGAhHO1hlwkz2fgoOGjodm2Gni5I_dkZO9sDG8CrWsm2tuLenlhCzDDjB0WjqbjgWrRw6wyS9huCGJQ5w2X1PKCz7ph_GFXuvzySDyw=w72-h72-p-k-no-nu)
0 Comments
VHAVENDA IT SOLUTIONS AND SERVICES WOULD LIKE TO HEAR FROM YOUš«µš¼š«µš¼š«µš¼š«µš¼