Eurail Data Breach 🚅, Streamlining Investigations with Agents 🕵️‍♂️, House Sysadmin Stole 240 Phones 📱

A breach at Eurail B.V. exposed travellers' personal details, including contact information and ID data, and possibly bank and limited health data ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2026-01-16 TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week) We are launching a brand new newsletter covering IT and enterprise tech. We already have 500,000+ subscribers waiting for the first edition. We need a domain expert to curate and write the daily summaries. If you want to be the voice of the IT industry, please send your resume or LinkedIn to itcurator@tldr.tech! 🔓 Attacks & Vulnerabilities A single click mounted a covert, multistage attack against Copilot (4 minute read) Varonis researchers discovered a now-patched vulnerability in Microsoft Copilot Personal, dubbed "Reprompt," that enabled single-click data exfiltration via indirect prompt injection in legitimate Copilot URLs. The attack allowed the extraction of usernames, locations, and chat history even after the victim closed the chat window. Microsoft 365 Copilot was not affected. The vulnerability has been remediated as of this week. CIRO Says About 750K People's Data Affected By Cybersecurity Incident (1 minute read) The Canadian Investment Regulatory Organization (CIRO) says that the data of about 750K Canadian investors was compromised in a breach last year. The compromised data includes social insurance numbers, investment account numbers, and phone numbers. CIRO stated that the breach resulted from a sophisticated phishing attack. Sensitive data of Eurail, Interrail travelers compromised in data breach (3 minute read) A breach at Eurail B.V., the company behind Eurail and Interrail passes, exposed travellers' personal details, including contact information and ID or passport data, and possibly bank and limited health data for some DiscoverEU participants. Affected systems were secured, passwords reset, and customers have been urged to watch for phishing, change related passwords, and monitor bank accounts for unusual activity. 🧠 Strategies & Tactics Dissecting and Exploiting CVE-2025-62507: Remote Code Execution in Redis (16 minute read) JFrog's Security Researchers have demonstrated successful remote code execution exploitation of CVE-2025-62507, a stack buffer overflow in Redis 8.2.x's XACKDEL command with a CVSS score of 8.8. Unauthenticated attackers can overwrite the return address using crafted stream IDs, a vulnerability made easier by the lack of stack canary protection in the official Docker image. Shodan detected approximately 2,924 servers running vulnerable versions that are immediately exploitable without authentication, while 183,907 additional instances with authentication could also be at risk. Organizations are advised to upgrade to Redis 8.3.2, enable authentication, and compile with the -fstack-protector option, as the research highlights that CVSS scores alone should not determine patching priorities, since high-severity vulnerabilities can still offer straightforward remote code execution paths. Streamlining Security Investigations With Agents (8 minute read) Slack's security team introduced an agentic system for investigating security issues that involves a Director persona instructing a series of SME personas, with the results checked by a Critic persona. The Director persona reviews the investigation's status and poses a question to the experts, who use their domain expertise to prepare answers. The Director then queries those answers to advance the investigation loop or conclude the investigation. This system also enables cost optimization: expert personas, which process more data, can use cheaper models, whereas the Director persona, which requires more reasoning, can use more expensive models. The Era of Semantic Security: Computer Use Agents and the End of Signatures (7 minute read) Local computer use agents fundamentally shift the endpoint security industry because a properly functioning agent can be indistinguishable from a malicious agent or attacker, diminishing the value of signatures. A previous analogue is the adoption of PowerShell by both attackers and sysadmins, which made context necessary to distinguish attacks from standard use. Successful organizations will need to build contextual defense systems rather than trying to push back on agent adoption. 🧑‍💻 Launches & Tools Why Sumo Logic's TDIR score tied for second in the Gartner Critical Capabilities report for SIEM (Sponsor) Consolidating security and IT Ops is no longer just a nice-to-have. By automatically tuning alert thresholds and mapping threats to adversary tactics based on premium threat intelligence feeds, Sumo Logic is helping Dev, Sec, and Ops teams collaborate. Sign up for a demo and get some cool swag! The State of Rust Cryptography in 2026 (5 minute read) Rust's cryptography ecosystem has matured significantly, with aws-lc-rs and ring now serving as the official crypto providers for rustls. At least two libraries, aws-lc-rs and boring, offer FIPS 140-3 certification alongside post-quantum KEM support via Kyber algorithms. The ecosystem divides between pure-Rust implementations, such as RustCrypto, dalek-cryptography, and graviola, which offer better auditability and cross-compilation, and C library wrappers that provide assembly-optimized performance. This is a relevant trade-off because 37.2 percent of cryptographic library vulnerabilities stem from memory safety issues. For teams requiring FIPS compliance and performance, aws-lc-rs is recommended. For WebAssembly targets and easier cross-compilation, RustCrypto crates remain the preferred choice. isVerified (Product Launch) isVerified offers mobile apps that secure executive and institutional phone calls by detecting AI-generated voice deepfakes in real time and binding a verified user identity to a hardened VoIP channel, protecting enterprises from vishing and voice impersonation attacks. BlueTeam-Tools (GitHub Repo) This GitHub repository contains 65+ tools and resources useful for blue teaming activities. 🎁 Miscellaneous US gov't: House sysadmin stole 200 phones, caught by House IT desk (3 minute read) A former House Committee on Transportation and Infrastructure sysadmin was indicted for allegedly ordering 240 government cell phones, shipping them to his home, and selling over 200 to a pawn shop in a scheme that cost taxpayers $150,000. The scheme unraveled when one phone, which was instructed to be sold only "in parts" to bypass MDM controls, ended up intact on eBay. The buyer called the House IT help desk number displayed on boot. The case highlights the importance of asset management controls and segregation of duties for personnel with procurement authority. Microsoft taps UK courts to dismantle cybercrime host RedVDS (3 minute read) Microsoft coordinated civil actions in the US and UK to take down RedVDS, a cybercrime-as-a-service provider that rents cheap virtual servers, fueling large-scale phishing and fraud campaigns worldwide and causing at least $40 million in reported US losses. The operation involves domain seizures, infrastructure disruption, and collaboration with Europol, German authorities, and victim organizations like H2-Pharma and a Florida condo association. French data regulator fines telco subsidiaries $48 million over data breach (2 minute read) France's CNIL fined Free SAS and Free Mobile, subsidiaries of Groupe Iliad, a combined €42 million after a 2024 breach exposed bank and other personal data of 24 million subscribers. Regulators cited weak VPN authentication, poor anomaly detection, and inadequate breach notifications, and criticized the firms' basic security lapses. The companies, which have since upgraded controls, plan to appeal, calling the sanctions unprecedented and disproportionate. ⚡ Quick Links South Korean giant Kyowon confirms data theft in ransomware attack (2 minute read) South Korean education conglomerate Kyowon Group confirmed a ransomware attack impacted 600 of its 800 servers. Microsoft updates Windows DLL that triggered security alerts (2 minute read) Microsoft's updates on January 13 patched the WinSqlite3.dll component across Windows 10/11 and Server 2012-2025 after third-party security tools flagged it as vulnerable to CVE-2025-6965, a memory corruption flaw. Central Maine Healthcare Data Breach Impacts 145,000 Individuals (2 minute read) Hackers accessed Central Maine Healthcare's network between March and June 2025, exposing names, dates of birth, Social Security numbers, treatment details, provider information, service dates, and insurance data for 145,381 people. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/03c142dc/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.