<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A misconfigured server exposed a full intrusion toolkit where a threat actor integrated LLMs directly into the attack workflow β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/X1OwqsAluIOiUyTqR6D3MEX4LV2XORAsNqfvrS_eif4=446" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/Hl_U4eROv5iKhWBctPC3KCjmXYJr3nEYe97OEmaB6PU=446" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8e7af744-113e-11f1-a080-61a1d27c2202%26pt=campaign%26t=1771942072%26s=44fd64d65d0b268022f9c44855fcae1491c64b5bc89040b8243f16f2d3010178/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/H3j2pQAe8dXrMwplxyEGp9knrKtfoKXMklx96mQr5mA=446"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week2/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/7PO0PX80JUJpDMyhlcHtG9XXto9PM67_E5-t60__Eps=446"><img src="https://images.tldr.tech/illumio.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Illumio"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-24</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week2/2/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/zY542rJivX_SldXvKd-nVkxokWi-buRfweNqxEwDYEs=446">
<span>
<strong>AI Attacks Move at Machine Speed. Your SOC Needs Insights (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are using AI to automate lateral movement, mapping your network in seconds and minutes instead of weeks. <strong>Why are your analysts are still investigating logs manually?</strong><p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week2/3/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/5RujeYbjF6Y45brS2yf5bDVrlplYmFkRjtZMiSHrg2A=446" rel="noopener noreferrer nofollow" target="_blank"><span>Illumio Insights</span></a> analyzes billions of connections in real-time to show you the attack path, not just the alert: </p>
<ul>
<li>Detect AI-driven lateral movement before it spreads across your infrastructure. </li>
<li>Surface anomalous behavior patterns that are invisible to traditional SIEMs. </li>
<li>See attack paths in their business context: βDev server β Prod database via RDPβ not β172.16.4.5 β 192.168.1.87β. </li>
<li>Quarantine compromised hosts in one click while AI attacks are still probing.</li>
</ul>
<p>Microsoft chose Insights during Midnight Blizzard to hunt threats at the speed of the attack.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week2/4/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/LoYkyEuD3GffxTQOrlh1Pg5zlI8EXrUUxRVucYN-Vec=446" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Start free 14-day trial to see what your SIEM is missing.</strong> β</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.safebreach.com%2Fblog%2Fsafebreach_labs_discovers_cve-2025-29969%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/ndsXpYb5tNpfYLKVNJ3TDhLgEsWBbin3w-OFsPMVTYQ=446">
<span>
<strong>Discovery & Analysis of CVE-2025-29969 (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2025-29969 is a remote code execution vulnerability in the MS-EVEN RPC protocol β enabled by default on Windows 11 and Windows Server 2025 β that allows low-privileged users to write arbitrary files remotely by exploiting a TOCTOU flaw in the EventLog backup function, effectively bypassing default C$ share limitations. The attack chain combines a hidden CreateFile primitive for remote file/directory existence checks with an arbitrary write primitive achieved by swapping an attacker-controlled EVTX file on a remote SMB share between header validation and backup, enabling code execution via Startup folder batch scripts or DLL hijacking. Microsoft patched the TOCTOU write primitive in May 2025, though the recon capabilities enabling remote file enumeration across domain-joined machines remain unpatched.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fssd-disclosure.com%2Fjoomla-novarain-tassos-framework-vulnerabilities%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/v8Vao2K7FrqO68zRG78-T7hTq8jvxANrIziOEx7rFuo=446">
<span>
<strong>Joomla! Novarain/Tassos Framework Vulnerabilities (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Three critical unauthenticated vulnerabilities β arbitrary file read, arbitrary file deletion, and SQL injection β were disclosed in the Novarain/Tassos Framework (v4.10.14βv6.0.37), a shared system plugin shipped with five widely deployed Joomla! extensions including Convert Forms, EngageBox, and Advanced Custom Fields. Chained together, the flaws enable reliable RCE and administrator account takeover by dumping active super admin sessions via SQLi, then authenticating to upload malicious extensions. Administrators should update affected extensions immediately or disable the plg_system_nrframework plugin and restrict access to com_ajax endpoints via WAF rules.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FwviFYz/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/5CXThFZs6kmaMMKLUi7c_0A08H6wwFc0V6TiZqmh8b0=446">
<span>
<strong>US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Everest ransomware actors accessed Vikor Scientific (now Vanta Diagnostics) data via revenue cycle vendor Catalyst RCM, using compromised credentials to steal about 12GB of files containing names, dates of birth, payment card data, medical details, and insurance information. Roughly 140,000 individuals are currently listed as affected, but the final impact may be higher as counts from all linked entities remain unclear.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberandramen.net%2F2026%2F02%2F21%2Fllms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/0XCjl_sj5swgrORjvWxwCzIhThbyN9di-O-oqof6g2M=446">
<span>
<strong>LLMs in the Kill Chain: Inside a Custom MCP Targeting FortiGate Devices Across Continents (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A misconfigured server exposed a full intrusion toolkit where a threat actor integrated LLMs directly into the attack workflow β using DeepSeek to generate attack plans from recon data and Claude Code to conduct live vulnerability assessments β while targeting FortiGate appliances across 106 countries with 2,516 identified targets. Custom tools ARXON (an MCP server bridging LLM analysis with attack scripts) and CHECKER2 (a Go-based Docker orchestrator) automated the pipeline from stolen VPN config ingestion through internal scanning to LLM-driven exploitation planning, evolving from the open-source HexStrike framework in roughly eight weeks. Defenders should audit for unauthorized VPN accounts, unexpected SSH access, and unapproved firewall policy changes, as the dual-model approach of selecting whichever LLM is most permissive for a given task lowers the skill barrier for managing concurrent intrusions at scale.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.buchodi.com%2Fyour-samsung-weather-app-is-a-fingerprint%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/fa668By0y9EToSBVuEez1IoVFlH7oWHrt7I62xlN7PQ=446">
<span>
<strong>Your Samsung Weather App Is a Fingerprint (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Samsung's pre-installed Weather app quietly creates a highly unique fingerprint from the combination of saved location IDs (placeid) it sends to The Weather Company's API, with 96.4% of sampled devices uniquely identifiable across days. These fingerprints persist over time, survive IP and network changes, and can be resolved into precise locations using hardcoded API keys that work from any client. Requests often include both hashed placeid values and raw GPS coordinates, giving IBM's Weather Company and Samsung rich, granular location profiles that echo a broader industry pattern of monetizing weather-based location data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Ftracking-threat-groups-through-cloud-logging%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/sj0L5dDLZEpwPoH2SCCU_HMbpWAvuVwiqY2Wu0NpCQw=446">
<span>
<strong>Novel Technique to Detect Cloud Threat Actor Operations (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 42 researchers introduced a novel detection method that fingerprints cloud threat actors by linking their known MITRE ATT&CK techniques to specific alert patterns. This approach successfully distinguished Muddled Libra (Scattered Spider) and Silk Typhoon operations across 22 industries from June 2024 to June 2025, with only three shared alert signatures out of around 120, highlighting their differing tactics. Industry alert spikes correlated with publicly reported campaigns, such as a 25% rise in transportation sector alerts during Muddled Libra's aviation attacks, enabling defenders to identify threats early by investigating actor-related alerts over a 30-day window.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ffksvs%2Fsiper%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/ervUlyLynPegLiFRHhHx1wYG_JcU86BmMvDrYanzESQ=446">
<span>
<strong>Siper (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Siper is a high-performance, XDP-based IP blacklist firewall built with Go and eBPF that drops malicious traffic at the NIC driver level before packets reach the kernel's networking stack. It supports CIDR-based blocking via BPF LPM Trie maps, persistent JSON-based rule management, and real-time drop/pass metrics. The minimalist architecture separates a Go CLI control plane from the kernel-space data plane, offering significantly lower CPU overhead than iptables or nftables under heavy DDoS conditions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FEdgewareRoad%2FTrivySummary%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/xPGFt8bHcR55toTCQ1tcZ-Tf4Wj4YgCBmy7cfEqCLtA=446">
<span>
<strong>TrivySummary (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TrivySummary summarises Trivy scan JSON output for reporting purposes. Package vulnerabilities are collapsed down to the respective CVE, and headline counts of vulnerabilities at different priorities. As well as the vendor severity and CVSS v3 score provided by Trivy, EPSS scores can also be retrieved, allowing the exploitability and severity of all vulnerabilities to be graphed and prioritised.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/bWcrmuVLIkWNX3xYbcmW63uhokeUIT1SoRGhg2ZZtg4=446">
<span>
<strong>Depthfirst (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Depthfirst is an AI security startup whose General Security Intelligence platform scans and analyzes codebases and workflows to detect issues, prevent credential exposure, and monitor open source and thirdβparty components for AIβdriven threats.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fhackers-pulsar-rat-png-images-npm-supply-chain-attack%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/19aPaSalplFtyG_Qu8E1JVauW6f7baQqHxvetbiA0rI=446">
<span>
<strong>Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Veracode researchers discovered a typosquatted NPM package called "buildrunner-dev" that delivers the Pulsar RAT by hiding malicious code within PNG images using steganography, extracting payloads from RGB pixel values at runtime. The attack chain employs a heavily obfuscated 1,600-line batch file with only 21 functional lines, detects and evades AV products like ESET and Malwarebytes, and uses process hollowing to inject the final payload into legitimate processes. Developers should carefully verify package names and audit dependencies, as supply chain attacks increasingly leverage image-based steganography to bypass traditional file-scanning tools.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tomsguide.com%2Fcomputing%2Fonline-security%2Fpaypal-notifies-customers-of-data-breach-that-exposed-ssns-and-more-for-nearly-6-months%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/Pe2Bpp00QG9nDztIuVE2tO9BWA5XuUG9vvAaXAPLPZY=446">
<span>
<strong>PayPal notifies customers of data breach that exposed SSNs and more for nearly 6 months (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PayPal disclosed a software error in its Working Capital loan app that exposed the names, contact details, SSNs, and dates of birth of 100 business customers between July and mid-December 2025. The company reversed the faulty code, reset passwords, and detected some unauthorized transactions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F23%2Fclaude_code_security_panic%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/X71yzajYTD8g53cG985JZD3sui_9-N0PEChUOQELw-M=446">
<span>
<strong>Infosec community panics as Anthropic rolls out Claude code security checker (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's new Claude Code Security feature scans codebases for vulnerabilities, proposes patches, and claims to have surfaced hundreds of highβseverity issues in open source projects, spooking security investors and pushing stocks like CrowdStrike down. It joins Google, Microsoft, Amazon, and OpenAI in deploying AI agents for bug hunting, but all still require human review and face questions over false positives, costs, and marketing hype.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-quicklink-2402/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/l_L073fk6y8ugBwDcWrMS2GtzGKVYfSDw0qOH3ZR77M=446">
<span>
<strong>Essential guide for IT Ops teams on building scalable, reliable infrastructure (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Modern IT infrastructure moves faster than manual workflows can handle. Read <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-quicklink-2402/2/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/sCRI8TS0wFdhzx0j1notW4oLuGSNknUnh1xIY-p81Y4=446" rel="noopener noreferrer nofollow" target="_blank"><span>this Tines guide</span></a> to learn how to <strong>scale infrastructure predictably, </strong>without sacrificing performance or governance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhome.treasury.gov%2Fnews%2Fpress-releases%2Fsb0395%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/YDJQ40ZK0cUy8w9grasDtoamwJivZD62XfcZzhzW544=446">
<span>
<strong>Treasury Announces Public-Private Initiative to Strengthen Cybersecurity and Risk Management for AI (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US Treasury announced a public-private initiative through the AI Executive Oversight Group that will release six resources throughout February to help financial institutions β particularly small and mid-sized ones β manage AI-specific cybersecurity risks and deploy AI more securely.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F188344%2Fcyber-crime%2Fluxury-hotel-stays-for-just-e0-01-spanish-police-arrest-hacker.html%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/pLcy0Tj713Xb1EY43-ZSqzfn-tASWqpECXmLoDgWIHE=446">
<span>
<strong>Luxury hotel stays for just β¬0.01. Spanish police arrest hacker (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spanish police arrested a 20-year-old in Madrid who manipulated a hotel booking site's payment gateway validation process to secure luxury rooms at β¬0.01 per reservation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpredator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity%2F%3Futm_source=tldrinfosec/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/4e_4rKFmbvAtNGvebKsXwZTyZphW6xVHj84NyvyqlqQ=446">
<span>
<strong>Predator spyware hooks iOS SpringBoard to hide mic, camera activity (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Intellexa's Predator spyware suppresses iOS camera and microphone recording indicators by hooking SpringBoard's SBSensorActivityDataProvider, nullifying sensor activity updates before they reach the UI layer.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/coWRtDrAd8skIPvPBMQe-2R0aDwcGkyFAZUh_XC_wAg=446" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/yu1VZn2in9y7fTmSu22ublRBvgwtPHsthbta6lQwtN0=446" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/-Jvuhih-5wU4lc5wY0PWgOhuaBAcEUXpBTBDh_RUZqY=446"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/2OXZeiZDn-O1RXmJ4engmeobuUTLrhE6GKSMsWAelMs=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/U4CunDGUf3G5psCI-uz9xNW77UQNq7U7zKPvuZp5yqY=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/GTfQfgXFEhqLvOuJ_GSYDvJ_Jiz-i4UIcLDq94AkiTA=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/BTmjWEl-Z8RcObjpaonrHMADCvV_DJuFcY1e3ryPwjA=446"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/-lQKRWSXGWzFcc8WZhIERe5Ylsid34vI-khnOHQ2L_M=446"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/-d2QpFd96RJDIo1VI0wPRgs8XapcJvT_PK8nTc9a15g=446"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/cgvFW9WGgbN7evzmbDlh7NOZWJOTZP9ZgN8w6qPttH8=446">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8e7af744-113e-11f1-a080-61a1d27c2202%26pt=campaign%26pv=4%26spa=1771941748%26t=1771942072%26s=e3d0b8cfd12342745d22b3e46f6e6825864663289559b6c9903007c729836bde/1/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/gVre1NDHe_s0K1rRuHhSV1Su1ueXj4U4XIsHjKBfu5M=446">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c8ffa5228-de01c79d-a349-455d-ae5a-ae6121bf1664-000000/_CnCnvo1OOYqXxYUrnp1q9mYKLDBD-GhuEPrrCFJA48=446" style="display: none; width: 1px; height: 1px;">
</body></html>