<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Enabling the Gemini API on a Google Cloud project silently grants existing API keys. Organizations should audit all GCP projects </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/pUQYp_fCIfgwPFZO66nrlUitrze-ql5wXtSMRnpYMag=446" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/OqiKnVuW4mvRxvnVjFYL76TmXkqXaiu6q6BHews5rfo=446" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0f87477c-13c2-11f1-a51d-451f908a8e8d%26pt=campaign%26t=1772201216%26s=23216de5b542ccd438348849a5c2817d7dca37a7afb152c894a4f145c11909fb/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/_azvZPA-w1pZ3gqPobSbu-yYG6M7zStV22hfU7akfDw=446"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%23register%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/nfvU_ayMEo9kHQ3ndk8M10OvJazBKW8jdGhLwmtxdXQ=446"><img src="https://images.tldr.tech/huntress.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Huntress"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-27</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%23register%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/2/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/MhpiJ8rteHwMvJ5OZa5jvSfex9jXw-YIo_F5dnufUQM=446">
<span>
<strong>Step inside the business of modern cybercrime (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
On March 18, <a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fhuntress.com%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/XeqjcTlR5cCGc_kfeZIIoy7YDiQV6pNGoznyayN2zec=446" rel="noopener noreferrer nofollow" target="_blank"><span>Huntress</span></a> hosts <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/dSJ4prhbdDKpZNL4S_0u9zkC3B-wWzR6Zl9KB4Gddks=446" rel="noopener noreferrer nofollow" target="_blank"><span>_declassified</span></a>, a live, raw intel drop on the dark economy of cybercrime, where John Hammond joins YourTuber Jim Browning to show you exactly what cybercriminal organizations look like.
<br>
<br>You'll see:
<br>
<br>✔️An in-depth look at the business processes and technologies used by both legit organizations and their cybercriminal counterparts
<p></p>
<p>✔️Insights into how threat actors organize, communicate, and execute attacks using the same business tools you use</p>
<p>✔️Actionable strategies to anticipate, spot, and defend against adversaries who think and operate like your own team
<br>
<br>👉<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%23register%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/3/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/AUbI7AMxcK0rxpjjkpRhBa0riJTrddtEJPJtnSafVMM=446" rel="noopener noreferrer nofollow" target="_blank"><span>Save Your Spot <br><br></span></a>Seriously—don't miss this.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrufflesecurity.com%2Fblog%2Fgoogle-api-keys-werent-secrets-but-then-gemini-changed-the-rules%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/AIFKpO2zUshZugCT3husvL3Ynu8KXziUNGRRFWHinFw=446">
<span>
<strong>Google API Keys Weren't Secrets. But then Gemini Changed the Rules (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Truffle Security discovered that enabling the Gemini API on a Google Cloud project silently grants existing API keys, including those publicly embedded in client-side JavaScript for services like Maps and Firebase, access to sensitive Gemini endpoints (CWE-1188, CWE-269). A scan of the November 2025 Common Crawl dataset identified 2,863 live Google API keys vulnerable to this privilege escalation, affecting major financial institutions, security companies, and Google itself. Organizations should audit all GCP projects for the Generative Language API, restrict or rotate any unrestricted or publicly exposed keys, and verify that no Gemini-capable keys are embedded in client-side code or public repositories.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FRcMIoQ/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/733egSYWQbiMpsJPpSZ15--vEEGi6z40i4rzzpaHKPY=446">
<span>
<strong>Malicious Next.js Repos Target Developers Via Fake Job Interviews (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft discovered Trojanized Next.js repositories linked to North Korea's Lazarus APT that deliver backdoors through fake job-recruitment coding challenges, achieving RCE and persistent C2 access on developer machines. The repositories exploit VS Code workspace automation via malicious .vscode/tasks.json files or embed obfuscated loaders in build assets that fetch attacker-controlled JavaScript at runtime. Security teams should enforce strict IDE trust policies, monitor for anomalous Node.js outbound connections, and treat developer workflows as a privileged attack surface.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F02%2F26%2Fcisco-says-hackers-have-been-exploiting-a-critical-bug-to-break-into-big-customer-networks-since-2023%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/J0oooeuXRgYQ99BY_Xh-ILfRfShubEjVKoW3gXmAxVg=446">
<span>
<strong>Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers have abused a max‑severity 10.0 flaw in Cisco Catalyst SD‑WAN gear since at least 2023 to gain top‑level access, maintain stealthy persistence, and spy on or steal data from large enterprises and critical infrastructure worldwide. Governments, including the US, UK, Canada, Australia, and New Zealand, warn of global targeting.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.infoguard.ch%2Fposts%2Fabusing_cortex_xdr_live_response_as_c2%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/IHKbphiLFEXhNilP_JM6OtA2pQyfa2kdFhf72w204ec=446">
<span>
<strong>Abusing Cortex XDR Live Terminal as a C2 - InfoGuard Labs (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
InfoGuard researchers demonstrated that Palo Alto's Cortex XDR Live Terminal feature can be abused as a pre-installed, EDR-trusted C2 channel, offering command execution, file transfer, and evasion capabilities through traffic that blends natively into enterprise network flows. The attack exploits a trivial URL validation flaw in cortex-xdr-payload.exe and the absence of mutual authentication or cryptographic command signing, allowing attackers to redirect connections to their own infrastructure via cross-tenant hijacking or a custom WebSocket server. Defenders should monitor for cortex-xdr-payload.exe spawned by any parent process other than cyserver.exe, while Palo Alto's claimed fix in versions 8.7-8.9 was not confirmed effective as of February.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F02%2Fnew-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/5-qjtD6F9LoLrhoQY_ssVbaYKTDwKAoM5Mf56XBBzu8=446">
<span>
<strong>New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AirSnitch exploits low-level Wi-Fi behavior to bypass client isolation, enabling bidirectional MitM from any SSID on the same AP against popular consumer and enterprise gear. Attackers can steal cookies, credentials, and RADIUS secrets, pivot between guest and corporate networks, and poison DNS, challenging assumptions about guest Wi-Fi safety and pushing networks toward stricter zero‑trust segmentation and careful AP/VLAN design.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2Ftr-post-ramp-allegations-fragmentation-ransomware-underground-rebuild%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/eVUUluUvbLptpjjscHlrb_eJOHO3doP95-DGBAon1YQ=446">
<span>
<strong>The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In January 2026, the FBI-led seizure of the RAMP forum dismantled a central hub for ransomware coordination but mainly shattered trust and pushed actors into more fragmented spaces, such as the closed, pay-to-enter T1erOne and the open forum Rehub. Competing narratives about leaked RAMP data and possible insider abuse have reinforced fears of honeypots, driving a shift toward smaller, tightly vetted communities and parallel use of low-barrier platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fstate-of-llm-security%3Futm_campaign=14995291-SOPR%2520AI%2520cut%25202025_06%26utm_source=TLDR%26utm_medium=enewsletter/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/zTBAJF88-s7iblyKJ_5FplOEYlML4rYXESJlONoGnyA=446">
<span>
<strong>32% of LLM pentest findings are serious vulnerabilites — higher than any other asset type (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
...And only 21% of serious LLM vulnerabilities are actually resolved, the lowest among all pentest types. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fstate-of-llm-security%3Futm_campaign=14995291-SOPR%2520AI%2520cut%25202025_06%26utm_source=TLDR%26utm_medium=enewsletter/2/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/cf1h8AgvRgOp20p81usdSWERgsyLiGO-xVIYUh8He6U=446" rel="noopener noreferrer nofollow" target="_blank"><span>Cobalt</span></a> combed data from 16,000 LLM pentests and the results are not pretty. They indicate that most teams are prioritizing quick fixes over complex problem solving. Read the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fstate-of-llm-security%3Futm_campaign=14995291-SOPR%2520AI%2520cut%25202025_06%26utm_source=TLDR%26utm_medium=enewsletter/3/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/pzQ8sAyR2h3YZL3g_ty1mOFqOBe_0TYD23kmg8M1LOc=446" rel="noopener noreferrer nofollow" target="_blank"><span>State of LLM Security Report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsplintersfury%2FAutoPiff%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/ZHsemlIdKy3es0U34hobVcmeCnRVvPXiGgZBq7HUhCQ=446">
<span>
<strong>AutoPiff (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AutoPiff is a semantic analysis engine that automates the detection of security-relevant changes in Windows kernel driver patches using 58 YAML-based rules across 22 vulnerability categories, including use-after-free fixes, bounds check additions, and IOCTL input validation. The framework runs as a Karton microservice pipeline integrating Ghidra decompilation, function matching, call-graph reachability analysis, and exploitability scoring to reduce manual driver pair analysis from 4-12 hours to under 5 minutes. Designed for silent patch detection and 1-day vulnerability research, it tracks 50+ dangerous API sinks and alerts on high-scoring findings via Telegram.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgambit.security%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/RsE-RS9mlJC829Jxf7yZFNz8ax78T3cveFqV4Gujpqc=446">
<span>
<strong>Gambit Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gambit Security's AI-powered resilience platform, Balens, maps environments, security products, and backups to uncover gaps, validate recovery paths in real-time, and ensure business continuity against ransomware and disruptions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftnonate%2Fthenewoil%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/yI-w22ahFHpf8qy1bf2j2SapMBqJm4_lba-3KXzB_kA=446">
<span>
<strong>TheNewOil (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A project dedicated to teaching beginners and non-tech-savvy people about digital privacy and cybersecurity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.0xsid.com%2Fblog%2Fonline-tld-is-pain%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/-NuhB1P3xN59f4EejTVx0mj2g1GAlxy6bS9SHBnIa_0=446">
<span>
<strong>Never Buy A .online Domain (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A developer's .online domain was suspended via serverHold by registry operator Radix after Google Safe Browsing flagged the site, with no prior notification or grace period. The suspension created a Catch-22 where Google required DNS-based domain verification to review the flag, but the registry refused to reactivate DNS until Google removed it. The incident highlights the risks of non-.com TLDs with aggressive abuse policies and reinforces the importance of pre-registering domains in Google Search Console and adding uptime monitoring even for simple landing pages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F25%2Fgoogle_and_friends_disrupt_unc2814%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/KHzXGMIA0TAbYVUEkhIxmS0pkbGXZorKZ5kCIeMxIUs=446">
<span>
<strong>Google catches Beijing spies using Sheets to spread espionage across 4 continents (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Threat Intelligence disrupted UNC2814, a China-linked espionage group that compromised 53 victims across 42 countries by targeting telecoms and government organizations with a novel backdoor called Gridtide that abuses Google Sheets API for C2 communication. The group, tracked since 2017, escalated privileges via SSH lateral movement and deployed SoftEther VPN Bridge for persistent encrypted connections, with infrastructure dating back to July 2018. Google terminated all attacker-controlled Cloud Projects, disabled known infrastructure, and revoked the Sheets API access used for C2 operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fq2Hk8o/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/qSgVlUwJ2mMtA43mRqk7c-0ZNaZjvAmqcjQHts1Vz7o=446">
<span>
<strong>The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IBM X-Force data shows high volumes of unauthenticated vulnerabilities and a surge in infostealer‑driven credential theft, including hundreds of thousands of stolen ChatGPT logins. Attackers use AI and agentic systems to expand blast radius, pivot through supply chains, and blur criminal and nation‑state tradecraft.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4V5gJA%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/DLP0FBX06JYise-APiVFfFDas6gTcjx4H-kvEw57v4s=446">
<span>
<strong>Tool overload got your head spinning? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tech stack complexity is out of control, and the last thing you need is a bigger ‘stack'. Microsoft Azure gives you a unified view of applications, cloud resources, and AI—so you can ship more software with less open tabs. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4V5gJA/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/-s1S9g9f6CuDtcMOotIESPpOaJ-cScc4PW9gLgu-bU8=446" rel="noopener noreferrer nofollow" target="_blank"><span>Simplify with Azure</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhome.treasury.gov%2Fnews%2Fpress-releases%2Fsb0404%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/TFp2uPm089Tvq5GCD7K9g3JxWhBo8yNyszK0sfq0RMs=446">
<span>
<strong>Treasury Sanctions Exploit Broker Network for Theft and Sale of US Government Cyber Tools (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US Treasury sanctioned Russian exploit broker Operation Zero and its founder Sergey Zelenyuk for acquiring at least eight stolen US government cyber tools from an insider and selling them to unauthorized buyers, marking the first-ever action under the Protecting American Intellectual Property Act.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zdnet.com%2Farticle%2Flinux-kernel-maintainers-new-way-of-authenticating-developers-and-code%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/nteIOCCwk6eU-EeVOa0U1Txsj85tStBR8RsFY2oXWjA=446">
<span>
<strong>Linux explores new way of authenticating developers and code - here's how it works (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Linux kernel maintainers have proposed replacing the aging PGP web of trust with a decentralized identity layer built on W3C DIDs and verifiable credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthe-decoder.com%2Fclaudes-cowork-desktop-app-now-runs-scheduled-tasks-so-your-ai-assistant-works-while-you-sleep%2F%3Futm_source=tldrinfosec/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/xhdr6zuyUexkxvFUrByICoEa8OFsGryX8mn2AEc1vWw=446">
<span>
<strong>Claude's Cowork desktop app now runs scheduled tasks so your AI assistant works while you sleep (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's Cowork desktop app has added scheduled task automation for Claude, enabling recurring workflows like morning briefings and weekly report generation, though security professionals should carefully scope the system access granted to the agent.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/V8HG2__PZd0TVNwWsPdfnAAdlTJanu4mAz1wioSTnrk=446" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/F7RQ6z6lmHD7Ofu7dDMhUJCYABXh_LYaIAsewd0hJOM=446" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/iqkSz-FGA45m2ROV_-xakfGSqVT2YJocOkE0_Hmm5cY=446"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/ayZF2MBNFKTymDQzB_cAK8IdbapeasDJeSS3FnbzesY=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/xU6IkedeSd3rvH4HlCXzDnqKTWWxHzfQzHji7ubDuIQ=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/eEVqCKYUteXDvR4jpjE30lObWckng8DHxjZpJ_KRm1Y=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/AdIJ8IwpDHw8f3qfqW8trXLErmDMSO8DWBKXH-o49eM=446"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/DwhtOCJ9PpO-S0LF78vvkzfNAsXQcTv84FKZQvIT_M4=446"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/uxdK9xYSueMsHsYwnVItQ1INca11JA9X2RgpjXKlzT8=446"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/CDHtKlb2qVjSUyierliaukAHy8rei6XEQ-HrcAabph8=446">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0f87477c-13c2-11f1-a51d-451f908a8e8d%26pt=campaign%26pv=4%26spa=1772200897%26t=1772201216%26s=1998d3574eb98768774d164c3a2c1abcafda45cc575acd61995fbe6a5691b4c0/1/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/4WBDpyWMfxemi67tp922pW_jAt0khNZGnhdo7qK3ozk=446">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c9f6c8c4e-ae13e7b7-27c9-4868-97f6-ef9986503c5a-000000/QmojtC232-t19s7eDQXLyq0_88_4ua9Qf-rUaqPMWZA=446" style="display: none; width: 1px; height: 1px;">
</body></html>