<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-21902 is a RCE in Juniper Junos OS Evolved on PTX Series routers caused by the On-Box Anomaly Detection Framework's Python REST API β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/FGgyNM75yJ6JbEwGvncn04_Y51M9-W6bi01VQjuyy78=447" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/oAREONr7dHeGU-S3rpnsDPhfn0vcNuoCMLF8bEq8NKE=447" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=346df15e-188a-11f1-8402-a3be1e0a16cd%26pt=campaign%26t=1772719632%26s=87ad33446a5893986c99c2d7af393feae32c8b93cd206d3ec27144d6770b56ea/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/TBimp5aDPqW41xQv9WsBzSOzrH3wjOQWAGe1QAl9XKg=447"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fon.action1.com%2Ftldr/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/fj9SjlEI1Y7Ie3OcW-RKAlQEV-r4e6rUF3SBGP2JX3I=447"><img src="https://images.tldr.tech/action1.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Action1"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-05</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fon.action1.com%2Ftldr/2/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/xmfjq7OesdMC6b1hRupIeziYkFmv2y5FGpOTQxiBtPY=447">
<span>
<strong>Patching is annoying. Action1 handles your first 200 endpoints for $0, forever (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Patching is slow, tedious, and always the first thing pushed to next week. What if patching just worked β automatically, and for free? <p></p><p>Get the cloud-native patch management solution trusted by <strong>eBay</strong>, <strong>Coca-Cola</strong>, and the <strong>State of California</strong> at zero cost. Action1 provides fully functional patch management for OS and third-party apps β free for the first 200 endpoints. </p><p>β
Supports Windows, macOS, Linux, and third-party apps. </p><p>β‘οΈ Up and running in 5 minutes, zero infrastructure required. </p><p>π€¨ Sounds too good to be true? Just give it a try! Use the full product with no credit card, no expiration date, no hidden tricks. See for yourself at <a class="Hyperlink SCXW18082319 BCX0" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fon.action1.com%2Ftldr/3/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/doayzFBF2MFZDnzE2R39Yr4gjE_wI6zHxHwzzlIaAzE=447" rel="noreferrer noopener" target="_blank"><span>https://on.action1.com/tldr</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fsometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce%2F%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/kd-VOtrckWrjFSVu1jwoImgCxlHltzGaLxYUOBd2GY0=447">
<span>
<strong>Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-21902 (CVSS 9.8) is a pre-authentication RCE in Juniper Junos OS Evolved on PTX Series routers caused by the On-Box Anomaly Detection Framework's Python REST API binding to 0.0.0.0:8160 instead of an internal-only interface, exposing unauthenticated shell command execution running as root. Exploitation requires four unauthenticated HTTP POST requests: register a RE-SHELL command, wrap it in a DAG, schedule a DAG instance, then commit, after which the schedule enforcer passes the attacker-controlled syntax field directly into subprocess.run(). Affected versions are Junos OS Evolved 25.4 before 25.4R1-S1-EVO and 25.4R2-EVO. Operators should patch immediately and audit exposure of port 8160/TCP at network boundaries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackmag.com%2Fsecurity%2Fnginx-int-overflow%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/cdk4hFhw6-dDSTqGCRYGdH6GfZ9EMB3nNjyRf2JNBWk=447">
<span>
<strong>Exploiting Integer Overflow in the Nginx Web Server: A Deep Dive into the Vulnerability (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2017-7529, a now-patched integer overflow in nginx's Range header parser, affected versions 0.5.6 through 1.13.2 and allowed attackers to read out-of-bounds memory from nginx's cache files by crafting two negative byte ranges that caused a signed 64-bit integer overflow in the size accumulator, bypassing the content-length bounds check. When nginx operated as a caching proxy, the exploit leaked the raw cache file contents, including internal request headers, backend server identity, and potentially backend IP addresses. The vulnerability carried limited direct impact but demonstrated how information disclosure primitives can serve as links in a broader attack chain.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FikDvWf/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/xvGwBlsy-Cd40GzE3EpMCKOS8OCmiZS4txXuFI1oJrA=447">
<span>
<strong>New LexisNexis Data Breach Confirmed After Hackers Leak Files (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LexisNexis confirmed that attackers accessed legacy servers, exposing customer identifiers, business contact data, survey respondents' IPs, and support tickets, while denying any impact on current products and services. Hackers claim React2Shell and misconfigured AWS led to theft of over 2 GB of data, including 400,000 personal records and sensitive enterprise, employee, and development information.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fcoruna-powerful-ios-exploit-kit%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/QYDXlRHXijwK3Wnvg6nOo1nsFpvAtYc-mUGGLXXehiI=447">
<span>
<strong>Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Coruna is a sophisticated iOS exploit kit containing five full exploit chains and 23 total exploits targeting iOS 13.0 through 17.2.1. It proliferated from a commercial surveillance vendor customer to a Russian espionage group, UNC6353, which conducted watering hole attacks against Ukrainian users, and ultimately to a Chinese financially motivated actor, UNC6691, that deployed it via fake crypto exchange sites to steal cryptocurrency wallet credentials. The kit's final payload, PLASMAGRID, hooks into 18 crypto wallet apps, scans for BIP39 seed phrases, and uses a DGA seeded with "lazarus" to generate fallback C2 domains. iPhone users should update to the latest iOS immediately. Where updates aren't possible, enabling Lockdown Mode is recommended, and defenders should review the published YARA rules and IOCs for hunting activity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fletsencrypt.org%2F2026%2F02%2F18%2Fdns-persist-01%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/ge7Tsf8sAhF5qvV9XxqDaS5wpSVg2AYJYEfTrvoz-V0=447">
<span>
<strong>DNS-PERSIST-01: A New Model for DNS-based Challenge Validation (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DNS-01 is a standard for validating ACME certificate issuance by publishing a DNS record to verify the domain ownership. The mechanism can lead to operational complexity because it requires a new TXT record for each issuance, which may need DNS API credentials to be embedded in automation scripts. It also makes the renewal process vulnerable to DMS propagation delays. Let's Encrypt has proposed a new standard called DNS-PERSIST-01, which enables a persistent DNS record to pin an ACME request and specific CA that can issue records.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flookingatcomputer.substack.com%2Fp%2Frare-not-random%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/ScG60o1DadKw4_en3Dv0RddnbOelNNMssC9iuCDkt3E=447">
<span>
<strong>Rare Not Random: Using Token Efficiency for Secrets Scanning (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gitleaks has traditionally built its secrets scanner using a combination of regexes, entropy, and rule-based filters. This post details how the team adapted the scanner to use token efficiency, which tests how frequently a piece of text appears in a model's training data by dividing it into tokens, instead of entropy, to boost performance. Using this method and a few other tweaks, the author created a tool called BetterLeaks, which outperforms other scanners, such as CredSweeper, on secret detection in the CredData dataset.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcheckmarx.com%2Fblog%2Fai-code-needs-ai-security-why-claudes-announcement-signals-a-bigger-shift%2F%3Futm_source=tldr_email%26utm_medium=email%26utm_campaign=tldr_newsletter/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/qd8X7Ahk-IitsGmxV3ugEllnJGyQTkzx4NhkRA0OUbg=447">
<span>
<strong>Claude Code Security is here. But don't throw out your AppSec just yet (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The launch of Claude Code Security validates what you already know: AI coding risks require AI-native, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcheckmarx.com%2Frsac-2026%2F%3Futm_source=tldr_email%26utm_medium=email%26utm_campaign=tldr_newsletter/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/2P4ZDX4_oYPPKmcT0N7fVyLpQdwt7Zg1YHvfz3ZXQrE=447" rel="noopener noreferrer nofollow" target="_blank"><span>agentic app security</span></a>. But enterprise security isn't redundant. Real risk extends beyond AI-generated code. Agentic AppSec delivers end-to-end coverage across development, build, and runtime. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcheckmarx.com%2Fblog%2Fai-code-needs-ai-security-why-claudes-announcement-signals-a-bigger-shift%2F%3Futm_source=tldr_email%26utm_medium=email%26utm_campaign=tldr_newsletter/2/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/HamBenzMch8E2_QnbAsU164mYQYAxKbLb4-yguuPbNA=447" rel="noopener noreferrer nofollow" target="_blank"><span>Read the Checmarx blog to see why.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fculpur%2Fcstrike%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/KDqwssdloD1uBj3y4ugveHzUkbpW21V18ri78w6zpD0=447">
<span>
<strong>CStrike v2 (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CStrike v2 is an autonomous offensive security platform built on a containerized Docker stack with a real-time web dashboard and AI-driven scan orchestration across 35+ integrated tools.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjetstream.security%2F%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/9hhUO__MKH1xIEvaaL8Vl4WroW4rivKY36uSBlXKhwI=447">
<span>
<strong>JetStream Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JetStream provides an AI governance platform that builds dynamic βAI Blueprintsβ to map AI agents, models, data, tools, and identities, giving enterprises real-time visibility, risk control, and cost tracking for production AI deployments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FTrustTunnel%2FTrustTunnel%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/LjA6DPdaiiGp_DGe0joLXK4a6UAX_1JJ-OUdkZcBOeE=447">
<span>
<strong>TrustTunnel (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TrustTunnel is an open-source VPN protocol originally developed by AdGuard VPN that delivers fast, secure, and reliable VPN connections that are indistinguishable from regular HTTPS traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.quarkslab.com%2Favira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/ENiQJ2PURZipfAsoFK2-goqfpF5eUuynHDmyVKFF1H0=447">
<span>
<strong>Avira: Deserialize, Delete, and Escalate - The Proper Way to Use an AV (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Quarkslab disclosed three vulnerabilities in Avira Internet Security (versions 1.1.109.1990 and below, fixed in 1.1.114.3113): CVE-2026-27748, a symlink-following arbitrary file delete in the Software Updater running as SYSTEM; CVE-2026-27749, an unfiltered .NET BinaryFormatter deserialization in System Speedup's RealTimeOptimizer that reads an attacker-controlled file from the user-writable ProgramData directory; and CVE-2026-27750, a TOCTOU folder delete in the Optimizer that enables the Config.msi junction trick for a SYSTEM shell. The file delete primitive chains into the deserialization bug when temp_rto.dat already exists and can't be overwritten, while the TOCTOU path plants HID.DLL via MSI rollback. The writeup also documents a contentious disclosure process in which Gen Digital refused to accept vulnerability reports outside its NDA-bound bug bounty platform.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBoNsUS/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/oR4WwrJo8RZ4euB8xxkcYsEBCS5hdqZ-uHPmW80vw7k=447">
<span>
<strong>China's Silver Dragon Razes Governments in EU, SE Asia (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chinese threat actor Silver Dragon, linked to APT41, has targeted government networks in Southeast Asia and Europe since midβ2024 using phishing and exploits against Internetβfacing servers to conduct espionage. It relies on Cobalt Strike, DNS tunneling, and other methods, so security teams should harden publicβfacing services and monitor for any suspicious movements.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F03%2Fchatbot_data_harvesting_personal_info%2F%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/30hftGaTOr6V6ISrDd5Ij-Zecx_bS7CySB6r_brJdB8=447">
<span>
<strong>Chat at your own risk! Data brokers are selling deeply personal bot transcripts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Browser extensions posing as free VPNs or ad blockers are intercepting AI chats and feeding verbatim prompts and responses into commercial datasets, exposing names, health data, immigration issues, legal problems, and corporate secrets. Data brokers resell these searchable transcripts, undermining anonymization claims and creating major risks around reβidentification, patient privacy violations, abuse disclosures, and sensitive corporate leakage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F04%2Ftiktok-wont-add-end-to-end-encryption-to-direct-messages-report-says%2F%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/m_4xlRhtmItU4TLyo3epbhbgxm6DYiOSbjwfE-wAlQI=447">
<span>
<strong>TikTok won't add end-to-end encryption to direct messages, report says (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TikTok has decided against rolling out end-to-end encryption for direct messages, arguing that it would hinder law enforcement and internal safety teams' ability to access harmful content involving users, especially minors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffake-zoom-teams-invites-malware-certificates%2F%3Futm_source=tldrinfosec/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/-AxwbdOaLQoaUwux4_2K0nq8HNdSz9p9Fb1E3isvkcU=447">
<span>
<strong>Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A February 2026 phishing campaign documented by Microsoft Defender researchers uses fake Zoom, Teams, and Adobe Reader update pages signed with a stolen EV certificate from TrustConnect Software PTY LTD to deliver RMM tools and establish persistent backdoor access for credential theft and ransomware deployment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fo4iDPl/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/aCGFHONew0LVMfyY6qDH7ivCx1ScpkLzWqnpQZpOgu0=447">
<span>
<strong>Fake LastPass support email threads try to steal vault passwords (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
There is an active phishing campaign that uses spoofed support email threads and fake unauthorized access alerts to direct victims to a credential-harvesting page at verify-lastpass[.]com.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/bEU8SSd4lK1Zjs1vPtM8mP3SGU6X8mu-Ky7tf4gpcyo=447" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/QV3w2Z_XNoFM7CsNbrQ9h_NU0GRyAZR68AHGnyHsDUY=447" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/2JELnIZQEW7o1SKBWTszwSd5v3wrsw00CVRLRDaGJm0=447"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/9j0I2UN4QLCpz-eAMOjUkT1hWAfFJM-qxklN9TzwqwA=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/s_GvQ1ByNX5LsBmOF9tTKrMgI-5J-SbwYRkK_EPK9bo=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/SV_a436EzEbquYvEG3zsESgovdwcz-5pcNDKWMD_0oc=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/GtQKh4ZPP8pU46Jy74ethcN-HLfi6qpDeZxXh6QH6n4=447"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/TqYAMaaaj7XJTatjKCGN-1UlBOio3RTxl7-u4nTNua0=447"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/dUF50sU3EWyEfSsqo1vvRh0PHSAdJbnBNs9yaB4lyZc=447"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/qbHlVjjg9cP-vP9u0e3o3yKt1nlY_rMuST4cxfScUDk=447">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=346df15e-188a-11f1-8402-a3be1e0a16cd%26pt=campaign%26pv=4%26spa=1772719288%26t=1772719632%26s=26d4467fbc296791a0ffdd2742d4fb8b29eb2c89d75ec150ee5bc5bfae1f107a/1/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/vTaIcZUSyaR3jaBcRinYGsowqR29is_Emb4EqzcyAmU=447">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cbe52ef13-314b5fab-13f7-45fd-98b5-01f06e86cd04-000000/LJsLUOPpL_8jvy-UIx6pxANY3S5asKi4K7iabXflxeY=447" style="display: none; width: 1px; height: 1px;">
</body></html>