<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A hacker has started emailing customers of restaurants that use the HungerRush point-of-sale platform, informing them that their data was compromised β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/toOuqOUDt7qQ6ruxh9iyCI9_serh0NC6R5xH8tg9Nzs=447" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/ATzjpNHsgKC8dJNEsl34-TOhtZzozPrSUl8gdFMzIkc=447" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=595af5ca-1920-11f1-8761-43dc766b1034%26pt=campaign%26t=1772806034%26s=661966dad21d404c463a83f9f8442663b9e504236539e5a609f1e701dff68e84/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/A7MNudmj4GHHgMWcxEVxCkxTLEKYl06waxYhLxuRnjk=447"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fcustomers%2Fdatabricks%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=primary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/-QdeCPJWSb0YF08pCXPSF9GkJHPazYyZtk8AGfNHmxY=447"><img src="https://images.tldr.tech/opal.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Opal"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-06</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fcustomers%2Fdatabricks%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=primary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/2/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/MImrU20rA3ByDPu9MqrcweTf7AWHAKqAU7YJviHacrY=447">
<span>
<strong>How Databricks Scales Modern Identity Governance with Opal Security (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most identity governance platforms create more manual work instead of reducing it. Databricks took a different approach with Opal, using automation and developer-friendly policy controls to manage access at scale while giving security teams visibility and control.<p></p><p><strong>>> Automated Access Workflows</strong> streamline provisioning and approvals so employees get access faster without security bottlenecks</p><p><strong>>> Policy-Driven Governance</strong> lets teams define flexible access rules that scale across thousands of users and resources</p><p><strong>>> Unified Visibility</strong> gives security teams a clear view of who has access to whatβand why</p><p><strong>β</strong> <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fcustomers%2Fdatabricks%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=primary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/3/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/S8SRbCT-ZUW8nOVPDNWWj5R7vUcQ-RoIkXVmSo3WN2k=447" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Read the Databricks case study</strong></span></a></p>
<p><strong>β </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Frequest-demo%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=primary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/1bSKb_TB_turrx7Yt6LQaEbxs5uAeGlR6jJdcZLAtuM=447" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Get a demo of Opal Security</strong></span></a></p>
<p><strong>β </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=primary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/RDaDSwby067NTiN-_l3wSnJ8CrETWPN42UIq4RYub-8=447" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Learn more about Opal Security</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FswUKaU/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/SFjC-jt_dOr9veOu_Qv9A1Tjgsf113PkZwG1DXhQDlw=447">
<span>
<strong>Cisco Flags More SD-WAN Flaws as Actively Exploited (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following a recent announcement of a critical SD-WAN vulnerability that is being actively exploited, Cisco has identified two additional vulnerabilities also being exploited by attackers. One vulnerability allows authenticated attackers with read-only access to overwrite arbitrary files, and the other is an information disclosure flaw that requires local attackers to have vmanage permissions. Cisco recommends users upgrade to a patched release to protect against these issues.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4c8Yao/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/XU63I8h9EKTndXJjtHDByKzfhcq_J0nRlSdTZ0xTGxc=447">
<span>
<strong>Hacker Mass-Mails HungerRush Extortion Emails to Restaurant Patrons (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A hacker has started emailing customers of restaurants that use the HungerRush point-of-sale platform, informing them that their data was compromised and that HungerRush is ignoring their demands. Alon Gal, CTO of Hudson Rock, posted that infostealer logs show a HungerRush employee's device was hacked, which enabled the attacker to move laterally within the environment. However, HungerRush says that a third-party vendor's compromised credentials were used to access its email marketing account. The attacker claims to have data records for millions of customers containing names, emails, passwords, addresses, phone numbers, dates of birth, and credit card information. However, HungerRush disputes this, stating that no personal or financial information was stolen.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fmicrosoft-fake-xeno-roblox-utilities-windows-rat%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/jUUhy16kBv7NHOs55xwPFzsCK7oQ2vzaT0bHgIGlVsE=447">
<span>
<strong>Fake Xeno and Roblox Utilities Used to Install Windows RAT (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at Microsoft Threat Intelligence have detected a malware campaign in which attackers are using trojanized executables, masquerading as Roblox and Xeno utilities, and circulating them through chat rooms to install malware on users' systems. The malware installs a portable Java runtime, which runs a malicious JAR that relies on LOLBins to download and run a remote access Trojan (RAT). The RAT then tries to delete traces of the initial infection and add Windows Defender exclusions for the malicious files.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fblog%2F2026%2F03%2F04%2Foffensive-dpapi-with-nemesis%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/oSPI9ndJxOUXUa6zS2wuGAsxgPpJughKc0m0uoGWKVE=447">
<span>
<strong>Offensive DPAPI With Nemesis (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nemesis 2.2 automates the full Windows DPAPI decryption chain, covering SYSTEM and user masterkeys, CNG keys, and Chromium's App-Bound Encryption introduced in Chrome 137+, which added a third decryption layer via the Google Chromekey1 CNG key stored in the Cryptography API Next Generation Key Storage Provider. The platform supports multiple credential input paths, including offline registry hives, LSASS dumps, NTLM hashes, and domain DPAPI backup keys, with the latter enabling persistent forward and retroactive decryption of all linked domain user masterkeys. Red teamers should note that submitting a domain backup key to Nemesis is the highest-leverage move, as it unlocks both existing and future masterkey blobs without requiring resubmission of per-user credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.buchodi.com%2Fyour-duolingo-is-talking-to-bytedance-cracking-the-pangle-sdks-encryption%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/0Bqz91bphE_0XMeib19GubSdy0y7c7VwU0JwwB8O6iY=447">
<span>
<strong>Your Duolingo Is Talking to ByteDance: Cracking the Pangle SDK's Encryption (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ByteDance's Pangle ad SDK is embedded in more than 40 popular apps, including Duolingo, BeReal, Character.AI, and others, sending rich device fingerprints to ByteDance servers via HTTPS. The SDK uses a βcypher:3β scheme where each payload literally contains its own AES key and IV, plus a hardcoded AES key reused across versions, making the extra βencryptionβ simple obfuscation rather than real protection. Decrypted traffic reveals granular hardware, state, network, and identifiers, as well as regulatory-consent fields, while a stronger ECIES-based βcypher:4β is reserved for ad metrics, underscoring that user fingerprint data is only weakly protected despite its high tracking value.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbughunters.google.com%2Fblog%2Fpasskeys%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/5_MJIJXlfOqPN8D4cnWMcT6JN4LkP3Hko3MAmc2n_Eo=447">
<span>
<strong>A Beginner's Guide: Cross-Device Passkeys (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A common challenge to passkey adoption is a user's difficulty signing in on a device that doesn't have the passkey installed and can't retrieve it from a cloud password manager. Hybrid transport addresses this issue by enabling cross-device passkeys, allowing a user to use another device's passkey to sign in. The flow involves the site the user wants to authenticate to generating a QR code, which the user then scans with another device. That second device performs a challenge-response with the server and a proximity check using BLE with the first device. If the challenge succeeds, the user is logged in on their original device.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fthe-offensive-security-blueprint%3Futm_campaign=21091240-The%2520Offensive%2520Security%2520Blueprint%25202025_09%26utm_source=TLDR%26utm_medium=enewsletter/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/AxcOeiT6e4UBFEBSnHyB64ZLY_X9Fsho0O8bBlW_y5I=447">
<span>
<strong>Less than half of all pentest findings are ever resolved. Is offensive security the answer? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attack surfaces are larger than ever, traditional security testing isn't keeping up, and AI is making it worse. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fthe-offensive-security-blueprint%3Futm_campaign=21091240-The%2520Offensive%2520Security%2520Blueprint%25202025_09%26utm_source=TLDR%26utm_medium=enewsletter/2/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/Z1tcgHlSTPQKZuON7Za3_J5qUNobUmy2Sn9RTkl7D0w=447" rel="noopener noreferrer nofollow" target="_blank"><span>This Cobalt whitepaper</span></a> lays out the case for true security through a programmatic, offensive approach. Download it for 6 actionable recommendations to help you bolster your security posture. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fthe-offensive-security-blueprint%3Futm_campaign=21091240-The%2520Offensive%2520Security%2520Blueprint%25202025_09%26utm_source=TLDR%26utm_medium=enewsletter/3/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/KDFElrqlaOlfOETTOA9GKMs__7NjhcVsHg16NjUTGPw=447" rel="noopener noreferrer nofollow" target="_blank"><span>Get your copy</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fgen0sec%2Fjailer%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/Rz4p2FR-7ctZmRyr3bLExdyjsKujXg28bwcu-C7ZK0c=447">
<span>
<strong>Jailer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An eBPF-based mandatory access control system for Linux that enforces role-based policies on file access, network operations, and process execution using BPF LSM hooks and task_storage maps. Processes enroll via Unix socket or auto-enrollment triggers (executable path, cgroup, or xattr), with jail policies inherited by child processes. Two deployment modes are supported: a daemon mode with hot policy reload and a daemonless mode that pins BPF programs during early boot to reduce the attack surface.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Freclaim.security%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/H2f4L0KzDYTG2KYPU5uf3acg5_EBNjPWkWAzL_MWfy4=447">
<span>
<strong>Reclaim Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reclaim Security is an AI-powered platform that turns vulnerability and threat-exposure findings into safe, automated remediation actions, simulating business impact to help organizations fix critical risks quickly without disrupting operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Felastic%2Fcortado%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/bVx5vVbejQ8AKSwdg-PTRU6VDvUQeFfAk0zSNR6aeRU=447">
<span>
<strong>Cortado (Github Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This repository contains Red Team Automations (RTAs) implemented in Python. These RTAs either reference binary samples by specifying a sample hash that exhibits behaviors we aim to detect or emulate attacker behaviors through code.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cryptographyengineering.com%2F2026%2F03%2F02%2Fanonymous-credentials-an-illustrated-primer%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/Glh3sF21ZGkYQMAX0Kv93XH20HUmucnj8soR7zVjAEM=447">
<span>
<strong>Anonymous credentials: an illustrated primer (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As age-verification laws spread across 25 states in the US and over a dozen countries, anonymous credential systems built on blind signatures and zero-knowledge proofs offer a cryptographic path to proving attributes such as age or residency without exposing the underlying identity to issuers or relying parties. The core challenge is preventing credential cloning: single-use Chaumian credentials bound to blind-signed serial numbers address this but require per-session issuance, while ZK-based reusable credentials solve efficiency and expressiveness at the cost of requiring N-time use limits enforced via PRF-derived serial numbers or hardware binding. Security practitioners building identity systems should treat the issuer-resource collusion threat model as a first-class design requirement rather than an afterthought.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fcar-tyre-sensors-track-drivers-without-knowledge%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/6rlH--DJA1nfC0EGGbdaWxYrwfqf39GF_8LWLNt8fXY=447">
<span>
<strong>Car Tyre Sensors Can Be Used to Track Drivers Without Their Knowledge (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from IMDEA Networks Institute demonstrated that Tire Pressure Monitoring Systems (TPMS) in vehicles from Toyota, Mercedes, Renault, and Hyundai broadcast unencrypted, static sensor IDs that can be captured with ~$100 SDR hardware at distances exceeding 50 meters, enabling persistent vehicle fingerprinting via Jaccard index correlation across a network of roadside receivers. Over a ten-week field study, the team collected more than 6 million messages from more than 20,000 vehicles, confirming that TPMS data can be used to reconstruct detailed movement patterns and daily routines. Researchers are calling on manufacturers and policymakers to mandate rotating sensor IDs, as current EU and UK regulations legally require TPMS but do not mandate encryption or ID randomization.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F05%2Fitalian-prosecutors-confirm-journalist-was-hacked-with-paragon-spyware%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/4Cmu_fGT7SWpEFdQGYCD9p9dDISo5_x9ksbbJppKQlA=447">
<span>
<strong>Italian prosecutors confirm journalist was hacked with Paragon spyware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Italian prosecutors confirm that the phones of journalist Francesco Cancellato and activists Giuseppe Caccia and Luca Casarini were hacked using Paragon's Graphite spyware in a coordinated 2024 campaign, while the perpetrator and motive remain unclear. Authorities' failure to detect infections identified by Citizen Lab and prior oversight gaps raise serious concerns about the government's use of commercial spyware and safeguards for journalists across Europe.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FwpbsJx/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/tz-4vnwv-3GSlQgCYHgdC_doJWr4452wIkhW7C5TWiU=447">
<span>
<strong>Bitwarden adds support for passkey login on Windows 11 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bitwarden now supports phishing-resistant Windows 11 login using vault-stored passkeys via Microsoft's FIDO2 security key flow, available across all plans for Entra ID-joined devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F04%2Firanian_hacking_attempts_ip_cameras%2F%3Futm_source=tldrinfosec/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/3GIf3q3b0UpDNu627X1GGIJqv39OuZROA3xWFnWMXPI=447">
<span>
<strong>'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Iranian state-linked crews are scanning and exploiting known, patched flaws in Hikvision and Dahua IP cameras across Israel and nearby states, using commercial VPNs and VPS infrastructure as staging.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F5gwO3l/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/mzU2N8BikwYCfo78E7qPamHmmqz91Anc5pFiAN5immg=447">
<span>
<strong>LeakBase Cybercrime Forum Shut Down, Suspects Arrested (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
International Operation Leak has dismantled the LeakBase credential marketplace, seizing its database, two domains, and rich metadata on 142,000 users trading credentials, PII, and financial data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/TtYWZ_hx5suRXMcZp0ilXQ5gj28hCvIaQe1QcOtkvCM=447" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/udVwEQ-5qeitu6rjTLcxCdSoKzvl9GltdYISf4LvF4Q=447" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/SUCGuAgJiLdS0RSc6Wj-qV8W1X-Euaktbl5csZqMLPE=447"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/FnIzOrUieC2at_2H_wMVTcbyn0u8ma8flBmeoVP4kNo=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/Mk-XGpdACTwUZReRlBFbfX9a6uluqcMoqqawjMNn_sY=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/BtJHUf4b_q-uU438e9wQwpva4n0IPsy92WYoR_2dBX4=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/b0Z8TTyFZwWQb1sdA3xNWODaXTOCEZajxJmhwWCav2k=447"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/gcge9Uf8xx0Q0nKxTVL0tL7WSQGC5jZ4knMtYhJOaMs=447"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/v96xM6gVAbIUONAm2MLZHKBaJqnRY4ndgFx6JOnG1HA=447"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/XlrsxnGlC1usPWv2K7Ximb3yhUfXzqZyScvybxtzP5Y=447">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=595af5ca-1920-11f1-8761-43dc766b1034%26pt=campaign%26pv=4%26spa=1772805710%26t=1772806034%26s=968350d464f3a3d5571eb05fec6a8b300ae559c974be9c3e6b771fa92dda1b20/1/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/-BlWe5OpKIOf5WwN88z4sUkuEf_R4W0wzAJwgWneGsk=447">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cc37955c5-42cd1ca0-956a-4c3a-b611-3d50ff220733-000000/U9OlkrzhuQMM1llP9RkSCmS3JAbDS8cS5EtAVIY-jHQ=447" style="display: none; width: 1px; height: 1px;">
</body></html>