<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A fraudulent CleanMyMac site uses a ClickFix-style social engineering technique to trick macOS users into pasting a malicious Terminal command β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/KXScnA11MYCITM20v4cwugDFUrLe9DRDCE_FJeKFPTs=448" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/URRPPZ-ITc-5m3gqyaqcLvclLVuaBPM1jHMsX1PnNjc=448" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=482c7716-1d07-11f1-8688-17f123d540ad%26pt=campaign%26t=1773234440%26s=1574575a4617ffa786e9ef3fc6322c8378326ca1ffdadc96241f628274522c06/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/KkY11UGQRPUZuJQT9cWdQDNoRAfk_CNLmuXgSRRQId4=448"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fready.jsocit.com%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/DLnmp0jMM_tL-wBddD5t6kE3s0TViHQk1FUedIYfaBE=448"><img src="https://images.tldr.tech/jsocit.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="jsocit"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-11</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fready.jsocit.com%2F/2/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/qy-AcfDrwZCP1QkGgLPwrLENRTVd-7XqioboJmfXY3c=448">
<span>
<strong>Your security score is probably 30 points lower than you think (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When organizations verify their posture through live integrations instead of questionnaires, scores come back 20β40 points lower on average. That gap is where breaches happen.<p></p><p>READYβ’ by JSOC IT connects directly to CrowdStrike, Okta, Microsoft 365, and 31 more tools to show what's actually true β not what you reported.</p><p>READYβ’ verifies your posture. JSOC IT deploys a Forward Deployed Engineer to fix it.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fready.jsocit.com%2F/3/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/pdE4MfB7tq_O05DIha0bU_DYtj1VDIogK2MCxOyME9s=448" rel="noopener noreferrer nofollow" target="_blank"><span><strong>>> Find your real score</strong></span></a></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.jsocit.com%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/-TS94WPq33h7euFXjPKJe6e_N-wjtmSfYkILK4kQpxU=448" rel="noopener noreferrer nofollow" target="_blank"><span><em>The Cyber Resilience Operating Layer</em> JSOC IT, Inc.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.neuracybintel.com%2Farticles%2Ffake-cleanmymac-website-spreads-shub-stealer-through-clickfix-terminal-trick%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/kxFs9Fid9OEFM0e-vsLcxZUbCSu5jtuF4PU92BOGrYM=448">
<span>
<strong>Fake CleanMyMac Website Spreads SHub Stealer Through ClickFix Terminal Trick (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fraudulent CleanMyMac site uses a ClickFix-style social engineering technique to trick macOS users into pasting a malicious Terminal command that silently installs SHub Stealer, bypassing Gatekeeper entirely. The stealer harvests macOS Keychain credentials via a fake system authentication prompt, targets Exodus, Atomic Wallet, Ledger Live, and Trezor Suite for seed-phrase extraction, and persists via a LaunchAgent disguised as a Google software updater that runs every minute. Russian-language keyboard layouts trigger immediate self-termination, a common indicator of Russian-nexus cybercriminal origin.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJ2TTYm/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/dZEIbWekd04UkMLHbJ2zIEJXdTiQ76KIFOp--_F9u3Q=448">
<span>
<strong>Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters is abusing misconfigured Salesforce Experience Cloud guest-user settings and a customized Aura Inspector tool to massβexfiltrate data from hundreds of organizations' CRM instances, then extort victims by threatening to leak it. Salesforce stresses its platform is not vulnerable, shifting responsibility to customers' configuration hygiene and thirdβparty integrations, making rigorous access reviews and hardening of guest accounts urgent.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FV5kBqc/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/Hof74Q-7dclZHdXN0BFBybS6ghM8mMaBK4MqRTLdQ_M=448">
<span>
<strong>Ericsson US Discloses Data Breach After Service Provider Hack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Swedish telecom giant Ericsson disclosed that it had suffered a data breach affecting over 16k individuals whose data was held by a third-party service provider. The breached data includes names, addresses, SSNs, driver's license numbers, government-issued ID numbers, financial information, medical information, and dates of birth. No cybercrime group has claimed the breach, suggesting that the third party may have paid the ransom, or the cybercriminals could not link the data to Ericsson.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.blog%2Fsecurity%2Fhow-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework%2F%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/InPyOuov5ymKBCeuqTNVe3w5WHN07pz_WAwFxdNjgtU=448">
<span>
<strong>How to scan for vulnerabilities with GitHub Security Lab's open source AI-powered framework (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitHub Security Lab's open source Taskflow Agent employs a multi-stage LLM pipeline β threat modeling, issue suggestion, and thorough audit β to detect high-impact auth bypasses, IDORs, and logic flaws with a low hallucination rate. It has identified over 80 vulnerabilities across more than 40 repositories so far. Out of 1,003 suggested issues, only 21% met the criteria for impactful reporting, with business logic flaws having the highest true-positive rate at 25%, and IDOR issues exceeding combined XSS and CSRF cases. Notable confirmed findings include a privilege escalation in Outline (CVE-2025-64487), PII exposure in WooCommerce (CVE-2025-15033) and Spree (CVE-2026-25758), and a universal authentication bypass in Rocket.Chat's microservices DDP layer (CVE-2026-28514) caused by a missing await on a bcrypt Promise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmonxresearch-sec.github.io%2Fshotbird-extension-malware-report%2F%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/a39znxP2uZXCbTojvT1cGnyc1dlYOlzbPUNW3fAL2kw=448">
<span>
<strong>From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector for a Broader Malware Chain (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Featured Chrome extension ShotBird (ID: gengfhhkjekmlejbhmmopegofnoifnjp) was weaponized after an ownership transfer between December 2025 and March 2026, transformed into a remote-controlled malware channel that beaconed to api.getextensionanalytics.top, stripped CSP/X-Frame-Options headers via declarative rules.json, injected fake Chrome update lures, and exfiltrated form data including passwords, card/CVV, IBAN, and SSN fields. The file-delivery path dropped googleupdate.exe (SHA256: E8D2ED43...), a WiX Burn bootstrapper bundling a legitimate Google-signed ChromeSetup.exe alongside a stager psfx.msi that decoded to irm orangewater00.com|iex. PowerShell Script Block Logging (Event ID 4104) reconstructed a second stage from 115 fragments, revealing ETW suppression via PSEtwLogProvider, Windows Credential Manager enumeration, Chromium Login Data and Web Data targeting, and exfiltration routines β with infrastructure and endpoint patterns overlapping a parallel campaign involving the QuickLens extension documented by Annex Security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foffsec.almond.consulting%2Ftrust-no-one_are-one-way-trusts-really-one-way.html%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/0N08eFSMOY0-s9FwmW9pmzY4RK4uiseW_SBExBFcB_k=448">
<span>
<strong>Trust no one: are one-way trusts really one way? (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
One-way Active Directory forest trusts are widely assumed to enforce a strict, unidirectional access model, but stored trust passwords quietly break that boundary. By extracting the trusted domain object (TDO) secret from the trusting forest, attackers with Domain Admin rights there can derive Kerberos keys for the TRUST_ACCOUNT in the trusted forest and log in as a valid domain user. The new tdo_dump.py tool automates remote extraction and key derivation via DRS replication calls, enabling LDAP recon, computer account creation, and Kerberoasting across what should be a one-way security barrier. For security teams, one-way βadmin forestβ designs no longer guarantee directionality. Hardening must assume compromise of a relying forest gives a foothold back into the management forest.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fsecurity-topics%2Fhidden-competition%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-multi-global-broad-all-x-x-hidden_competition%26hnt=dh07d1mzxftz/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/4r9esMAxN4B3i82ZTZ1YsHNcVrnDppiyGths6RHZAgE=448">
<span>
<strong>Your biggest competition isn't who you think it is π΅βπ« (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
You've got industry competitors - but they're not the only ones. Today's cybercriminals use the same tools you do and operate like a well-funded business. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fsecurity-topics%2Fhidden-competition%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-multi-global-broad-all-x-x-hidden_competition%26hnt=dh07d1mzxftz/2/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/8ew1rRv-4WqdwWS68mbmdoPfyOxP6lnV7Vzc9iDUjjY=448" rel="noopener noreferrer nofollow" target="_blank"><span>Meet your hidden competition</span></a> on March 18: Huntress' John Hammond and YouTuber Jim Browning give you an inside look at cybercrime's dark economy. π<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0318-web-brand-na-broad-all-x-x-premiere-hidden_comp%26hnt=lja1bwyvuzqa/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/djagEod0D17gzI6flE98hAL9Vx1jlSybD51UUmjOi3E=448" rel="noopener noreferrer nofollow" target="_blank"><span>Save your spot for 3/18</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsyssec-utd%2Fpylingual%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/CFrmu0vLiOHYFCaJWas0ElwV0grCJLEgp-gQ-k4E8Qo=448">
<span>
<strong>PyLingual (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PyLingual is an open-source CPython bytecode decompiler supporting all Python versions from 3.6 onward, with auto-detection of .pyc version, a segmentation model for control-flow reconstruction, and a web service at pylingual.io for browser-based use.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcylake.com%2F%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/Jz1Z0PRJMMq8j_BYkYiA2-fxPzuMeerA77w3GwlYKZM=448">
<span>
<strong>Cylake (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cylake is a cybersecurity platform that runs fully on-prem or in a private cloud to protect highly regulated organizations barred from using public cloud, emphasizing data and operational sovereignty.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdalisecurity%2FFray%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/vwGFkPkeI0tv_CGaHAkuUH9Eblxoupu2ommUqSx1aaI=448">
<span>
<strong>Fray (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Open-source WAF bypass toolkit with over 4,300 payloads, 27 recon checks, AI-assisted bypass, and security hardening. Designed for pentesters, bug bounty hunters, and DevSecOps.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F09%2Fan-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor%2F%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/lspleUIKN4dDYjH6yeE_AKc_6TAuVINNgKVeSBXbNAg=448">
<span>
<strong>An iPhone-hacking toolkit used by Russian spies likely came from US military contractor (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The 23-component iPhone exploit toolkit dubbed "Coruna" β targeting iOS 13 through 17.2.1 β has been traced by former employees and iVerify researchers to L3Harris's Trenchant division, originally built for Five Eyes intelligence customers. Former Trenchant GM Peter Williams, sentenced to seven years last month, sold eight company tools to Russian zero-day broker Operation Zero for $1.3M, providing a likely path by which Coruna reached Russian espionage group UNC6353 and later Chinese cybercriminals. Two Coruna exploits (Photon and Gallium) have also been linked to Operation Triangulation, the sophisticated iOS campaign first disclosed by Kaspersky in 2023.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.doyensec.com%2F2026%2F03%2F05%2Fmcp-nightmare.html%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/uabivju6SXR1ob3DlNRl9Ygeyg6i28EQD9d7gTisplw=448">
<span>
<strong>The MCP AuthN/Z Nightmare (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Doyensec maps the full OAuth 2.0/dynamic client registration attack surface in MCP deployments, covering tool poisoning, rug pulls, schema poisoning, prompt injection via tool responses, command injection (CVE-2025-53100, CVE-2025-53818), SSO metadata manipulation (CVE-2025-4144, CVE-2025-4143), DNS rebinding against unauthenticated localhost WebSocket servers, and OIDC discovery endpoint abuse. The proposed Identity Assertion JWT Authorization Grant (JAG) enterprise authorization model introduces four unresolved risks: no token revocation path for misbehaving agents, LLM-driven scope escalation without user consent, undefined client credential issuance enabling scope namespace collision and resource identifier injection, and ID-JAG replay amplifying blast radius across multiple MCP access tokens. Security teams auditing MCP deployments should treat every step of the authorization chain as an injection point and prioritize mTLS/certificate-based trust anchors, strict resource namespacing, centralized access invalidation, and explicit per-action consent gates for high-risk tool calls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbrooker.co.za%2Fblog%2F2026%2F01%2F12%2Fagent-box.html%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/2hJmYssURDQeFKkcRpLa-XtG2UBQVFaW29V_Bm7catE=448">
<span>
<strong>Agent Safety is a Box (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agents are highly flexible and adaptable systems that can affect the outside world via side effects. To effectively secure these workflows, we need to add a deterministic βboxβ around the agent. In a cloud environment, agents can run in an AgentCore Runtime, which utilizes an AgentCore Gateway to restrict the access an agent has outside of the βbox,β and an AgentCore Policy can be utilized to grant the agent authorization to use specific tools in a specific way.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FqMIsKU%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/RqCtjIyKQWMEyPFr6VDgCLdSKjj5AiW0NHB5gKCgHX0=448">
<span>
<strong>Going viral shouldn't mean going down (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Azure autoscales when traffic spikesβadjusting capacity automatically so you can skip the scramble. With more global regions than any other cloud provider, you've always got room to grow. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FqMIsKU/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/a4HU8HqwnDhFJScoYzg6_9AtWhfmrig9lVv0bcTCxgw=448" rel="noopener noreferrer nofollow" target="_blank"><span>Scale with Azure β</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F189165%2Fcyber-crime%2Ffbi-alert-scammers-target-zoning-permit-applicants.html%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/sY__cizlF-gOEpWMNzkZFJN3qlLknaXRDVZ9dbjG3nI=448">
<span>
<strong>FBI alert: scammers target zoning permit applicants (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI issued a PSA warning that criminals are impersonating city and county planning officials in targeted phishing campaigns, using publicly available permit data to craft convincing emails with real property addresses, case numbers, and official names to solicit fraudulent payments via wire transfer, P2P apps, or cryptocurrency.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FW2f37k/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/W_Su3HQVAB_uA8GcYL-01AVqc-_F2Wzn95lXlHhRtk0=448">
<span>
<strong>White House Cyber Strategy Prioritizes Offense (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The White House's new cyber strategy elevates preemptive offensive operations, as strategic assets while rejecting complianceβheavy regulation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F10%2Fericsson_blames_vendor_vishing_slipup%2F%3Futm_source=tldrinfosec/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/Qjs8jVQGOuYtxJn9L43v4TCYZEst0kftnKLSllP7Ebw=448">
<span>
<strong>Ericsson blames vendor vishing slip-up for breach exposing thousands of records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A vishing-led compromise of a US service provider's employee account exposed sensitive data on 15,661 people linked to Ericsson, including IDs, Social Security numbers, and financial and medical details in some cases.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/Fw3GFtxdXRF2YFOEMmZu-4bVNvxRPSJJ0CjGC0T69_E=448" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/T9scP7smb1WqZP15yXkNyih-5I5gHSrvj3yZ0CnJ3m8=448" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/tiDfdrsLxOm-0UloAtTODVJ3nB3L1YkW0P8ZloYn-aY=448"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/WCXOa2Rg49M38MAt-tkymR9a_84pH1JBHwA7ELHolFg=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/w3pj4xcu6z-GLlP5Ss9SRUetIs45P6O3yMb_Jw9U6tQ=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/Cjxt-6b2E7N0V58Iy1a5u8yXER3MKfjtLX-gpTBsQWw=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/GhlgJBidztMeCdZT5rjvy1XjrmT11lfZ9ijppXFoxFA=448"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/TyBc7aRSZ6H0PNdhaGQc2MrhKgL22ir6mtqpvCnDB4c=448"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/bCeARuOnAgSDyC5KDSaNVqDDQzz92xzrzLZ1u0WIKJE=448"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/1kKCGUVwx-kNR3zRZPuoq2MQlYZvHolIiZ7H4-kEdQs=448">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=482c7716-1d07-11f1-8688-17f123d540ad%26pt=campaign%26pv=4%26spa=1773234119%26t=1773234440%26s=bb3662223f8db2a48ae8fa19a5df1f1d543e04e6a3545b8a19e88a43426055e9/1/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/8a_fbYgd5RcEqV6L9LZe_rTUkq-1xRNKDCl13hOgFu8=448">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cdd024ad6-25df5a9f-f4ca-448d-9b63-8010a0a78c1f-000000/hMBAdtCMCJS5s0rkt7bma7lv5_i4VgwYAexDNE799mE=448" style="display: none; width: 1px; height: 1px;">
</body></html>