<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">PhantomRaven, an ongoing npm supply-chain campaign active since August 2025, has deployed 88 additional malicious packages across four attack waves </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/01MPw0UklKZvlAFGi4OBAF-noIigvW-fqXz_idwPabk=448" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/-ZV2cfF4DcFhb-hb9_laquh5fleqgnDTU_QpjRZawSU=448" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1a03077e-1ea1-11f1-b05a-e7b3b9a2d256%26pt=campaign%26t=1773407213%26s=23d9ba9a6ee42b3f0f6e646424fdfde030bf8ec49991f3acebb8a585d2f29c5c/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/c_qjJG7lY7hjybDB5L7KvagbOpAiJWuRjWEOAfqgmF8=448"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fsase%2Fsase-certification%2Fai-cybersecurity-certification%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20260313/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/OW8xwUtdJmRyJf2HFnnDvkbRpd5U-DM0UvjD1hbZNdo=448"><img src="https://images.tldr.tech/cato2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Cato Networks"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-13</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fsase%2Fsase-certification%2Fai-cybersecurity-certification%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20260313/2/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/t0FE7Uc2nW3G2RCsVY0C0W-kf5mxzWFeJTjuY2toI68=448">
<span>
<strong>How Security and IT Teams Get AI-Ready Faster with Cato's AI in Cybersecurity Certification. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is lowering the technical barrier for attackers, making phishing, scams, deepfakes, and prompt manipulation easier to launch at scale. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fsase%2Fsase-certification%2Fai-cybersecurity-certification%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20260313/3/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/JQ2-jJ8gCS02AaUcniQ5XsT3EeNA2UHhVdIFz4trRiE=448" rel="noopener noreferrer nofollow" target="_blank"><span>Cato's AI in Cybersecurity certification</span></a> gives your team a clear, practical foundation on what is changing and how to respond.
<p></p>
<ul>
<li>Recognize AI-driven social engineering and prompt manipulation</li>
<li>Use AI safely to speed investigation and incident response</li>
<li>Set guardrails for Shadow AI and secure AI systems end to end</li>
</ul>
<p>Self-paced, free, 3 ISC2 CPE credits. Certify at 85%+</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fsase%2Fsase-certification%2Fai-cybersecurity-certification%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20260313/4/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/vDxi4zf5P8gUQDXVhIFBuhlCMZsXBhfu3bCTddn-c6U=448" rel="noopener noreferrer nofollow" target="_blank"><span>→ Start free certification</span></a></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fsase%2Fsase-certification%2Fai-cybersecurity-certification%2F%3Futm_medium=newsletter%26utm_source=tldr-infosec%26utm_campaign=20260313/5/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/wbdb2KZC3g5wsroKTO_US1XhUaIX-tADhb_kdmq81FM=448" rel="noopener noreferrer nofollow" target="_blank"><span>→ Earn 3 ISC2 CPE Credits</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FuSoRxc/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/QSkDby8B1qFQjJ5Fqp7-0n8PaIfvmha8H_oYO5bXP90=448">
<span>
<strong>New PhantomRaven NPM attack wave steals dev data via 88 packages (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PhantomRaven, an ongoing npm supply-chain campaign active since August 2025, has deployed 88 additional malicious packages across four attack waves, using slopsquatting to mimic projects like Babel and GraphQL Codegen with LLM-suggested package names. The campaign evades automated inspection via Remote Dynamic Dependencies (RDD), in which `package.json` points its dependencies to attacker-controlled external URLs, pulling and executing malware at `npm install` time rather than embedding it in the package itself. The payload harvests `.gitconfig`, `.npmrc`, environment variables, and CI/CD tokens from GitHub, GitLab, Jenkins, and CircleCI before exfiltrating to EC2-hosted C2 infrastructure, with 81 packages still live in the registry as of this writing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fbeatbanker-android-trojan-silent-audio-loop-crypto%2F%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/8OND78loNjKlMM5lBKte70QGr328LHetojtM4MdJ64w=448">
<span>
<strong>BeatBanker Android Trojan Uses Silent Audio Loop to Steal Crypto (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BeatBanker is a dual-mode Android Trojan distributed via a fake Google Play Store page that targets Brazilian users. Once active, it overlays fake screens on crypto apps like Binance and Trust Wallet to silently swap USDT destination wallet addresses, while also deploying the BTMOB RAT for full remote access, including camera, mic, GPS, and remote wipe. It plays an inaudible 5-second audio loop to prevent the OS from killing its background process. Treat unsolicited Accessibility permission requests as an immediate red flag and avoid sideloading APKs from third-party sites.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FF7FlVh/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/KenEa6xUA59rt3UcOLb2vXy_fiOyhyu5xIUDHUd0QfE=448">
<span>
<strong>Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In 2024, Chinese CDN firm Funnull bought Polyfill[.]io and then used cdn.polyfill[.]io to push malicious JavaScript that redirected visitors to gambling and adult pages. Hudson Rock later linked Funnull to North Korean operators using LummaC2 infostealer data from a hacked North Korean hacker device, which exposed logins for Funnull DNS and the Polyfill Cloudflare tenant. The traffic went into Suncity Group gambling sites to launder large amounts of cryptocurrency back to North Korea and also exposed a separate North Korean agent inside crypto exchange Gate.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhunt.io%2Fblog%2Foperation-roundish-apt28-roundcube-exploitation%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/tmoam0sXoNzuIca_s0je5RrqAGvsoDCOahW2xORVkRw=448">
<span>
<strong>Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (23 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hunt.io uncovered an exposed open directory on 203.161.50[.]145 containing a complete APT28 Roundcube exploitation toolkit. This toolkit overlaps with 14 TTPs observed in Operation RoundPress, targeting Ukraine's State Migration Service using XSS payloads that simultaneously harvest credentials through hidden autofill forms, install persistent Sieve forwarding rules to advenwolf@proton[.]me, bulk exfiltrate emails via the viewsource API, extract TOTP secrets, steal address books, and deploy Chrome/Firefox credential stealers. New capabilities not previously linked to APT28 include a CSS selector side-channel attack for CSRF token extraction, a Go-based Linux backdoor with cron, systemd, and SELinux persistence mechanisms, along with container escape detection scripts. These scripts indicate regular targeting of Docker and Kubernetes environments. Defenders using Roundcube should immediately review all Sieve forwarding rules, implement a strict Content Security Policy that blocks eval() and external resource loading, monitor for bulk viewsource API requests and CSS @import chains with incrementing query parameters, and consider password resets insufficient without full 2FA re-enrollment and session invalidation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.itresit.es%2F2026%2F03%2F11%2Fthe-tensor-in-the-haystack-weightsquatting-as-a-supply-chain-risk%2F%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/aBwkjJ8ZihdMYup3FB-zYYzQemtAXaetgkmRG_ijMc8=448">
<span>
<strong>The Tensor in the Haystack: Weightsquatting as a Supply-Chain Risk (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Weightsquatting is a supply-chain attack that manipulates token-space weights in open-weight LLMs to bias code-generation output toward attacker-chosen package names, surviving format conversion, 4-bit quantization, and GGUF export. Llama 3.2 and Qwen 2.5 accepted the poisoned edits cleanly while remaining coherent, whereas DeepSeek models either collapsed visibly or reasoned past the manipulation. Organizations deploying local coding assistants should implement routine behavioral validation of model artifacts against known-good dependency outputs before production use.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdispatch.thorcollective.com%2Fp%2Fhow-i-use-llms-for-security-work%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/2sX_r9D2hqw__8G2SJMH-WJHUSIfWj9ZOi7yZW2ufhM=448">
<span>
<strong>How I Use LLMs for Security Work (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Many LLM users try to prompt an LLM the same way that they search Google: using keywords instead of rich prompts. The author of this post presents some tricks to more effectively prompt an LLM, such as role stacking, being explicit about the desired technology stack, requesting thoroughness, asking for validation, and thinking in terms of long-term systems vs. point-in-time solutions. They stress the importance of keeping humans in the loop to add judgment and intuition.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.mcptotal.io%2Fblog%2Fmcp-is-where-ai-risk-becomes-real%3Futm_source=tldr%26utm_campaign=infosec%26utm_medium=email/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/cUhE8zWMTZgPconWEKJezQyhJWqyL4P5icWUsa42WZE=448">
<span>
<strong>Your devs adopted AI coding tools months ago. Your security team still can't see the activity behind them (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude, Cursor, and Copilot use MCP, skills, and shell commands to access credentials and environments — all unmonitored and ungoverned. If your team can't inventory what's running, you can't secure it. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.mcptotal.io%2F%3Futm_source=tldr%26utm_campaign=infosec%26utm_medium=email/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/6upAKYg20i-R06DH8hwM5S_w5APl1rSRgXNrAxffF90=448" rel="noopener noreferrer nofollow" target="_blank"><span>MCPTotal</span></a> runs a complimentary Shadow AI Discovery Report that maps AI agents and tools on endpoints across your environment. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.mcptotal.io%2Fmeeting-scan%3Futm_source=tldr%26utm_campaign=infosec%26utm_medium=email/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/cYnGfiNGFTkzU9qQaR5Anx4QWv7uam-PeyM_8GBd8LQ=448" rel="noopener noreferrer nofollow" target="_blank"><span>Book with us and get your free report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fm1k1o%2Fneko%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/OQ__pS19YDzuO1L3Zbh59w7zWtQhXnmg4If54BYyPac=448">
<span>
<strong>n.eko (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
n.eko is a self-hosted virtual browser that runs in Docker and streams a full desktop environment to multiple simultaneous users over WebRTC with built-in audio support. Security-relevant use cases include containerized throwaway browsing with Tor, a VPN-backed isolated session, a jump host for internal app access without VPN, and an automated browser for Playwright/Puppeteer workflows with live interception.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fquantro.security%2F%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/9uBE0u7VkOW4HBCUOTrja-paBdbnq8SgMFAg2f4eg7Y=448">
<span>
<strong>Quantro Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VM.Analyst is an AI agent that ingests and normalizes data from existing security tools, then provides contextual, prioritized vulnerability-risk insights and remediation recommendations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fvmkspv%2Flenspect%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/kC_zR7F16LTV2kVccqxEICKVUgHOxifgmlLyX_1U400=448">
<span>
<strong>Lenspect (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A lightweight security threat scanner intended to make malware detection more accessible and efficient.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fpreparation-hardening-destructive-attacks%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/vMI4PF4hOYhWT-jiWlg2HBPwwSnDzkjnTLM1NfqxHLk=448">
<span>
<strong>Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant's 2026 hardening guide covers five core focus areas for defending against destructive cyberattacks: external-facing asset hardening, critical asset and backup protections, on-premises lateral movement controls, credential and account protections, and Kubernetes/CI/CD pipeline security. The guide provides prescriptive, actionable controls spanning MFA enforcement, virtualization enclave architecture, AD CS hardening, NTLM restriction, WDigest disablement, and LAPS deployment, each paired with MITRE ATT&CK-mapped detection opportunities. Organizations operating hybrid or cloud environments should treat this as a living reference, particularly given the guide's coverage of hypervisor-level disk swap attacks, immutable backup architecture, and CI/CD supply chain compromise scenarios.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIlfvIQ/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/6szzaGWKqqEeLQni9GZIov4JvnA08s--1-rQK95Y5vc=448">
<span>
<strong>INC Ransomware Group Holds Healthcare Hostage in Oceania (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
INC's affiliates have shifted from initial US/UK targeting into Australia, New Zealand, and Tonga, hitting hospitals, clinics, and ministries using purchased credentials, phishing, and known-vuln exploits. Australia logged at least 11 incidents since mid-2024. A Tongan MoH intrusion disrupted national health services, and a New Zealand provider had data stolen, encrypted, and leaked.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F03%2Fnew-leakylooker-flaws-in-google-looker.html%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/ffZVgRH1Jp3yjg2ZocBJq_QPe3Y4rL-cmkd5i6qocbY=448">
<span>
<strong>New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers found nine cross-tenant issues in Google Looker Studio that allowed arbitrary SQL on connected data sources and broader GCP projects, including BigQuery, Spanner, PostgreSQL, MySQL, and Google Sheets. Attackers could hijack reports, reuse stored credentials, and trigger one-click data exfiltration via crafted reports and browser-side code.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Frmm-abuse-when-it-convenience-bites-back%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-brand-global-broad-all-x-x-2026_threat_report%26hnt=gnhgjip4vlgi/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/03ghcfY9l97TdBwnB4PU9ptiQDkez9Gu7eKEk7Atd7M=448">
<span>
<strong>RMM Abuse jumped 277% in 2025 – Learn how to stop criminals cashing in on your tools (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Remote monitoring and management (RMM) abuse often starts with phishing. This allows attackers to exploit legitimate, pre-installed remote tools. Learn <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Frmm-abuse-when-it-convenience-bites-back%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-brand-global-broad-all-x-x-2026_threat_report%26hnt=gnhgjip4vlgi/2/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/VJIIEOkIPaBEZ66Lwj9jbEmB5FDowasGRjY5Fj16J4g=448" rel="noopener noreferrer nofollow" target="_blank"><span>how it works and how to stop it.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.enisa.europa.eu%2Fsites%2Fdefault%2Ffiles%2F2026-03%2FENISA%2520Technical%2520Advisory%2520-%2520Package_Managers_Final.pdf%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/eP1kWh53TpHKcUynEd_o2JMGusUbCaK_KelULH8drtE=448">
<span>
<strong>ENISA Technical Advisory for Secure Use of Package Managers (25 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ENISA framework secures dependency supply chains through curated package selection, integrity enforcement during integration, continuous vulnerability monitoring, and rapid mitigation to counter malicious injection and compromised dependencies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F11%2Fswiss_evote_usb_snafu%2F%3Futm_source=tldrinfosec/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/8Goi6vWgQr3shOwIbctKU_VW6P0Esk_S0VZfacsw1MM=448">
<span>
<strong>Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Basel-Stadt's e-voting pilot failed to decrypt 2,048 online ballots from Swiss referendums after three USB sticks with the correct code all malfunctioned, even with IT help.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIE47fi/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/g73OfdVCNPF4Ye862MxmBDQ3tAcv2TFH6XCDbJod84o=448">
<span>
<strong>England Hockey investigating ransomware data breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The AiLock ransomware gang claims to have stolen 129GB of data from England Hockey and threatens to publish it unless a ransom is paid, with the organization confirming an active investigation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/LsTLzJDzps86ipjT8JKJXa9qo01eeRnNhSIETF6Vrns=448" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/v6ScaPSa_x5EjGU6nVtrMkL7Azf6EqyNfibDhMEVfj8=448" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/skSQNEZVkMOeifUrvX96SwQ8lkGOtqRLi27XscZRErU=448"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/N0In0WfDMJab9p4LYGTZM9X8KRncLYMpfsJO_xvaPOM=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/BVwBqf5mJ1UMkd-9E3nMg-T7PYrJaGrdRb70ic8_f_w=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/EbF24icYy-lJp4BNcxfvBsTMjc65JRcBcMD-ciXJVJw=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/9nb30ft3cX2AB-QXuEDmvaIFLc6sEC2UvYB6ZfUuZSo=448"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/rEGi8Ijbmvc5XUMyhoY9LQP2_kQtKTwkpyjxYHqya3I=448"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/9pgzpxOHFGbbmz1NagR_ATFaZULCxvRQBoK4lPIfOoY=448"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/eaDv5yXQFyaCDdKChS_hmIzqNHzmYogN-GHDKNhMzZ8=448">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1a03077e-1ea1-11f1-b05a-e7b3b9a2d256%26pt=campaign%26pv=4%26spa=1773406887%26t=1773407213%26s=caaa2e721d9d7830e410b25b52bdb8cb72f5df73bb7003c889d2ef4be694aded/1/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/o2QbNhpZrHn4TvlpKBZILT0hCnieGCEMXFRs1pt6EZM=448">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ce74e9942-5d7b1d2b-d4e0-4511-8d94-8463d87085e8-000000/I1X5K7lbGn0fMHfWIf7xM8mI9RzYYnnpBo71cG0KVj4=448" style="display: none; width: 1px; height: 1px;">
</body></html>