<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The pro-Iranian hacktivist group Handala compromised Stryker's Microsoft Intune environment, abusing legitimate MDM remote-wipe functionality β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/qE0lo0ZiiFv7qxN03oDDLN7qt2I2rHnvF0Fm23pD6ws=449" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/Y1xtu7nFVwJR7W_hKEyJo68TEavYy15LEBFfv1ljMLA=449" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1def54fe-2366-11f1-88e3-17cb2c803cef%26pt=campaign%26t=1773925642%26s=aa871536589db7aa009d11133fc786171060e096056252df11a0ea5a8ff53bf5/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/QWxOD_8Om9jKQWNIFuQmOvLkCtEbq_bKlzoIEVCYOms=449"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fspecterops.io%2Fopengraph-bloodhound-enterprise%3Futm_source=tldr%26utm_medium=ad%26utm_campaign=web-260313-opengraph/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/xiD36uKgqysaP-o5oliMl8nKRtu-88zPw1EY3fjgJmM=449"><img src="https://images.tldr.tech/specterops.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="SpecterOps"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-19</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fspecterops.io%2Fopengraph-bloodhound-enterprise%3Futm_source=tldr%26utm_medium=ad%26utm_campaign=web-260313-opengraph/2/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/gYwYqrqEs2CBvHfIhGu6kN8KvnVsBvQBB_dw0L0fMc4=449">
<span>
<strong>See Identity Attack Paths Across Okta, GitHub, and Mac (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BloodHound Enterprise users can now see identity attack paths across Okta, GitHub, and Jamf using <a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fspecterops.io%2Fopengraph-bloodhound-enterprise%3Futm_source=tldr%26utm_medium=ad%26utm_campaign=web-260313-opengraph/3/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/B4yL4eidio44CKnizyUDl0mp-53S6L_kex5Zu8XKZ_s=449" rel="noopener noreferrer nofollow" target="_blank"><span>OpenGraph</span></a>.
<p></p>
<p>The new capability helps security teams identify and prioritize hybrid attack paths across identity providers, applications, and repositories. It also extends the value of <a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fspecterops.io%2Fopengraph-bloodhound-enterprise%3Futm_source=tldr%26utm_medium=ad%26utm_campaign=web-260313-opengraph/4/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/4cyg2BhxoLX2tAvGVKdt1pm-EpUMHFf29Hum_56ybzA=449" rel="noopener noreferrer nofollow" target="_blank"><span>BloodHound Scentry</span></a>, accelerating identity attack path management with expert guidance and remediation support.</p>
<p>Heading to RSAC next week? See the new capabilities live at the SpecterOps booth (N-6277).
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techradar.com%2Fpro%2Fsecurity%2Ffortinet-patches-fortigate-firewall-vulnerabilities-that-allowed-hackers-to-steal-enterprise-credentials%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/KHfGj3Yz6Q2qdPpTdJM2AE9PSfAd0lkYhy0pX4adzRs=449">
<span>
<strong>Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SentinelOne observed attackers exploiting three critical CVSS 9.8 vulnerabilities in FortiGate NGFWs between December 2025 and February 2026: CVE-2025-59718 and CVE-2025-59719, both stemming from improper cryptographic signature verification, which allowed unauthenticated attackers to forge SAML tokens and gain administrative access. CVE-2026-24858 was exploited as a zero-day to log into devices using an alternative account. CVE-2025-59718 was added to CISA's KEV catalog in late January 2026. Fortinet responded by suspending FortiCloud SSO before releasing a firmware patch. Defenders should apply the patch immediately, rotate all LDAP and AD credentials associated with FortiGate devices, enforce strong admin access controls, audit mS-DS-MachineAccountQuota settings, and monitor EDR telemetry from servers adjacent to the NGFW for unauthorized local admin account creation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fstryker-targeted-by-large-scale-wiper-attack%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/_gieZRVWyUu9c_kjCLiYimnae4LQhuy0bo3IIs7D08w=449">
<span>
<strong>Stryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices Lost (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The pro-Iranian hacktivist group Handala compromised Stryker's Microsoft Intune environment on March 11, abusing legitimate MDM remote-wipe functionality to factory reset tens of thousands of Windows endpoints across 79 countries, erasing up to 95% of devices in some offices before containment. Handala, assessed by Palo Alto Networks to operate under the Iranian Ministry of Intelligence and Security, claims to have wiped over 200,000 systems and exfiltrated 50 TB of corporate data prior to triggering the destructive wipe. Medical devices, Vocera, Mako surgical robotics, LIFEPAK, and SurgiCount platforms remained unaffected due to architectural isolation from the impacted Microsoft environment. Organizations should audit MDM admin credential access and enforce conditional access policies to prevent similar living-off-the-land abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F18%2Fmarquis-says-over-672000-people-had-personal-and-financial-data-stolen-in-ransomware-attack%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/Fi7kiPLnEmUb09_GuyPLx2h2UogTf55rzvxfkJ-ysGY=449">
<span>
<strong>Marquis says over 672,000 people had personal and financial data stolen in ransomware attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Marquis had 672,075 people's data stolen in an August 2025 ransomware attack. Stolen data includes names, birth dates, addresses, bank and card account numbers, and Social Security numbers, with over half the victims living in Texas. Marquis sued its firewall vendor, SonicWall, in February, as it claims SonicWall's failings let attackers steal firewall configuration backup files to breach its network.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fblog%2F2026%2Fsemgrep-autofix-public-beta%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/VemINpNLdmOv4R2Wv8mpl67X5_CvLcA3QqcMlP8AzYU=449">
<span>
<strong>Accelerate and Automate Remediation with Semgrep Autofix (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Semgrep Autofix, now in public beta, pairs the Semgrep Pro static analysis engine with frontier-model LLMs to deliver contextual upgrade guidance, line-level breaking change analysis, and AI-generated fix suggestions directly in pull requests. The tool performs dual static analysis β first-party code analysis to map how your codebase uses a dependency, and third-party version diffing to identify breaking changes β before passing results to an LLM to produce high-confidence remediation. Layered on top of Semgrep Assistant's existing 95% false positive reduction via codebase-aware reachability analysis, Autofix shifts developer effort from writing fixes to reviewing AI-generated patches.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjfrog.com%2Fblog%2Fagent-skills-new-ai-packages%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/BkbXZ3tMItJ6pyHUcsXUY_cBZGgPOBKXiLf9AJNt3WE=449">
<span>
<strong>Agent Skills are the New Packages of AI: It's Time to Manage Them Securely (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JFrog launched the Agent Skills Registry, a centralized repository for governing AI agent skills β reusable, file-system-based instruction sets that execute with the invoking user's privileges and carry the same supply chain risks as OSS packages: prompt poisoning, malicious code, version drift, and weak provenance. The registry integrates with Agent Skills, ClawHub, and OpenShell, and enforces a publish-time security pipeline via `jf skills publish` that runs a two-stage behavioral scan, generates in-toto compliant attestations, and optionally produces cryptographically signed provenance evidence before a skill reaches the repository. At install time, `jf skill install` verifies that evidence chain, providing zero-trust consumption across coding agents, CI/CD pipelines, and automation tooling without locking teams into vendor-specific marketplaces.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fthanks-itsms-threat-actors-have-never-been-so-organized-bmc-footprints-pre-auth-remote-code-execution-chains%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/wVpkFrLbABcQjFBhO03OFeSEU38N96wyobz9m-HptMw=449">
<span>
<strong>The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains) (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
watchTowr chained four flaws in BMC FootPrints β an auth bypass (CVE-2025-71257), two SSRF bugs (CVE-2025-71258, CVE-2025-71259), and a Java deserialization RCE (CVE-2025-71260) β to achieve pre-authenticated remote code execution on fully patched versions 20.20.02 through 20.24.01.001. The auth bypass leaks a session token via the password-reset endpoint, which then unlocks the SSRF and deserialization chains. BMC shipped hotfixes in September 2025 after a three-month back-and-forth reproduction process. CVEs were only assigned in March. FootPrints had no CVEs since 2014, making it an under-scrutinized target sitting on networks that also hold IT asset inventories and incident data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fguides%2Fworkforce-idv-checklist%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=brnd_wf_ds_wf-idv_infosec-tldr-idv-checklist/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/_Hipu-RlIzvoBlADcF2vRIv96IA-Pc5Z3a5ooVs2ExQ=449">
<span>
<strong>7 must-have features to secure your workforce (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors don't break in β they log in. As credential-based attacks become the primary entry point for breaches, you need workforce identity verification (IDV) to verify that every login is legitimate. The Workforce IDV checklist breaks down the seven must-have features to help you evaluate solutions and protect against unauthorized access.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fguides%2Fworkforce-idv-checklist%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=brnd_wf_ds_wf-idv_infosec-tldr-idv-checklist/2/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/apm-RqxaNE7LjX7SzlANoM78uRgPolAuLfq8aA6CNe4=449" rel="noopener noreferrer nofollow" target="_blank"><span>Download the checklist today</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fnikaiw%2FVMkatz%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/mQ0GleVlM87i0ZowlUNsqH-PnYQUofcyUYdXyB_tkhA=449">
<span>
<strong>VMkatz (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VMkatz is a ~2.5 MB static binary that extracts Windows credentials directly from VM memory snapshots and virtual disks across VMware, VirtualBox, Proxmox, and Hyper-V without exfiltrating disk images. It supports all 9 LSASS SSP providers via in-place decryption, native VMFS-6 raw SCSI access to bypass file locks on running ESXi VMs, and natively parses NTDS.dit ESE databases for full Active Directory hash extraction with no impacket or external dependencies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnative.security%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/tS7UHstJYKcXy-5mxPt5zW-O7gI_82RoH6qYWv64jl0=449">
<span>
<strong>Native Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Native provides a multi-cloud security control plane that turns high-level security policy into provider-native controls, enforcing secure-by-design architecture across AWS, Azure, Google Cloud, and Oracle using builtβin security features instead of after-the-fact detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FAchiefs%2Ffim%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/YI52vYRn3_XguQJmJcBDt4PkmQk0iFG7upTUVR0KEsI=449">
<span>
<strong>Fim (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real-time alerting, and provides Audit daemon data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhunt.io%2Fblog%2Firan-botnet-operation-open-directory%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/4A1KlrGmN7SkjI5lJPzs6N5GQToDCMsA1_ux5Rr1X18=449">
<span>
<strong>Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2 (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An OPSEC failure on an Iranian-hosted staging server at 185.221.239[.]162 exposed a financially motivated operator's full working environment, including a 15-node KCP-based relay network spanning Finnish Hetzner nodes and Iranian ISPs, a Python botnet deployer (ohhhh.py) opening 500 concurrent SSH sessions to compile and launch a DDoS bot client (cnc) directly on victim machines via gcc, and MHDDos tooling tested against live targets. The exposed .bash_history documented three operational phases: tunnel deployment using paqet and 3x-ui, DDoS development targeting a FiveM GTA server (5.42.223[.]60:30120) and 194.147.222[.]151, and iterative C2 botnet buildout with Farsi inline comments confirming operator origin. Defenders should block the listed IOCs, monitor for unexpected gcc invocations and renamed binaries ("hex"), audit SSH access logs for credential-stuffing patterns, and treat any recruited hosts as independently compromised regardless of C2 reachability.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fes7Ndm/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/Ft-LOffbf94epN-4jqNxFOJ0tyM3ThCpsQVXGIOlfwk=449">
<span>
<strong>The Shadow AI Problem: How SaaS Apps Are Quietly Enabling Massive Breaches (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Grip Security analysis of 23,000 SaaS environments found every one of them runs embedded AI, with public SaaS attacks up 490% year-over-year and 80% of incidents exposing PII or customer data. The 2025 Salesloft Drift breach shows the blast radius: attackers stole OAuth tokens and used them to access 700+ organizations, including Cloudflare and Palo Alto Networks. Companies average 140 AI-enabled SaaS environments, most of which are installed without a security review.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FrSJAvr/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/WeHQ1ztXTSMVQWcQyTeZzZvpc9gq9mvs8W5GFFF-ab0=449">
<span>
<strong>'Claudy Day' Trio of Flaws Exposes Claude Users to Data Theft (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oasis Security researchers combined three vulnerabilities β an invisible prompt injection through URL parameters, an open redirect on claude.com, and data exfiltration via the Anthropic Files API into a single attack called "Claudy Day." When a victim clicks a malicious Google search result, it loads covert instructions that silently extract conversation history, save it to a file, and then upload it to the attacker's Anthropic account. If MCP servers or integrations are active, the attack's impact extends to files, messages, and connected APIs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.quantamagazine.org%2Fquantum-cryptography-pioneers-win-turing-award-20260318%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/FlxzmpfK72NhzF25AEUyE7y4FSOhS4CnKTRJM2CFFM0=449">
<span>
<strong>Quantum Cryptography Pioneers Win Turing Award (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Charles Bennet and Gilles Brassard were awarded the Turing Award for their pioneering work in Quantum Information Science.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F18%2Flinux_foundation_ai_slop_defense%2F%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/FbXIGaJjEiWS4cfBbUrnaTUoyfvTbVDQsVV6KbqRImg=449">
<span>
<strong>Linux Foundation Kicks Off Effort to Shield FOSS Maintainers from AI Slop Bug Reports (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI have pledged $12.5M to a project to help open source maintainers combat the deluge of AI-generated bug reports.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F189620%2Fhacking%2Fresearchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html%3Futm_source=tldrinfosec/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/WiVfffkrzoIYgXS8V3AxiUAaV2YOZ4YqAJsIMuM7oGw=449">
<span>
<strong>Researchers warn of unpatched, critical Telnetd flaw affecting all versions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-32746 (CVSS 9.8) is an unpatched buffer overflow in GNU InetUtils telnetd's LINEMODE SLC handler affecting all versions up to 2.7 that enables unauthenticated RCE as root via a single connection to port 23.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/OQHNkVyOxoagrJty7-vJHybgTWQjhzGSrfpPjOb12iA=449" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/Sm6ZfkO0xqo9Ohk3Lpe1fVjxO0tLGZ-yH1CLI0qw2OU=449" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/Ora0SAc1n1Qls1QgYvTPaAM_mAgf0hM-B1ZLk0R9OmA=449"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/14XSqnMPk8GBtAQkkqfV2Zvks5BqzqZlJaAD2zY5wUo=449" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/wT4IRESIdCM4T8dMDVjGZKPmCk69Zb1amei9UdOSwkU=449" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/8pEfNRivH24J0Egjf5ssSYQnGe4ZkGSA3XNrH2AngK4=449" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/EYM7tFZjBpUFSNozB066HPBh_sqZfhT40ls-GC58Fgs=449"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/uS13On_CBCz_RbUy_BVOWeWEYtJg9IM71F7bqJTES1E=449"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/DdehbAEfXjfVBIW8vBa3uRPhyTZXIStOIdI9yV_qrak=449"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/z-N4pIrjBF8IP1RJ5tOBTHTivIRq6sDOUpVV6SD9tbc=449">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1def54fe-2366-11f1-88e3-17cb2c803cef%26pt=campaign%26pv=4%26spa=1773925294%26t=1773925642%26s=96abc42335d5947869948c199ead44b0f4c739ac1a3145c08f9560b1a366d2e0/1/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/r9m9TUi12WwhwZAZgj-QYA9bVyz7mMvCy1-pQ-P9eP0=449">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d06353271-d83033ff-faad-4613-87a4-2cdd9bf04c50-000000/6iMW_33SFNWvG-waCHc790I0nXXcrXObfvwKA0nr3ZI=449" style="display: none; width: 1px; height: 1px;">
</body></html>