<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The group responsible for the recent supply chain compromise of Trivy claimed responsibility for a supply chain compromise of LiteLLM PyPI </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/9qQycu22j_WSDcUVYc9TKH6TnrRSo95pCYJiauJYzIk=450" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/9vSODb9bNH2rFD3P4uiIkCCH0bwdWGG2tCuMEw5f_Rs=450" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9bec50a0-28ca-11f1-be3b-5bdd74c75174%26pt=campaign%26t=1774532272%26s=023ee7546b758f26bdc344153cfab2d856d3e1616121c4b8f6192509dca18298/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/kyjr5SnS9oEU47j5BVj5N557rhuNNRgKOLQYAKm0V_Y=450"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fproduct%2Funified-access%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_rsa_lp_unified-access_sa%26utm_content=infosec_newsletter_032626/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/9ngWEdY0LiUzAwy7iHCCEudCYFiA1sggrOTd1cuNJc0=450"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-26</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2F1password.com%2Fproduhttps:%2F%2F1password.com%2Fproduct%2Funified-access%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_rsa_lp_unified-access_sa%26utm_content=infosec_newsletter_032626/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/U72Z5ILpfqGzHj_h81husttsz2QPmWHpjudqV3h9Jvs=450">
<span>
<strong>Secure access across humans, AI agents, and machine identities (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Legacy IAM tools like PAM and SSO can't manage access from the ever-growing sprawl of identities, SaaS apps, and AI agents.<p></p><p>That's why 1Password created Unified Access. This is the solution designed to help reduce endpoint blind spots, credential sprawl, and accountability gaps. </p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fproduct%2Funified-access%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_rsa_lp_unified-access_sa%26utm_content=infosec_newsletter_032626/2/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/4X9kePgQrcf4ih5Ra2aZ3zEk75NIHvSFWn5e8KlB28k=450" rel="noopener noreferrer nofollow" target="_blank"><span>Unified Access is a comprehensive solution for shadow AI discovery, secure vaulting, and context-aware authorization.</span></a></p>
<p>Learn how it gives you visibility and control over all access, whether from humans, agents, or machine identities.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fproduct%2Funified-access%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_rsa_lp_unified-access_sa%26utm_content=infosec_newsletter_032626/3/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/73nduuDY5WuJ8bErGSTE1t0ViJqByONq_R4XEm44P9M=450" rel="noopener noreferrer nofollow" target="_blank"><span>Explore the solution.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FZyTOh6/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/qtLGIHq4OdrcHePnD-v0-OJgfQmRZ_RF_sFlBT0F9O0=450">
<span>
<strong>Popular LiteLLM PyPI Package Backdoored to Steal Credentials and Auth Tokens (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The TeamPCP hacking group, which was responsible for the recent supply chain compromise of Trivy, claimed responsibility for a supply chain compromise of the LiteLLM PyPI package. The malicious updates download a ‘.pth' file, which Python runs on every interpreter startup to download the CloudStealer payload. The stealer attempts to steal credentials such as cloud access keys, Kubernetes service account tokens, SSH keys, cryptocurrency wallet data, and database credentials, then attempts lateral movement to Kubernetes clusters and installs a persistence script via systemd.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7M5i9d/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/kDTKrq321DmP1gS4zhIuhwsKCV8tTf0ox5XfD7D9dZ4=450">
<span>
<strong>TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TP-Link has patched several vulnerabilities in its Archer NX router series, including an authentication bypass that could allow attackers to upload arbitrary firmware. The flaw stems from a missing authentication check in the HTTP server for certain CGI endpoints. Other patched flaws include removing a hardcoded cryptographic key and patching two command-execution vulnerabilities that required admin privileges.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FphtxNo/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/LsLWH_GRgVExH0d1ajsb75ZnWixxgq2sHbNyDz-W5Z0=450">
<span>
<strong>TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TeamPCP, the group behind the Trivy supply chain attack (CVE-2026-33634, CVSS 9.4), compromised two Checkmarx GitHub Actions, checkmarx/ast-github-action and checkmarx/kics-github-action, by reusing credentials stolen from the Trivy breach four days earlier. The "TeamPCP Cloud stealer" harvests SSH keys, AWS/GCP/Azure creds, Kubernetes configs, Docker secrets, and crypto wallet data, exfiltrating them as an encrypted archive to checkmarx[.]zone. Trojanized Open VSX extensions for VS Code were also pushed.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.reversinglabs.com%2Fblog%2Fnpm-fake-install-logs-rat%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/4FBV-QuqhbljvgQa71elqG66wgS4VXNSGBubW_V1vj8=450">
<span>
<strong>Fake install logs in npm packages load RAT (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers found a cluster of malicious npm packages, dubbed the "Ghost campaign," that has been active since early February. Published by a single npm user, the packages display fake installation logs with random delays and a progress bar to disguise malicious activity. During this fake process, users are prompted to enter their sudo password under the guise of fixing installation errors. That password is then used to execute a final-stage RAT that steals crypto wallets and sensitive data. Other research links a related package to the same techniques, suggesting this may have been an early test run of a broader campaign.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.hackmosphere.fr%2Fen%2Fpentest-of-a-100-vibe-encoded-app-complete-security-analysis-of-an-ai-generated-app%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/Ewvd1XVhZy1JBNLobQzk-zyPUXx-kkZ9Y8wd9G2C2MM=450">
<span>
<strong>Pentest of a 100% vibe-encoded app: complete security analysis of an AI-generated app (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A web app built entirely with Claude Opus 4.6 was pentested in grey-box mode with standard user credentials. Critical findings came fast: an LFI via an unfiltered full_path parameter exposed /etc/passwd and opened the door to RCE. An IDOR on /employee/{guid} lets any user pull other employees' emails, roles, and password hashes by harvesting GUIDs from a public leaderboard API. The front-end ran Vite 5.4.10, carrying three known CVEs. AI-generated code ended up skipping input validation, weak access controls, and dependency checks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthecybersecguru.com%2Fnews%2Flitellm-supply-chain-attack%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/U0qAlFj-1aevt2aE4FOEBBDm5Ftl4c95cswxk_9GjXw=450">
<span>
<strong>The LiteLLM Supply Chain Attack: A Complete Technical Breakdown Of The AI Ecosystem's Darkest Hour (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TeamPCP exploited a `pull_request_target` GitHub Actions misconfiguration in Aqua Security's Trivy scanner on February 27 to steal a privileged PAT, rewrote 75 of 76 mutable version tags in the trivy-action repo to deliver credential-stealing code, and ultimately harvested LiteLLM's PyPI publish token from its unpinned CI/CD pipeline to push malicious versions 1.82.7 and 1.82.8 (97M monthly downloads). The v1.82.8 payload used a `.pth` file in site-packages to trigger a double base64-encoded infostealer on every Python interpreter startup, targeting SSH keys, AWS/GCP/Azure credentials, CI/CD secrets, and crypto wallets, with stolen data AES-256 and RSA-4096 encrypted before exfiltration to `models.litellm.cloud`. Defenders should pin all GitHub Actions to immutable commit hashes, enforce strict lockfiles (Poetry or uv), scope CI/CD tokens to least privilege, and treat any environment that ran Python between 09:00 and 13:30 UTC on March 24 as fully compromised, requiring full credential rotation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Falice-dot-io%2Fcaterpillar%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/ysDYexvOq501isRvxqzv-bQi_aeYMqlFfGA8gUaGmVg=450">
<span>
<strong>Caterpillar (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Caterpillar is a security scanner for AI skills that scans for anti-patterns in those skills before a user downloads them.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fescape.tech%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/eC2rPu7YpP_GQONelalmCOtQoNlhbWM_KlTVs31zi80=450">
<span>
<strong>Escape (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Escape is launching an offensive security platform that uses automated agents to discover, test, and fix application vulnerabilities within engineering workflows, including attack surface mapping and security testing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fanotherhadi%2Fdefault-creds%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/iDMgMb9vxzaOH2AVsQQCQ4EABD8RE2J6SNLJBWak1lw=450">
<span>
<strong>Default Creds (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Default Creds is a centralized, community-driven repository of factory-set credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F189900%2Fcyber-crime%2F81-month-sentence-for-russian-hacker-behind-major-ransomware-campaigns.html%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/mFnkIvcGcNQB15iNS2wZrO6xvLnUAiRgoXz5iNxlnuw=450">
<span>
<strong>81-Month Sentence for Russian Hacker Behind Major Ransomware Campaigns (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A US federal court sentenced Aleksei Volkov to 81 months in prison for acting as an initial access broker for the Yanluowang ransomware group. He broke into corporate networks, sold that access to ransomware operators, and took a cut of the proceeds. Attacks caused $9M in actual losses and $24M in intended losses. Arrested in Rome in 2024 and extradited, he pleaded guilty in November 2025 to fraud, identity theft, and conspiracy, and must pay $9.1M in restitution.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F25%2Fdelve-did-the-security-compliance-on-litellm-an-ai-project-hit-by-malware%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/ZF34TdWWcv_Gu2Ub_dis2l7fcAg2MEy7dHBzzlXFKIc=450">
<span>
<strong>Delve did the security compliance on LiteLLM, an AI project hit by malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A credential-harvesting malware slipped into LiteLLM (3.4M daily downloads) via a compromised dependency, propagating across downstream packages and accounts before being caught within hours by a FutureSearch researcher whose machine crashed due to a bug in the malware itself. LiteLLM holds SOC 2 and ISO 27001 certifications issued by Delve, a YC-backed compliance startup that has been separately accused of generating fake audit data and rubber-stamping reports. Mandiant has been brought in for forensic review, with technical findings to be shared with the developer community upon completion.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackaday.com%2F2026%2F03%2F25%2Felectric-motorcycles-dont-have-to-be-security-nightmares-but-this-one-was%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/05NKWmwck3HZtYXaK4CaIeII9gYEkIyDsTHVR37sIso=450">
<span>
<strong>Electric Motorcycles Don't Have To Be Security Nightmares, But This One Was (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers Persephone Karnstein and Mitchell Marasch presented at BSides Seattle 2026 how they achieved full firmware control over a Zero Motorcycle by exploiting its OTA update mechanism and a VIN validation bypass that accepted any VIN-structured code rather than a registered one. The attack surface extended to the battery management system, enabling a conceptual payload capable of triggering a battery fire, disabling the brakes via OTA, and blocking factory resets that would otherwise reverse the compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FSUPE35/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/vBqe7DykDOLe7rBPOjPf1wgsCQ-yD3aGcxc6FXVORZ0=450">
<span>
<strong>CSA Launches CSAI Foundation for AI Security (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Cloud Security Alliance spun out CSAI, a nonprofit focused on security for autonomous AI agents.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fgoogle-moves-post-quantum-encryption-timeline-to-2029%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/-sYXfQgAzv1wF5AS8b2FZ6Y9OexHvnxot7kXcI1qbPg=450">
<span>
<strong>Google moves post-quantum encryption timeline up to 2029 (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Citing faster-than-expected advances in quantum hardware, error correction, and factoring, Google accelerated its internal PQC migration deadline to 2029, six years ahead of the NIST-mandated 2035 federal baseline, and called on private industry to follow suit.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fmirai-malware-variants-botnet-growth%2F%3Futm_source=tldrinfosec/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/I2y1u8duK4NLFLl3Pa32mEwFBMQx9zlkn7xnbgNOLF8=450">
<span>
<strong>Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Botnet C2 servers grew 24% in H2 2025, driven by 116 Mirai variants across 21,000+ samples targeting IoT devices.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/YzqjrrtRobJjaKAvgn2TAb_vjsAg_w4oRKXPrQtAe-E=450" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/mA79lJUxVxzySCOV0dzaQRY1lDmE9I8ZgCksImTZgIs=450" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/Cxa9xEasPRDyCFw2oTm2W8VDGiuz_UgT1B9zu343gys=450"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/N4hE_M6AV9kaw-91gR8roy5teMQkjKDIm67WZHTXAcI=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/svJFzXuN56TH4TmkfWjSJSfeQ64MpLEcJv-PSq9fIVo=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/HnVhRCPugf0rQKWNpZ5Hj7GMjh2TKCpkUVPe75maO2w=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/mkSOC6o6mtIcjAf0W_LFqS9-Xp15S4WgrwGev_V5ujA=450"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/tjWG2r0nxUPSU6rRE-J4tSFE8BF9fcHHSnKi6Xfyd-s=450"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/3gUhRRo2mYyuvwCVl3Ak2tysjV95nm-Q0KJ6gKdMLKY=450"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/lXmH9TuivufjpD5F3qIYCBFw9QIc7Nt000WR_y_4ipg=450">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9bec50a0-28ca-11f1-be3b-5bdd74c75174%26pt=campaign%26pv=4%26spa=1774530177%26t=1774532272%26s=b8058b0289d6ed6962467714ec634d51d466a9d5c46935a92ffefaac51fe3126/1/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/eRM9TW1HuHLbRpZQef9fgmT-E5gNo6QuRXYbREiBSUo=450">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d2a5da397-7003e7d3-5301-4a60-8cd1-72d3553d8282-000000/2DD_TznaTBe5vqVMfesi66OJTvE70hgPRkw0AppeAD4=450" style="display: none; width: 1px; height: 1px;">
</body></html>