<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Dropbear SSH server versions through 2024.84 contain CVE-2025-14282, which allows privilege escalation to root via Unix socket forwarding β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/xeHR1SnkdIB_AGsWFN1vjKDW7r0Jc3xqw3rIDA7Y1xQ=436" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/DhSmSIRy4-w2mo8aSHTEkfnFY3fsKq-fFsYl9SNHUV8=436" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9cb01ac2-dfd6-11f0-a9e0-e949775d7896%26pt=campaign%26t=1766498803%26s=7b7428412fe347ee0f4af1306cdff3de4f430974f17fdc7eaaca9add25a07735/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/JebHZS4VSwlAYwqpb1ej5mZGxFqrAIR7-LJQb3sV0MU=436"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2025-12-23</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.heise.de%2Fen%2Fnews%2FSSH-server-Dropbear-allows-privilege-escalation-11119397.html%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/6wDsX9UVd1HvpE9eRy35Ha-K7P4M22s2fXceWYtD5CA=436">
<span>
<strong>SSH server Dropbear allows privilege escalation (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dropbear SSH server versions through 2024.84 contain CVE-2025-14282 (CVSS 9.8 Critical), which allows privilege escalation to root via Unix socket forwarding. Programs that authenticate forwarded connections, by misusing SO_PEERCRED, receive root credentials instead of the actual user's credentials. Dropbear 2025.89 fixes this by implementing comprehensive changes to Unix socket handling and disabling socket forwarding when forced command options are used, preventing command restriction bypass. Organizations running Dropbear on embedded systems, such as OpenWRT routers and single-board computers, should immediately update or deploy the temporary mitigation using the dropbear -j flag (which also disables TCP forwarding) or compile with #define DROPBEAR_SVR_LOCALSTREAMFWD 0 in localoptions.h and distrooptions.h header files.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tomshardware.com%2Ftech-industry%2Fcyber-security%2F1-000-computers-taken-offline-in-romanian-water-management-authority-hack-ransomware-takes-bitlocker-encrypted-systems-down%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/1A90kJhgvasSEDz9CTFOkgJYgA5kdmwVyjw9XxhcbeQ=436">
<span>
<strong>1,000 computers taken offline in Romanian water management authority hack β ransomware takes Bitlocker-encrypted systems down (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Romanian water authorities suffered a ransomware attack that encrypted systems using BitLocker and disabled about 1,000 computers across 10 of 11 regional offices. Core IT services, such as email, web platforms, databases, and GIS, were impacted, though the water supply continued.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.koi.ai%2Fblog%2Fnpm-package-with-56k-downloads-malware-stealing-whatsapp-messages%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/-FmtZVtc_78DqukCq6GHdvqNG_sxwq1fA-EYLYJ4StY=436">
<span>
<strong>NPM Package With 56K Downloads Caught Stealing WhatsApp Messages (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The lotusbail npm package masqueraded as a legitimate WhatsApp Web API fork with functional code while secretly intercepting authentication tokens, messages, contacts, and media files through a malicious WebSocket wrapper. The malware employed sophisticated evasion techniques, including custom RSA encryption, four-layer obfuscation, 27 anti-debugging traps, and a hardcoded pairing code that established persistent backdoor access surviving package removal. Security professionals should implement behavioral runtime analysis to detect anomalous activities, such as custom encryption in communication libraries, and manually unlink all devices from WhatsApp settings if compromised.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fvulnhalla-picking-the-true-vulnerabilities-from-the-codeql-haystack%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/l13rQOoB_-2NGfEQPSKRIuYqv13o41UVbt8XKOYYMHg=436">
<span>
<strong>Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Modern vulnerability research can blend static analysis with large language models to cut through overwhelming false positives and highlight only issues that look genuinely exploitable. By feeding CodeQL findings and carefully chosen code context into an LLM, and then guiding it with structured questions about data and control flow, the system mimics how senior researchers reason about real bugs rather than surface patterns. Pre-extracting functions and related entities into fast-searchable CSVs makes this scalable across huge C and C++ codebases, enabling discovery of impactful issues and even new CVEs with modest time and compute.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fredcanary.com%2Fblog%2Fthreat-intelligence%2Femail-bombing-virtual-machine%2F%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/6s5d5L7gZX4v2K7UO2Ib1XTEZp2L0G5fTxDOZlb1348=436">
<span>
<strong>Beyond the bomb: When adversaries bring their own virtual machine for persistence (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Red Canary detected a novel attack where adversaries deployed spam bombing followed by fake tech support calls leveraging Quick Assist to introduce a QEMU virtual machine (Windows 7 SP1) running Sliver C2 implants, QDoor backdoor, and ScreenConnect for redundant persistence. The VM was configured for internal network reconnaissance via SRV record queries and external C2 communications to marnyonline[.]com and 45[.]61[.]169[.]127. Forensic analysis of the 8GB disk image revealed the adversary's toolkit through prefetch data, browser history, persistence mechanisms in start.txt, and volume shadow copies containing deleted artifacts. Defenders should monitor for anomalous QEMU execution on standard endpoints, implement strict Quick Assist controls, detect internal SRV record enumeration and ping sweeps with single-packet patterns, hunt for Sliver team server SSL certificates with CN=multiplayer and O=operators fingerprints, and deploy behavioral analytics to identify VM deployment following remote assistance sessions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPinperepette%2FMacPersistenceChecker%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/vyYXd5UfVvGN1HGzDBPRNvM-eMjK_89SGunw5rBsv4M=436">
<span>
<strong>MacPersistenceChecker (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MacPersistenceChecker is a native macOS security tool that enumerates all persistence mechanisms across 20+ categories, including launch agents, system extensions, and BTM database entries, scoring each item 0-100 based on code signatures, LOLBins detection, and behavioral anomalies mapped to MITRE ATT&CK framework. The tool includes real-time monitoring with optional Claude AI integration that analyzes changes using full context, including risk scores and intent mismatches, plus MCP server support enabling Claude Code integration for natural language queries against persistence data. Security teams can leverage containment features to quarantine suspicious items with automatic backup and timed release.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FJumpsecLabs%2FTokenFlare%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/cd9LxjpBrVEY5oGSfYa2k4vI-Oc013PBro60uRFVr4w=436">
<span>
<strong>TokenFlare (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TokenFlare is a serverless AITM phishing simulation framework targeting Entra ID/M365. Its core logic is just 530 lines of JavaScript. TokenFlare supports multiple OAuth flows, including Intune Conditional Access bypass techniques, and is deployable to Cloudflare Workers or a local HTTPS proxy, with built-in bot/scraper blocking and production-ready infrastructure, in under 60 seconds. The framework captures credentials, auth codes, and session cookies via configurable webhooks, uses modular campaign configuration for custom branding and URL structures, and includes Certbot integration for automated SSL certificate provisioning. Blue teams can detect TokenFlare via static IoCs: the HTTP header "X-TokenFlare: Authorised-Security-Testing" and the User-Agent "TokenFlare/1.0 For_Authorised_Testing_Only". They should monitor for serverless worker abuse, suspicious OAuth flows with rapid authentication handoffs, and webhook exfiltration patterns targeting M365 authentication tokens.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.docker.com%2Fproducts%2Fhardened-images%2F%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/gk7yX428RkRF4kas3OXenu8WkI_VAlvZFc0vA9o2vB0=436">
<span>
<strong>Docker Hardened Images for Free (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Docker has released over 1,000 secure images that are free and open source for developers. These images are regularly scanned and updated to minimize or eliminate exploitable CVEs. They run as non-root by default, are minimal to lower the attack surface, meet compliance standards, and are available across multiple distributions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2025%2F12%2Fus-doj-charges-54-in-atm-jackpotting.html%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/V7MtmHioaQNFX4KYujjCPebTFHwOWiymYF2CPWJSPVk=436">
<span>
<strong>US DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The DOJ indicted 54 individuals linked to Venezuelan gang Tren de Aragua for deploying Ploutus malware in a multi-million dollar ATM jackpotting operation involving 1,529 incidents since 2021, resulting in $40.73 million stolen to fund terrorist activities. Attackers conducted physical reconnaissance, opened ATM hoods to test alarm responses, then installed Ploutus by replacing hard drives or connecting USB drives to issue unauthorized commands to Cash Dispensing Modules while deleting forensic evidence. The malware targets Windows-based ATMs (particularly legacy XP systems and Diebold models) and can be activated via a physical keyboard with activation codes. Financial institutions should implement physical tamper detection on ATM enclosures, upgrade legacy Windows XP systems, monitor Cash Dispensing Module command patterns for anomalies, implement hard drive integrity checks and USB port access controls, and deploy enhanced physical security measures, including alarm response verification protocols.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2025%2F12%2F22%2Fhacktivists_scrape_songs_spotify%2F%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/WRILbmmBhFIf4FZSFbeYU27cJgpeaLKEFkykkkOcp7M=436">
<span>
<strong>Hacktivists scrape 86M Spotify tracks, claim their aim is to preserve culture (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hacktivists linked to Anna's Archive scraped around 86 million Spotify tracks, claiming to safeguard musical heritage from catastrophes and platform risk, yet only about a third of Spotify's total catalog is actually preserved as audio. Spotify calls the operation piracy. It shut down the scraping accounts and plans to strengthen safeguards. Anna's Archive has hinted at possible future singleβtrack downloads.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Fsouth-korea-facial-recognition-phones%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/1FBztUyMur6AYOMSPEdpo3tSSmkYw5i-3YFEy-b_7U8=436">
<span>
<strong>South Korea to require facial recognition for new mobile numbers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korea plans to require facial recognition when people sign up for new mobile numbers, matching ID photos with real-time images to block phones registered under false identities. The rule, which applies to major carriers and virtual operators, starts on March 23. Authorities hope to curb widespread voice phishing scams and address security weaknesses exposed by a massive SK Telecom data breach that affected 27 million SIM subscribers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffbi-seizes-domains-us-id-templates-bangladesh%2F%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/OrwcJC2fPPFLjEA8e6j3F73JnTHLhGKtGdjx4Jps2iQ=436">
<span>
<strong>FBI Seizes Fake ID Template Domains Operating from Bangladesh (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI indicted 29-year-old Zahid Hasan from Dhaka, Bangladesh, and seized three domains.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Finterpol-led-action-decrypts-6-ransomware-strains-arrests-hundreds%2F%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/5vYv0yTu34UhwgSP8idq_LTaaiLED5foYx9lC-4-31U=436">
<span>
<strong>Interpol-led action decrypts 6 ransomware strains, arrests hundreds (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Interpol's Operation Sentinel resulted in 574 arrests across 19 African countries, recovered $3 million, and decrypted six ransomware variants.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2025%2F12%2Fpornhub-tells-users-to-expect-sextortion-emails-after-data-exposure%3Futm_source=tldrinfosec/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/tN8blIPilWUV-QX9Stt2wPHqms5gRo88Q6lGgOg7sZM=436">
<span>
<strong>Pornhub tells users to expect sextortion emails after data exposure (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pornhub warned Premium members to expect sextortion emails after a November 8 data breach at third-party analytics provider Mixpanel exposed user information.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/Bftn8Fh2rVPlckkXX-0yiOSJq5PAUrSfOt-PbVUyjbQ=436" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/bUIbHCCWpay7corfqW6doF-rPezq9o1Q6JE-BZig8Jg=436" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/rBVdhhW3sOfLz-q3cMgY-fvTyW2zRmFWEJsZF2XgoM0=436"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/7mtcHQ8bj93-RJvTzz19GDpU-9Edmk0notgGXotEjXY=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/Mh9w2fkhYzk6UTmb3IlUxMNtb8N-8qmGzxulT6AAu88=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/TpSsNksGoyWG7KocuCnV2xjEDzYGhQzye4jHW5qf0aQ=436" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/9bYFGz2mhxEr9ptmyIOBQ_zOE2g6BMrUCoJt8T6Oc-A=436"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/lIywrzJ6cddZkyLRnxqxN6WI-TGSjJwFIZpgK15Opxo=436"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/qNBsv-X9CTKGXg6SknHehqtWqcF5cNhZG91TgyDt-1k=436"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/57mb31TosEJgGS-Q_DMWWa9PrazxQ9F7i6OrgiuOIgU=436">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9cb01ac2-dfd6-11f0-a9e0-e949775d7896%26pt=campaign%26pv=4%26spa=1766498499%26t=1766498803%26s=461e12caab0d3b47a35c7b3bc7cf818f0fb91fa22b03d28f13811e16b177dfb2/1/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/SxjVme2xZUp6oRQBAg_rDAkSDPl6Z8NAuoGDvAjlydo=436">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019b4b889fb2-ccff0776-4675-443f-894e-1d97aac4c451-000000/tS3xQVel9qo3yCOnt-bJR4wh4SzX7JaSyOTI8QxyM84=436" style="display: none; width: 1px; height: 1px;">
</body></html>