<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Claude Cowork is a new general-purpose agent now available in research preview. It is vulnerable to indirect prompt injection via uploaded files </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/IQ0y9xuw4YUFld3Y_gBSdkerG9AmC81zxOfosK3314g=440" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/1JNCvpR-_dfW4A7qSnBxxx_vLsnbTrolpY18iOrizSc=440" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5a419ca6-f4f8-11f0-a7a7-63b936149216%26pt=campaign%26t=1768832781%26s=8d136adb4e761b339317da9905be10b5ab1fb950ab89c387116834a7e88989ad/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/axthL36VPD7cRy2pw1hKMDvJznS8ZinQS1YEch3WMm4=440"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzenity.io%2Fresources%2Fwebinars%2Finside-the-owasp-top-10-for-agentic-applications%3Futm_source=referral%26utm_medium=sponsored%26utm_campaign=tldr%26utm_content=infosec-primary-jan19-cta1/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/ZsxCi66uhjCzhIH_9JuQoUvEZ8iwQO_QS-l1T-0dzDE=440"><img src="https://images.tldr.tech/zenity.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Zenity"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-01-19</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzenity.io%2Fresources%2Fwebinars%2Finside-the-owasp-top-10-for-agentic-applications%3Futm_source=referral%26utm_medium=sponsored%26utm_campaign=tldr%26utm_content=infosec-primary-jan19-cta1/2/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/eT7PxYT_VfAaBO_Sl_7HXOhBjD5kyLu670PN5aVjS-8=440">
<span>
<strong>AMA: Inside the OWASP Top 10 for Agentic Applications (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The industry now has a peer-reviewed risk framework for autonomous, tool-using AI agents. In <a class="c-link" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzenity.io%2Fresources%2Fwebinars%2Finside-the-owasp-top-10-for-agentic-applications%3Futm_source=referral%26utm_medium=sponsored%26utm_campaign=tldr%26utm_content=infosec-primary-jan19-cta1/3/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/UbLssPZGrFMXr-Ja4zJjachlGzEoHkPAziB37DYa3hg=440" rel="noopener noreferrer" target="_blank"><span>this live AMA-style webinar</span></a> on Wed. 1/28, engage with <strong>Chris Hughes, Steve Wilson, Michael Bargury, and Kayla Underkoffler</strong> - security experts who helped shape the new OWASP standard.
<p></p>
<p>Learn more about:</p>
<ul>
<li>What each risk category means in practice</li>
<li>Concrete steps to map the Top 10 into your threat models, control frameworks, and SOC workflows</li>
<li>How to operationalize the list across the enterprise</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzenity.io%2Fresources%2Fwebinars%2Finside-the-owasp-top-10-for-agentic-applications%3Futm_source=referral%26utm_medium=sponsored%26utm_campaign=tldr%26utm_content=infosec-primary-jan19-cta1/4/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/vfzXLDU12P51TYJF2yuHqht71-ODDkAeEErp_badUDo=440" rel="noopener noreferrer nofollow" target="_blank"><span>Register now >></span></a></p>
<p><strong>Ready to go deeper?</strong> Get certified with Zenity's <em>Learning Lab</em> series, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fzenity.io%2Fresources%2Fwebinars%2Ffoundations-of-ai-security%3Futm_source=referral%26utm_medium=sponsored%26utm_campaign=tldr%26utm_content=infosec-primary-jan19-cta2/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/1ZnsYgK63Rs1a4yXzRk747HDjXB-MStFLDGmg-OlI6E=440" rel="noopener noreferrer nofollow" target="_blank"><span>Foundations of AI Security, What, Why, and How</span></a>, and equip yourself with the necessary tools to <strong>adopt secure AI at scale</strong>.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.promptarmor.com%2Fresources%2Fclaude-cowork-exfiltrates-files%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/aaauBoh2ChQp82LELIrG84iftzD2x_soVMhC4wdJolM=440">
<span>
<strong>Claude Cowork Exfiltrates Files (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude Cowork is a new general-purpose agent now available in research preview. It is vulnerable to indirect prompt injection via uploaded files and can be abused to exfiltrate sensitive documents. This attack exploits a previously reported, unremediated vulnerability in the Claude sandbox that allows network connections to the Claude API.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fgrubhub-confirms-hackers-stole-data-in-recent-security-breach%2F%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/lvdD7FiE_rcGUUmBGsXpjk854X6Kyg2DJsbkjPakTTI=440">
<span>
<strong>Grubhub Confirms Hackers Stole Data in Recent Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Grubhub has confirmed that an unarmed threat actor accessed its systems and stole data. While Grubhub has not confirmed the identity of the threat actor, sources have reported that the ShinyHunters group is extorting the company. The threat actor is reportedly extorting the company to prevent the leak of data from an older Salesforce instance and to prevent the theft of data from the company's current Zendesk platform.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F16%2Fhow-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east%2F%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/ljs2BLu5s0jU68wI1BNawwQnvJaImoi0UUHvhgfRtF0=440">
<span>
<strong>How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A phishing campaign delivered via WhatsApp targeted Iranian activists, academics, government officials, and business leaders across the Middle East, stealing Gmail credentials with 2FA codes, hijacking WhatsApp accounts via malicious QR codes, and attempting to exfiltrate location data, photos, and audio recordings. An exposed attacker server revealed 850+ records affecting fewer than 50 confirmed victims, with infrastructure registered as early as August 2025 using DuckDNS for domain masking. Security researchers noted hallmarks consistent with IRGC-linked spearphishing, though financial motivations have not been ruled out. Users should avoid clicking unsolicited WhatsApp links and regularly audit linked devices.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.mantrainfosec.com%2Fblog%2F18%2Fprepared-statements-prepared-to-be-vulnerable%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/aNx1miC6LYnFtZx6fpC4C2iYv4XDo34soItUT8ef_h8=440">
<span>
<strong>Prepared Statements? Prepared to be Vulnerable (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prepared statements are a standard recommendation to solve most SQL injection issues. This post demonstrates a technique discovered while working on a pentest for manipulating prepared statements in JavaScript applications using the mysql or mysql2 package. The packages convert arrays and JSON objects to SQL fragments by default, which could allow an attacker to perform SQL injection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdanielmiessler.com%2Fblog%2Fthoughts-on-prompt-injection-opsec%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/bLfcmm6GQtN0hbYcJGeRQm8e8bydUNRmst0PoJ2DqfE=440">
<span>
<strong>Thoughts on Prompt Injection OPSEC (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prompt injection prompts are akin to 0days and should not be published. Prompt injection prompts that are not customer-specific should be shared because attackers already have access to prompt injection strings, so the benefit to defenders of seeing real-world threats outweighs the risks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fblog%2Fhow-threat-actors-are-using-self-hosted-github-actions-runners-as-backdoors%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/DkXdpQwk3nkCaITbKDjCQfGPh4D-_D6avNTN1YzUzU8=440">
<span>
<strong>How threat actors are using self-hosted GitHub Actions runners as backdoors (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Shai-Hulud worm demonstrated how attackers weaponize self-hosted GitHub Actions runners as persistent backdoors by installing rogue runners on compromised machines and using GitHub Discussions as a command-and-control channel via intentionally vulnerable workflows with command injection. The technique exploited the RUNNER_TRACKING_ID=0 environment variable to bypass process cleanup and achieve persistence, while all traffic flowed to github.com, evading traditional network defenses. Security teams should audit runner inventories for unauthorized registrations, implement ephemeral runners, restrict self-hosted runners to private repositories only, and deploy runtime detection for persistence techniques.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block"><span><a href="mailto:itcurator@tldr.tech"><span><strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong></span></a>
<br>
<br><span style="font-family: ;">We are launching a brand new newsletter covering IT and enterprise tech. We already have <strong>500,000+ subscribers</strong> waiting for the first edition.<br>We need a domain expert to curate and write the daily summaries. If you want to be the voice of the IT industry, please send your resume or LinkedIn to <a class="c-link" href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPawelKozy%2Fmcp-breach-to-fix-labs%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/oqJVBnfM8l5K0uaw-bs2u1AqVGAtofy66rtlu0Hmac4=440">
<span>
<strong>MCP Breach-to-Fix Labs (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This repository contains a collection of 10 MCP challenges reproduced from real CVEs and public incident reports.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkozmer%2Fsigdream%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/R11VnKFwizyiAO2vk5QKaktKmk_bEtLxPPNYbJHkin4=440">
<span>
<strong>sigdream (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sigdream provides a sigreturn-oriented programming-based sleep obfuscation library that encrypts PT_LOAD segments and the heap.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fineesdv%2FTangled%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/kDtmWHdlykH6bbGdTmjIsRR132081NeDODdKQyxAtYk=440">
<span>
<strong>Tangled (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tangled is a phishing platform that weaponizes iCalendar rendering features in Microsoft Outlook and Gmail to automatically add spoofed meeting invites to targets' calendars without user interaction. The tool automates the delivery of social engineering campaigns and runs as Docker containers, with a web-based dashboard for managing phishing operations. Red teams can use this to test an organization's susceptibility to calendar-based phishing attacks that bypass traditional email security controls.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FgwFMpJ/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/Pp4wnWesu665RIXuKKlgREMP7X5lKQd-0FFIjQtlIaw=440">
<span>
<strong>npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
npm has announced a new release strategy called staged publishing to protect against future compromises in the wake of 2025's Shai-Hulud supply chain compromises. Staged publishing will complement npm's previous credentials safety efforts by requiring new project releases to be manually approved via an MFA-verified maintainer. Package maintainers have expressed a need for more registry-level protections after npm's chaotic removal of classic tokens.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cybersecuritydive.com%2Fnews%2Fcritical-flaw-in-aws-console-risked-compromise-of-build-environment%2F809745%2F%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/ScRcr3pz-qnDqjt6WjlsIgig0X1f2Mc8f7b_7ihFyJc=440">
<span>
<strong>Critical Flaw in AWS Console Risked Compromise of Build Environment (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Wiz discovered a vulnerability in the way CodeBuild CI pipelines handled build triggers. This vulnerability could have been exploited to take over AWS repositories, including the AWS JavaScript SDK, which powers the AWS console. AWS immediately took steps to remediate the vulnerability before any exploitation occurred.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fysamm.com%2Funcategorized%2F2026%2F01%2F17%2Fmath-random-facebook-sdk.html%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/-yeMMHbdt58F-Kf7G-bjd5Ag62mveeOs-l15Y2QL6kM=440">
<span>
<strong>Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher chained multiple vulnerabilities in Facebook's JavaScript SDK to achieve account takeover in the Facebook mobile app, exploiting Math.random() for callback identifier generation, DOM XSS via unsanitized SVG injection in the Customer Chat plugin, and X-Frame-Options bypass in mobile webviews. The attack reconstructed the PRNG state by forcing plugin iframe reinitializations and observing leaked window.name values, enabling prediction of security-critical callback identifiers. Meta awarded a $66,000 bounty and fixed the vulnerability in December 2023.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F01%2Fblack-basta-ransomware-hacker-leader.html%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/kbt6l7eHGMLRqFevK50-kEqXOL0GT2JgaidLV_pDcHo=440">
<span>
<strong>Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ukrainian and German authorities have identified Black Basta's alleged leader as Oleg Nefedov, a 35-year-old Russian national with suspected FSB/GRU ties.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-releases-oob-windows-updates-to-fix-shutdown-cloud-pc-bugs%2F%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/oeBwDb93RwboC_EMIFjJydMHUBlncwGRRFU8KLZIXuA=440">
<span>
<strong>Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft released emergency out-of-band updates for Windows 10, Windows 11, and Windows Server to fix credential prompt failures blocking Cloud PC sessions and shutdown issues on Secure Launch-enabled devices caused by the January 2026 Patch Tuesday updates.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Frainbow-tables-enabling-ntlmv1-hack%2F%3Futm_source=tldrinfosec/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/nUcfVpCGfr2oaw6_tbNaxifXkgO5kl5aFmeU7cK6Cig=440">
<span>
<strong>Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Organizations should immediately disable NTLMv1 and enforce NTLMv2-only authentication.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/LPB0ivZXPKkUIIwUmZG2b8bF-3nYy13AK74vxSpkrYc=440" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/61_4PFHetBJ2WQCWwoqBLUPJFwYfVyB7VAm5yX5h1Wk=440" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/UzpQOU5JgrOUs6sanF1pP1QJksGqUPLddAg8HWT2Oek=440"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/Z_asLH4ZBSMJhWZHvA1nOXoeC1QyjaYIooDCu0737_A=440" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/y7SuJGZeEdW_FLL-SFl3hYhNX-_zWWGU0MAzp2JiKj0=440" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/JjRQ5rvf_ell387b_fXbNfjJMYtdRE_zCvj2AefvZQA=440" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/yiWlTDV3rl7QZzu_NM4oJVLRKTFZOwiD9U0VUfbdS8s=440"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/gHiklAIHHBs4cE_UYlWLj1mn_8yDVKF5xP9c9HU7Vvc=440"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/WpDuMVfCafVi2rtTOuPduEZZ7EVZPPqcx0DXJboC0Fs=440"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/AOZm2KG2utCL44lsH5PeUZhOSUMoxKJYVgUVA8UsSDM=440">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5a419ca6-f4f8-11f0-a7a7-63b936149216%26pt=campaign%26pv=4%26spa=1768831312%26t=1768832781%26s=a5c558149e899494cee8d2bf9c2d2d76cab165f1e798c5c38670d5c3f6545d5c/1/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/skw-Mu61aSQK2lHM6NVAcLs3Fpv-qBXt5LWwOEMp1Rw=440">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019bd6a64db8-b04b3d09-2e51-4696-beb8-7a1446f55015-000000/KMYvb_AuFQ22cPaHiTh-RcpT-Vr4iHlUzSTwJQtNS_M=440" style="display: none; width: 1px; height: 1px;">
</body></html>