<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A new APT campaign led by the North Korean Konni hacking cluster has been discovered. The attackers are targeting victims with spearphishing emails β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/eNJ6uTFM145dyBRdnUZiDlQeY2qqd5oSafCEktMR8Cc=441" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/MIOSxisPIiGF4Cx-D6vuqqzfESjUZPXn0T1KBuJoXpQ=441" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4eb70e32-f5ef-11f0-8cb6-d7b845102d04%26pt=campaign%26t=1768918032%26s=04eeabb8a0c433caf02d44d1641735e10051e1a906ab8f9c914790e04da2aa38/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/nR1RXcJeFN9cVVx5C48e-bQYgAZ-IfJnWeUf_dDETVM=441"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="mailto:itcurator@tldr.tech"><img src="https://images.tldr.tech/tldr50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="TLDR"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-01-20</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech. We already have <strong>500,000+ subscribers</strong> waiting for the first edition.<br>We need a domain expert to curate and write the daily summaries. If you want to be the voice of the IT industry, please send your resume or LinkedIn to <a class="c-link" href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.upi.com%2FTop_News%2FWorld-News%2F2026%2F01%2F19%2FNorth-Korea-hackers-Konni-spear-phishing-APT-Genians%2F5761768807686%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/BHNRO-WBMKL73Ruq16JEdTkFINHM68MQ2ec6_TSmcqg=441">
<span>
<strong>North Korea-Linked Hackers Pose as Human Rights Activists (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
South Korean cybersecurity firm Genians has flagged a new APT campaign led by the North Korean Konni hacking cluster. The attackers are targeting victims with spearphishing emails posing as North Korean human rights activists and South Korean financial institutions. The attackers use common click-tracking services to obfuscate the redirect links used to deliver malware.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fgadgets%2F2026%2F01%2Fresearchers-reveal-whisperpair-attack-to-eavesdrop-on-google-fast-pair-headphones%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/v4KyVIaMmWtJr9oYPgjyW1ZsZq9d5kEnQVXswJZombA=441">
<span>
<strong>Many Bluetooth Devices With Google Fast Pair Vulnerable to WhisperPair Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Belgian security experts have identified a new flaw in Bluetooth devices using Google's Fast Pair. This vulnerability enables attackers to take control of devices to manage audio, track location, or listen to microphone audio. The issue occurs because devices accept Fast Pair connections even outside pairing mode. An attacker can hijack a device in about 10 seconds from a distance of up to 14 meters.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjohncodes.com%2Farchive%2F2026%2F01-18-all-your-opencodes%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/6V9p-RCjDBPzPrYTEmuMm0QnSTLXxgGBjGpTQwHYROA=441">
<span>
<strong>all your OpenCodes belong to us (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenCode versions before v1.1.10 contained a critical RCE vulnerability via an unauthenticated HTTP server that exposed endpoints for arbitrary shell command execution, interactive terminal session creation, and arbitrary file reads. The vulnerability also enabled prompt injection into the LLM's context window, creating a secondary attack vector to manipulate the AI agent into exfiltrating data or performing malicious actions. Thousands of developers' machines were exposed with near-zero sandboxing, meaning agents had full access to SSH keys, cloud credentials, and browser cookies, with no audit trail of potential compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4118264%2Fservicenow-bodysnatcher-flaw-highlights-risks-of-rushed-ai-integrations.html%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/vP14GDzldn6jJJoSZ438N8CKs2e160vj0r9ycVIDreQ=441">
<span>
<strong>ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BodySnatcher is a critical vulnerability in ServiceNow's Now Assist AI Agents and Virtual Agent API that allows unauthenticated attackers to execute agentic workflows as any user by exploiting weak authentication defaults and auto-linking featuresβpotentially creating backdoor admin accounts. ServiceNow patched hosted instances in late October (Now Assist AI Agents 5.1.18/5.2.19+ and Virtual Agent API 3.15.2/4.0.4+), but the underlying misconfigurations may persist in custom code and third-party integrations. Organizations should enforce MFA with proper validation scripts for Virtual Agent API providers, enable AI steward approval in AI Control Tower, and regularly audit and disable unused AI agents.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkubernetes.io%2Fblog%2F2026%2F01%2F09%2Fkubernetes-v1-35-kuberc-credential-plugin-allowlist%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/aGMTAokykljqORD5MPgAmAc3-Bcmzx2Z06f2EOzwVLA=441">
<span>
<strong>Kubernetes v1.35: Restricting Executables Invoked By kubeconfigs via exec Plugin allowList Added to kuberc (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
kubeconfigs can run any executable via the configured exec plugin, which is used to obtain credentials. Kubernetes v1.35 adds two new fields, credentialPluginPolicy and credentialPluginAllowlist, which can be used to restrict the executables that are available to kubectl for obtaining credentials. Currently, the only supported attribute for the allow list is `name` (for an executable name or path), but the SIG is looking to add further support, such as checksums, in the future.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F16%2Fhow-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/DeWcboBmPl8HrLz4Ukmz0K9s-BZj2nQ_8Hb4NzGxf9E=441">
<span>
<strong>How a Hacking Campaign Targeted High-Profile Gmail and WhatsApp Users Across the Middle East (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TechCrunch has received a sample of a phishing link that is being sent to those connected to βIran-related activitiesβ from a UK-based Iranian activist. The initial contact is sent to the victim via WhatsApp and contains a phishing link that directs them to a malicious site that attempts to steal the victim's Gmail credentials, hijack the victim's WhatsApp account, monitor the victim's location, and capture audio and video. The attackers use the DuckDNS dynamic DNS provider to mask their links.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4qeVDRM%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/yhMvrjDC5Bhx7aeNj3C5PZKNk2a3SZVO4L2qrPsTzew=441">
<span>
<strong>Your CNAPP detects. Turbot prevents. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CNAPPs provide visibility into cloud risks but rely on manual remediation after deployment. Pair them with preventive controls and shift from reactive to proactive. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4qeVDRM/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/pXyVtrrsQNSdM3IMMsMouNSWgn6AGISz5xNevYRgKvg=441" rel="noopener noreferrer nofollow" target="_blank"><span>Turbot Guardrails</span></a> doesn't just scan and alert. It blocks misconfigurations in build, at the cloud provider API, and auto-remediates drift in runtime, preventing issues regardless of how they're introduced. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4qeVDRM/2/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/EqnnireR4rCmL_Pu4GXUNCbVVvMISJtMNcidUlcK06Y=441" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FNasirzadehMoh%2FCoLog%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/jiG9iDeQip0HYSkva7V9gapUpmDy0fbuyssom-ReXNU=441">
<span>
<strong>CoLog (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CoLog is a unified framework for detecting point and collective anomalies in operating system logs via collaborative transformers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FNebulock-Inc%2Fagentic-threat-hunting-framework%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/G9JFprNOXnVxZi0vPvH-gSgn7hJbE-wNWYB3_CHZipw=441">
<span>
<strong>Agentic Threat Hunting Framework (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Agentic Threat Hunting Framework (ATHF) provides a memory and automation layer for threat-hunting programs. It can integrate with any threat-hunting methodology, making existing programs AI-ready.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FDenizParlak%2Fheimdall%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/D1UWahySiVh9Cwb2x_tG8E1aFm3two9vSg4H8Hn9bJY=441">
<span>
<strong>Heimdall (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Heimdall is an AWS security scanner that discovers privilege escalation paths by detecting 50+ IAM privesc patterns, analyzing 85+ attack chains with MITRE ATT&CK mapping, and scanning 10 AWS services for cross-service escalation vectors. The tool includes a Terraform engine for shift-left security that identifies IAM attack paths in infrastructure-as-code before deployment, differentiating it from static config scanners like tfsec or checkov. Features include an interactive TUI, one-command dashboard, multi-hop path detection through role chains, and SARIF export for GitHub Security integration.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudsecurityalliance.org%2Fblog%2F2026%2F01%2F05%2Faws-ends-sse-c-encryption-and-a-ransomware-vector%23%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/OSMsd4n4J9-LaU_TYRQ0LY9HGaXT2aVOxG6_-Wh3wu8=441">
<span>
<strong>AWS Ends SSE-C Encryption, and a Ransomware Vector (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS will end support for AWS SSE-C as an encryption option for S3, following its discovery in ransomware campaigns. SSE-C was a rarely used encryption method for S3 that allowed customers to supply an encryption key for use in S3 API requests. This was useful for ransomware operators because AWS never had access to the key, and it was quieter than alternative methods like KMS. Organizations can use KMS with customer-managed keys (CMK) or client-side encryption to replace the functionality.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fscotthelme.co.uk%2Fblink-and-youll-miss-them-6-day-certificates-are-here%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/NTnNbYZKR5QVOOII0v_9nXfaUObSnrISRTg2dG3PeLk=441">
<span>
<strong>Blink and you'll miss them: 6-day certificates are here! (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Let's Encrypt has made 6-day TLS certificates publicly available through its short-lived certificate profile, well ahead of the 2029 industry mandate that reduces maximum validity to 47 days. Google Trust Services also offers short-lived certificates with configurable validity periods as short as a single day. Organizations already using ACME clients for automation can adopt these shorter validity periods with minimal operational changes, since the increased renewal frequency is handled automatically.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F01%2F19%2Fingram_micro_ransomware_affects%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/pYPlV7RB4R3NeIXchydDKs_ZS3qhEU-1-uJe4PZmxvA=441">
<span>
<strong>Ingram Micro admits summer ransomware raid exposed thousands of staff records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ingram Micro disclosed that the SafePay ransomware group's July 2025 attack compromised the personal data of 42,521 employees and job applicants, including names, identity document numbers (passports, driver's licenses, and SSNs), and employment evaluations. The attackers claimed to have stolen 3.5 TB of data, and the incident forced system shutdowns that prevented MSPs from managing customer services and sent some regional staff home. Customers criticized the distributor's poor communication during the incident, with some unable to locate attack updates without external assistance.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fagentic-browser-security-2025-year-end-review%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/lLpAFTFtv8B4rA9xU4MjqOxOSXzJiHGMAMQHPr9DgIc=441">
<span>
<strong>Agentic Browser Security: 2025 Year-End Review (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wiz reviewed 2025's surge in agentic browser adoption alongside numerous prompt-injection vulnerabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FYR5JrJ/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/n9P13RCVW2t67sO8_kv5aVth90yOTk8BsxvTPF7LTMY=441">
<span>
<strong>Malicious Chrome Extension Crashes Browser in ClickFix Variant 'CrashFix' (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A malicious Chrome extension called NexShield impersonates uBlock Origin Lite and crashes the browser to display fake security warnings that trick users into running PowerShell commands, deploying the ModeloRAT trojan on corporate systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fgo-1-25-6-and-1-24-12-vulnerabilities%2F%3Futm_source=tldrinfosec/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/q_0SsHFJjubXY3nSFOwy34bhrYQIBUro4X9x0tfXB9M=441">
<span>
<strong>Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Go has released emergency patches addressing six security flaws, including DoS vectors in archive/zip and net/http, arbitrary code execution via cmd/go's CgoPkgConfig and VCS toolchain handling, and TLS session key leakage issues.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/qvEIOKNxbhfXj0I-cZEnfSAVXJ9D8fHA5wYhMMWdaJk=441" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/UuOnSghe16krlm92i_F47u5aMg1rbGvlKRCmsuSjpe0=441" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/Aq_HrPjDFaUNaow6ClSqvP9scGB78oJEwggWHQqt0tw=441"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/xFhQdDV8vY4YQQ74QgrT1O3VRnctF7s4WJV_9bcFH_Q=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/yA3Vw7PxiFD6qKwCgWP8Q6JZtJmNGRLKZHlsMUgJhco=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/bJk7flUvSkQpiMpnzYA0tzTQgOg7Mn6CnuqyLoaMaKo=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/mFmSA3i6PT1GHUKQTSutvIuWpmHGae8Xv5K2aMvR4Uk=441"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/LveVaB4-h6fgVZBMJX0982j1h-tYPHkhi5Ps7_TLpHs=441"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/2JDYlzXD81SWwig2SIZ1o86tFHAY--dTtqOx_iE6zXI=441"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/k3xtZZQoAKZz2J2S0IpQhFoEA_G1ILondF3__1dmXIA=441">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4eb70e32-f5ef-11f0-8cb6-d7b845102d04%26pt=campaign%26pv=4%26spa=1768917714%26t=1768918032%26s=ddbcf07ca5ce57ad591d771e236be4d245f71c2160d6830f5d647d5575a51d5d/1/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/VAnCfc_ZxQDd74w3ERzG-qDPXDK8Ttp3YqlPtrn4z30=441">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019bdbbb2029-54330d99-5937-4bda-a39b-ee26e458492d-000000/gEFfFKYL_G0hwbTRqaMeF9lqCILBmxYNc8z-P9XM9J0=441" style="display: none; width: 1px; height: 1px;">
</body></html>