<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Cyata discovered three prompt-injection vulnerabilities in Anthropicβs reference MCP server for the git implementation. β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/cp-nkY9p29IPQTU_uOwGPUmlqN_i175g6chOVCyPFio=441" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/kTl6TToGoh10BhN1Dyfo9ewpbHkZ7WfopZY63ayusMc=441" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=00027c1c-f75d-11f0-88c6-7d25555472e2%26pt=campaign%26t=1769090828%26s=8924aa5c9069d933a0c740ffc84c00530706796a572d0064080645abc16f6a8d/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/B4SpAXgFbc_n8fSUO0EV3tqFEQJSwgYZ1gp9boCync8=441"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fschedule-a-demo%3Futm_campaign=33098793-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Primary%25202%2520January%25202026%26utm_source=sponsorship%26utm_medium=newsletter%26utm_content=demo/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/OVx7T3ba6-MT0a6xdYyfzUunb54qd179bOGGmObEO5E=441"><img src="https://images.tldr.tech/dropzone2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Dropzone"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-01-22</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fschedule-a-demo%3Futm_campaign=33098793-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Primary%25202%2520January%25202026%26utm_source=sponsorship%26utm_medium=newsletter%26utm_content=demo/2/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/LA8qGy4JB19S26zym-P3l83KJG9jEdcmYc9YK-6ZlNo=441">
<span>
<strong>Your Team Can't Keep Up With Alert Volume. AI SOC Agents Can (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hiring can't solve this. Training takes too long. Analysts burn out and quit. Meanwhile, critical alerts pile up while your team wastes time on false positives.<p></p><p>SOC teams using AI SOC analysts to handle alert overload:</p><ul><li>Indiana Farm Bureau: 75% less manual work</li><li>Assala Energy: 70% fewer false positives, 5X faster</li><li>CBTS: 50% more alert volume, zero new hires</li></ul><p>AI agents cut investigations from 25 minutes to 3-10 minutes. 10X capacity, same team.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.dropzone.ai%2Fschedule-a-demo%3Futm_campaign=33098793-%255BDigital%2520Sponsorship%255D%2520TLDR%2520InfoSec%2520Newsletter%2520Primary%25202%2520January%25202026%26utm_source=sponsorship%26utm_medium=newsletter%26utm_content=demo/3/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/daxk7ZH-5Nrw2TX0XkS8xhZjfgiK8UOmJWbPNVJNfBI=441" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Schedule Your Demo β</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fn59Has/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/7xwFKQVDpOloLo8NweVPnJ5qn0VSWCTkaNsfOv0xukE=441">
<span>
<strong>Vulnerabilities Threaten to Break Chainlit AI Framework (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zafran Security disclosed two high-severity vulnerabilities in Chainlit, an open-source AI chatbot framework with over 200,000 weekly PyPI downloads. CVE-2025-22218 (CVSS 7.7) enables arbitrary file reads via the custom elements API, while CVE-2026-21219 (CVSS 7.0) is an SSRF flaw affecting SQLAlchemy implementations. Combined exploitation could allow attackers to steal AWS credentials from EC2 instances running IMDSv1 and achieve cloud account takeover. Version 2.9.4 patches both vulnerabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F01%2F20%2Fcloudflare_fixes_acme_validation%2F%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/fnTNPCXqzKeK-J_T3sb0oAsCoJ_Wwyet52zq1eU2MsQ=441">
<span>
<strong>Cloudflare Whacks WAF Bypass Bug That Opened Side Door For Attackers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare has fixed a vulnerability in its WAF that could allow attackers to bypass security rules and directly access origin servers. The vulnerability emerged when Cloudflare disabled security features upon receiving an HTTP-01 ACME challenge without verifying that the challenge token was valid. Cloudflare remediated this issue with no customer action by disabling WAF features only when the challenge token matches a legitimate token for that domain.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fprompt-injection-bugs-anthropic%2F%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/cORVmHmOxkSrW0z7W_79HVPbZmlB4xJ0ac0Z1hvaR4U=441">
<span>
<strong>Prompt Injection Bugs Found in Official Anthropic Git MCP Server (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cyata discovered three prompt-injection vulnerabilities in Anthropic's reference MCP server for the git implementation. The vulnerabilities could allow an attacker to execute arbitrary code when the MCP server is used alongside a filesystem MCP, delete arbitrary files, and load arbitrary files into an LLM's context. They arise from mcp-server-git failing to properly validate repository paths or sanitize arguments passed to Git commands.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.detectionatscale.com%2Fp%2Fai-threat-hunting-mcp-workflows%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/M8juPrC40kH2tRP6DW1n8jdGgQc3kn2NDwlVXV_Di6E=441">
<span>
<strong>Threat Hunting with Claude Code and MCP (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This guide demonstrates how to use Claude Code with Model Context Protocol servers to compress days of manual threat hunting into hours by connecting AI agents directly to security data lakes for hypothesis-driven investigations. The workflow involves stakeholder alignment on three to five priority threats from threat models, then deploying reusable "Skills" that teach agents hunting methodologies, such as the pivot loop pattern for correlating indicators across time, identity, network, and host dimensions. Hunt outputs include structured findings with confidence assessments and detection coverage gaps that translate directly into detection-as-code rules.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.ryanjarv.sh%2F2026%2F01%2F05%2Funauth-aws-rosa-cluster-takeover.html%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/sjSgrk0JXyjJ5QiUUNlg8fM9Nh650h2cmaWEplmF3Vc=441">
<span>
<strong>Unauthenticated Cluster Takeover in AWS ROSA (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher discovered a critical vulnerability in the Red Hat OpenShift Service affecting AWS ROSA Classic clusters that could allow unauthenticated full cluster takeover. The vulnerability lies in the cluster transfer endpoint, which checks only whether the recipient has the ability to accept a cluster, not whether the requester owns the cluster, allowing an attacker to take over a cluster with only the cluster_uuid and username. Unauthenticated requests to the cluster's web console settings endpoint return the cluster_uuid and the owner's email address, which could be used to guess their username.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Fldap-active-directory-detection-part-three%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/76Kp4RPN18SHh4AiosdzC6A_0uuCw_E65uqrjhq0ubw=441">
<span>
<strong>SDFlgs - The Log Field I'd Been Ignoring That Unlocked Attack Path Detection (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SDFlags is a field that controls which security descriptor information is returned in queries and is used extensively in BloodHound and SharpHound. Querying for nTSecurityDescriptor fields (Owner, Group, DACL, or SACL) opens the door to attack path mapping. Conversely, legitimate tools almost never set SDFlags when running AD queries, opening up a new detection opportunity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_wf_ds_wf-idv_tldr-wf-idv-solution/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/-__cqLZm0KiEdO5dxpi6-BLf3RlRMIuysM1k5Qf-sQI=441">
<span>
<strong>Secure your workforce at every stage of the employee life cycle (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Secure your workforce without slowing teams down. Persona verifies employees, contractors, and vendors in seconds β automating identity checks to eliminate manual work and stop impersonation attacks.<p></p><p>Integrate with your existing security stack to strengthen access control, streamline onboarding, maintain compliance, and scale globally.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_wf_ds_wf-idv_tldr-wf-idv-solution/2/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/-nSwCdNMV1NpmFarsJa9uu12r6FtIp2fg_ZtddM27zY=441" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more today</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FMHaggis%2FNEBULA%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/eOaYzWqMBCeJGpzMqmvZC6P-8W_1gx3D3bORHc8cRcE=441">
<span>
<strong>NEBULA (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nefarious Execution & Behavioral Unit for LOLBAS Attacks (NEBULA) is an interactive PowerShell TUI for testing and exploring Windows execution techniques, COM objects, WMI methods, and LOLBAS techniques.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FCSPF-Founder%2Fdarwis-taxii%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/oOzIxukM8IMemBTJnxhW8ikafLcWdj0LW7Pr6KFpErs=441">
<span>
<strong>DARWIS TAXII (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DARWIS TAXII provides a high-performance Trusted Automated eXchange of Indicator Information (TAXII) server written in Rust. It's a Rust port of EclecticIQ OpenTAXII.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fm3MXNi/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/89GVOCQcbnSLClCBJtiVPwvZJ_OwB0rBVLh6Jz0aXF4=441">
<span>
<strong>Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Socket launched a Threat Intel page with campaign tracking that identifies whether organizations are affected by active supply chain attack campaigns targeting package registries like npm. The feature groups related malicious packages under single campaigns (such as Shai-Hulud and Contagious Interview), displays Safe/Impacted status for each organization, and provides direct links to affected repositories with ecosystem filtering for npm, PyPI, and Maven. Security teams can immediately assess exposure to coordinated attacks without cross-referencing advisories or running custom scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mayerbrown.com%2Fen%2Finsights%2Fpublications%2F2026%2F01%2Fhong-kong-issues-code-of-practice-under-the-protection-of-critical-infrastructures-computer-systems-ordinance%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/bB2H1MyjuFz7wWnKwjZUt93dl0lvZZGKLqacMjoZCnc=441">
<span>
<strong>Hong Kong issues Code of Practice under the Protection of Critical Infrastructures (Computer Systems) Ordinance (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hong Kong's Office of the Commissioner of Critical Infrastructure issued a Code of Practice on January 1 that translated the Protection of Critical Infrastructures Ordinance into specific compliance requirements for critical infrastructure operators. The CoP establishes criteria for Critical Computer System designation (including SCADA and industrial control systems), defines material change notification triggers, mandates security audits and management plans, and clarifies incident reporting timelinesβ12 hours for serious incidents affecting service levels or causing data breaches, and 48 hours for other security incidents. Critical infrastructure operators should treat the CoP as the operative compliance benchmark and implement structured governance programs aligned with its technical baselines, security audit requirements, and incident response protocols to meet supervisory expectations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemiengineering.com%2Fa-novel-side-channel-attack-that-utilizes-memory-re-orderings-u-of-washington-duke-ucsc-et-al%2F%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/aR-xO9nrYbaTleTYEdmTppi4EGmAq8uRc2vaNXNQ38w=441">
<span>
<strong>A Novel Side-Channel Attack That Utilizes Memory Re-Orderings (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Memory DisOrder is a timerless side-channel attack that exploits memory re-orderings in relaxed memory models to infer cross-process activity on mainstream CPUs (X86/Arm/Apple) and GPUs (NVIDIA/AMD/Apple). The technique demonstrated covert channels achieving up to 16 bits/second with 95% accuracy on Apple M3 GPU, reliable DNN architecture fingerprinting, and potential throughput of nearly 30K bits/second on X86 CPUs when exploiting low-level system details. Organizations should monitor for emerging mitigations as this vulnerability class, which affects parallel processing units, becomes better understood.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FcMGFQd/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/9A5P1RJ72mwHQE1Z8utiQ1BTAvlrcvHLjbqpROfAKM0=441">
<span>
<strong>Phishing Campaign Zeroes in on LastPass Customers (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An ongoing phishing campaign targeting LastPass customers began around January 19, using LLM-crafted emails with plausible subject lines urging users to "back up their vaults" before scheduled maintenance. The phishing emails direct victims to credential-harvesting sites designed to capture master passwords, potentially compromising entire password vaults. Organizations should alert users to verify email sender addresses, enable MFA on password managers, and report suspicious LastPass-branded emails.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F01%2F21%2Fcurl_ends_bug_bounty%2F%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/sWsKMiQZO-VwhlCgu4wUjdxUGAV0gSZKIgh-p3UV94c=441">
<span>
<strong>curl Shutters Bug Bounty Program to Stop AI Slop (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
curl will stop paying for vulnerability submissions, hopefully reducing the number of AI-generated false submissions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F20%2Ftrump-administration-admits-doge-may-have-misused-americans-social-security-data%2F%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/iS41VhIAF20GbFSHw95IyqM0YSNNgblrMayS_aX8LUY=441">
<span>
<strong>Trump Administration Admits DOGE May Have Misused Americans' Social Security Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
According to court documents, two members of DOGE may have accessed and shared SSNs in an effort to help an advocacy group βoverturn election results in certain states.β
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zerodayinitiative.com%2Fblog%2F2026%2F1%2F21%2Fpwn2own-automotive-2026-day-one-results%3Futm_source=tldrinfosec/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/hffjXhmpawk7t0AkH6gyb7mqv9OoYh6kkB0j2Fi5MGY=441">
<span>
<strong>Pwn2Own Automotive 2026 - Day One Results (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pwn2Own Automotive 2026 Day One awarded $516,500 for 37 unique zero-days across IVI systems, EV chargers, and Tesla Infotainment, with Fuzzware.io leading the Master of Pwn competition.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/W2uxN0lBziw37Dx02hnPdxiC2ikH5_q3yu9e2GoLSZE=441" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/8SoKLINnOblVrTabGlc93Nbr-UVmhCSA-jmukb6rg48=441" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/lY70Tu2BoUr1sAOg6vUiaCtqxl2Afe_9iEevMZ2amnw=441"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/1VwAnj43n-XWs31qbgu9MkurjxKBncIsIAR-DArZaTo=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/pfwJjukuHYfMMAJTZpkQbTbWbjdjNTvSfm3NmMFGAVw=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/gw81ZIjkdFoSk9UQ8APqH8q5iwYw0uoUgcBWAPt1uTo=441" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/9-bq_NQOnmNOuZQMeBiYyKq01Gh2-ains9Koi2SYZa4=441"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/1x9f1HpZlyoB2bK2qV_SDiYKlbNLDSuwm3kfYUgbsaM=441"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/gvO1CE_u353hP4CFVpALFOnaZkeEJjSKJC6JIK-VZBk=441"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/nt93IT3mo02PKoMwyq2AtI-HOoSJ_jE1KT-uJ7l3TXI=441">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=00027c1c-f75d-11f0-88c6-7d25555472e2%26pt=campaign%26pv=4%26spa=1769090478%26t=1769090828%26s=2f6c58bc042a3c3d16f8a5a1ff689dbdec7355e4541fb079b2fe19985b7b19e8/1/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/p0I0n9ovLfGMM-otds0nKd9R0X0M28bxOn-LazSzebE=441">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019be607ca00-e7f98224-9eca-4006-86db-417c1828ffec-000000/dTbUgSRJMie0RRzccuB0DFv8cnX7BX45Uuf6tpFXKO0=441" style="display: none; width: 1px; height: 1px;">
</body></html>