<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">An authorization bypass in Kubernetes allows service accounts with nodes/proxy GET permissions to execute commands in any Pod across the cluster β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/rumJKVNE8bP6fyrgaANaGLMgrg9ZIBI4-MLzW_cc9o0=442" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/AMtY4oIDqrp90Thm2YMhUjYdCXtWEe92466m1M8cmNM=442" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=35587bc8-fc08-11f0-8164-8b58ab9d10b6%26pt=campaign%26t=1769609243%26s=e7ab209a36bc8172c654d69df9ef30b6c422be5038d6e8f14ff4c27ba21854d3/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/zKvet3bolZk8AiHxT0tZIknqimKSgCb_Xn4UXqrUodw=442"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fresources%2Fcybersecurity-awareness-month-2025-poll%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=cybersecurity_awareness_month_poll_01282026_send/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/48tcpmA03qE-hoJ6lNurLxQiPsZ0evgvZ9H1HhbxKyg=442"><img src="https://images.tldr.tech/bitwarden.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Bitwarden"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-01-28</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fresources%2Fcybersecurity-awareness-month-2025-poll%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=cybersecurity_awareness_month_poll_01282026_send/2/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/MKiYdPwBb5PDhpJ20tAaseSVl-5GSBZEzbHgcjinC7o=442">
<span>
<strong>42% of kids ages 3-5 have unintentionally shared personal data online (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
It's 10 PM. Do you know what your child is doing online? <p></p><p>Cybersecurity <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fresources%2Fcybersecurity-awareness-month-2025-poll%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=cybersecurity_awareness_month_poll_01282026_send/3/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/1vqnZT_vLIV8oEXONBHd0nzDJLIF0fpgPvHm3BdhI6M=442" rel="noopener noreferrer nofollow" target="_blank"><span>leader Bitwarden surveyed over 1,000 US parents</span></a> with children ages 2 to 20. Surprises include:</p>
<p><strong>π</strong> <strong>28%</strong> of 3 to 5-year-olds browse online with minimal or no supervision from their parents.</p>
<p><strong>π</strong> <strong>80%</strong> of Gen Z parents fear their children will fall victim to AI-enhanced online threats, but <strong>37%</strong> give their child full autonomy or only lightly monitor their online activity.</p>
<p>π The good news? There's a simple step you can take today. Bitwarden makes it easy to protect what matters most. Secure your family's logins, payment info, and personal data in one place, giving you one less thing to lose sleep over. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=form_page_01282026_send/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/nVp7HpqSMm2PL3boZgdlEDHUMppncOtsxzDsdm4ndi4=442" rel="noopener noreferrer nofollow" target="_blank"><span>Try Bitwarden free today</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgrahamhelton.com%2Fblog%2Fnodes-proxy-rce%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/cg6eNGnLiM9spcwhg5C-tIeK1jumCR-cZGUosJyQnRw=442">
<span>
<strong>Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An authorization bypass in Kubernetes allows service accounts with nodes/proxy GET permissions to execute commands in any Pod across the cluster, potentially leading to full cluster compromise. The vulnerability stems from the Kubelet authorizing WebSocket connections based on the initial HTTP GET handshake rather than verifying CREATE permissions for the /exec endpoint, affecting 69 Helm charts, including Prometheus, Datadog, Grafana, and Cilium. Kubernetes Security Team closed this as "Won't Fix (Working as Intended)," recommending migration to KEP-2862's fine-grained authorization when it reaches GA in April.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fnetsupport-0-day%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/WfbdRDVPepsLkShEWGhUUslo2qYlzRW7aJEKg99-4Zg=442">
<span>
<strong>NetSupport Manager 0-Day Vulnerabilities Enable Remote Code Execution (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Two critical vulnerabilities in NetSupport Manager (CVE-2025-34164 and CVE-2025-34165) can be chained to achieve unauthenticated remote code execution through the software's undocumented broadcast feature, which operates on TCP port 5405 without requiring authentication. The flawsβa heap-based out-of-bounds write and a stack-based out-of-bounds readβenable attackers to bypass ASLR, perform arbitrary memory writes, and gain remote shell access, posing a significant risk to Operational Technology (OT) environments where the software is commonly deployed. Organizations should upgrade to version 14.12.0000 or later and restrict access to port 5405 as an interim mitigation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F01%2F26%2Fshinyhunters_okta_sso_campaign%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/cFLh7zTIL1IYLRmJ-jEFOXz7q93gRmsDvZsXz6ozjoo=442">
<span>
<strong>Canva among ~100 targets of ShinyHunters Okta identity-theft campaign (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters is running an Okta single sign-on credential-stealing campaign against roughly 100 high-value organizations, including Canva, Atlassian, RingCentral, and others. The group uses evolved voice phishing to capture SSO logins, enroll its own devices in MFA, pivot into SaaS apps, exfiltrate data, and then extort victims. There is no confirmation of which named firms were successfully breached.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2026%2F01%2Fwho-operates-the-badbox-2-0-botnet%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/AgMbIh5H5_0GBgjGihzwYWbe3nJOpK9q2wfC3HLoxeM=442">
<span>
<strong>Who Operates the Badbox 2.0 Botnet? (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A leaked screenshot from Kimwolf botnet operators revealed they had compromised the Badbox 2.0 control panel, exposing seven authorized user email addresses that OSINT investigation traced to Chen Daihai and Zhu Zhiyu of Beijing Astrolink Wireless Digital Technologyβindividuals whose domains were previously flagged in HUMAN Security's Badbox 2.0 report. The investigation used password reuse across breach databases, domain registration records, and social media pivots to connect qq.com email addresses to multiple Chinese technology companies distributing pre-infected Android TV boxes. This unauthorized access allows Kimwolf to bypass residential proxy mitigations by loading malware directly onto Badbox 2.0's 10+ million compromised devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fgadgets%2F2026%2F01%2Fhow-to-encrypt-your-pcs-disk-without-giving-the-keys-to-microsoft%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/ThwPiSMxHFihAzOBhM7H60_iXQGmhK3HJu-v2ODKGgI=442">
<span>
<strong>How to encrypt your PC's disk without giving the keys to Microsoft (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BitLocker encrypts Windows PCs to protect data, but many systems automatically store recovery keys with Microsoft when users sign in with a Microsoft account, creating a potential privacy risk if authorities obtain those keys. By upgrading to Windows 11 Pro, users can fully control BitLocker, decrypt any existing Microsoft-managed setup, and re-encrypt the drive while saving the recovery key locally, such as on paper or an external drive, rather than in the cloud.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fengineering.mercari.com%2Fen%2Fblog%2Fentry%2F20251202-llm-key-server%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/KqzpnLN_eM5rTC_yEWZKdDzS9umeH4X3kjD5Qy9BTGU=442">
<span>
<strong>LLM Key Server: Providing Secure and Convenient Access to Internal LLM APIs (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mercari's AI Security team developed a key server to address the challenge of managing API key-based access to LLMs. The key server uses Google Workspace and Google Cloud for OIDC authentication to LiteLLM, which provides time-limited API access to various models through a unified API. The team also developed an internal CLI, GitHub Action, and Google Apps Script template to support adoption of the LLM key server.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fimran-siddique%2Fagent-os%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/EPi1p2iXbE38eSD_fGv3i0FXE_EilVlQpybzOn8Sjfw=442">
<span>
<strong>Agent OS (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agent OS applies operating system concepts to AI agent governance, providing kernel-level policy enforcement that intercepts and blocks actions before execution rather than relying on prompt-based safety. The framework includes POSIX-inspired primitives such as signals, a virtual filesystem for agent memory, cross-model verification, inter-agent trust protocols with cryptographic signing, and integrations with LangChain, CrewAI, and OpenAI Assistants. An MCP server enables integration between Claude Desktop and tools for verification and kernel execution.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjekil%2Fawesome-hacking%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/EOukJNk3846sWcfy3CTGlDy0q9GFHZ8Ibx5UlSwL4X8=442">
<span>
<strong>Awesome hacking (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Awesome hacking is a curated list of hacking tools for hackers, pentesters, and security researchers. Its goal is to collect, classify, and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjxroot%2FZeroPulse%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/vsle8UT9lPNXnh_bN_tx75u-iLbX6v8ewCI7qsOfh7A=442">
<span>
<strong>ZeroPulse (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ZeroPulse is a comprehensive C2 platform that utilizes CloudFlare Tunnel technology. It is designed for secure remote management and monitoring.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Finformation-technology%2F2026%2F01%2Fodd-anomaly-caused-microsofts-network-to-mishandle-example-com-traffic%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/X37Zyvul3mrvejzHsT-MA4HBN_81O0mVvtU6MK0N-7Q=442">
<span>
<strong>Why has Microsoft been routing example.com traffic to a company in Japan? (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's autodiscover service was found routing email traffic for example.comβa domain reserved for testing under RFC2606βto subdomains belonging to Sumitomo Electric in Japan, potentially causing test credentials to be sent outside Microsoft's network. The misconfiguration, which may have persisted for five years, has been suppressed, but Microsoft has not explained how the Japanese company's servers were added to its network configuration. The incident raises concerns about other potential misconfigurations following Microsoft's 2024 breach, where forgotten test account privileges enabled Russian state hackers to monitor executive emails.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fventurebeat.com%2Fsecurity%2Fbrowser-security-gap-ciso-enterprise-breaches%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/B9KIjWdD_Ss-qcLY2OEggTYC75WYu99vMqULPGXRSXg=442">
<span>
<strong>Browser-based attacks hit 95% of enterprises β and traditional security tools never saw them coming (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
95% of organizations experienced browser-based attacks last year that evaded traditional security tools. Attackers operated inside trusted sessions where web gateways, cloud access brokers, and endpoint protection lose visibility after login. Recent incidents, including ShadyPanda's weaponized extensions and Cyberhaven's supply chain compromise, demonstrate how attackers exploit browser auto-updates and session tokens rather than zero-days. Security leaders recommend inventorying extensions, implementing 48-72 hour auto-update delays, and moving data protection to the browser layer, where 64% of encrypted traffic currently goes uninspected.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnoyb.eu%2Fen%2Fnoyb-win-microsoft-ordered-stop-tracking-school-children%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/FQwvGM5QvWwPnHftsTg4KB91h7sAB1BtIOnIBM-p6kM=442">
<span>
<strong>noyb win: Microsoft ordered to stop tracking school children (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Austria's data protection authority ruled that Microsoft illegally placed tracking cookies on a pupil's device through Microsoft 365 Education, using them to analyse behaviour, collect browser data, and support advertising. The authority ordered Microsoft to stop tracking the child within four weeks and rejected Microsoft's attempt to shift responsibility to its Irish subsidiary.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;"> <div class="text-block"><span><a href="mailto:itcurator@tldr.tech"><span><strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong></span></a><br><br><span style="font-family: ;">We are launching a brand new newsletter covering IT and enterprise tech.<br>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a class="c-link" href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!</span></span></div> </td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-can-bypass-npms-shai-hulud-defenses-via-git-dependencies%2F%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/HJKjU9PtCY_yjOnQxoVVOO_vQ87lQLCkHJtGnpdsm6I=442">
<span>
<strong>Hackers can bypass npm's Shai-Hulud defenses via Git dependencies (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers discovered "PackageGate" vulnerabilities in JavaScript package managers that allow bypassing npm's '--ignore-scripts' defense via malicious .npmrc files in Git dependencies, with pnpm, vlt, and Bun issuing patches while npm rejected the report as expected behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F868078%2Fgoogle-assistant-lawsuit-settlement%3Futm_source=tldrinfosec/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/GfzSAh-Qchg6OK3SFc0i8J2cCkI1e1KjBxXY9Qd_154=442">
<span>
<strong>Google will settle its Assistant spying lawsuit for $68 million (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has agreed to pay $68 million to resolve a class action lawsuit over βfalse accepts,β when Google Assistant devices recorded audio without users intentionally saying βOk Google.β
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FadUs5C/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/Fn6r52tUeMEDxoRDANo7v3vzj4A_fb40SwURsKnUDyg=442">
<span>
<strong>'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new malware-as-a-service kit called Stanley generates malicious Chrome extensions that overlay convincing phishing pages on top of real sites while keeping the legitimate URL visible through a fake productivity extension.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/79-GO9ey8GRgPUg1zG3qYsuLoBUKm6iPSZNBo0AdSlc=442" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/kKWIGlXC6RsgmfNO3nCYVabKabx_fQyKG8mIL190EGw=442" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/ugZiD9YrHg0EUKUd-sG8oPSB8j2TKBYCpYDcByHKwww=442"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/s9QGGaB2Szg5VdIPrzk3iyRM0IlHM_OU5O8aY0WcZC4=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/2wk_61jiXyyrJLp83jWbyBjrZ6pCwcx5Gcu1rJrer-Q=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/G6Sf9gS-xnNhA3QfmtWDySznbPB09Es-J-vsRZRSzeQ=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/OT40_yzAyyZk7dKLrBh54gs_p5gTeFQhR4YuUXaI630=442"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/7b3UIe_BX2co94bYiIrQUhBsdsj_azfL-yrapQvwWn4=442"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/zD9ND5GPqVcEdy_9fZz3LDEA2ukvUhOXs43X3SbVmtw=442"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/Us207LYaqbWG8umg3xpfvnlmACStwhine8DCdc2ArKU=442">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=35587bc8-fc08-11f0-8164-8b58ab9d10b6%26pt=campaign%26pv=4%26spa=1769608894%26t=1769609243%26s=dca1822c4e9c8646d8ede0883451a87bb66576494585cf37440946a3f62e3cb1/1/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/EvEG0Pj2DHnAXukctZtoCpKXALDRPe7xkuTGlb1Gelw=442">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c04ee2a89-6939492f-ae99-45bc-a5b7-57fcde43abe7-000000/FaYu4Sa9GBXmDJI8wfnP992GwUwDtKiUx_ZS3FUPy3U=442" style="display: none; width: 1px; height: 1px;">
</body></html>