<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-24002 is a critical Pyodide sandbox escape vulnerability in Grist-Core that allows attackers to execute arbitrary OS commands β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/MsHoE5AeZSqyu8zeZfWu7aqvNBDn88CjmoS8wdUmk-w=442" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/V4dwMqVklc-Vxy3CdPmshFqb73HxIIU8m4eCBxmmS6g=442" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0433ea6a-fcf2-11f0-b976-f5a13b9ea0f4%26pt=campaign%26t=1769695624%26s=748876cbc76386ad675b0e03b1f66c4a97a4e53f03b57a68fda5f25737b6c715/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/nDjKpT5S5-Wks4XVbeJIz8EKD-wHQHAg0YNsBB9rvhI=442"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fapm-maturity-model-assessment-tool%2F%3Futm_campaign=PAID_Adverti%5B%E2%80%A6%5D=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000ePhXU/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/3aK4thGKDZ8hJi8va7uU-CUVFNp1L8MUUTC1mQw75EU=442"><img src="https://images.tldr.tech/specterops.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="SpecterOps"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-01-29</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fapm-maturity-model-assessment-tool%2F%3Futm_campaign=PAID_Adverti%5B%E2%80%A6%5D=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000ePhXU/2/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/CsRMkxXvBICW8MbK-bkK56xLclBv21vU6LJNvpKMimg=442">
<span>
<strong>Attack Paths Don't Pause (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Misconfigurations and excessive privileges quietly chain together into routes attackers can use to reach your critical assets β and they don't wait. Attack Path Management (APM) shows identity risk the way adversaries see it, mapping relationships across identities, systems, and permissions so you can prioritize what truly matters.<p></p><p><strong>Want to understand your identity security posture?</strong><br>Take our <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fapm-maturity-model-assessment-tool%2F%3Futm_campaign=PAID_Adverti%5B%E2%80%A6%5D=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000ePhXU/3/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/oxGT1al-cFAFQrxBn5ERXfY67mEyGyzXf20CxkfvOKg=442" rel="noopener noreferrer nofollow" target="_blank"><span>quick assessment</span></a> to see where your program falls on the maturity spectrum and access our <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fwp-content%2Fuploads%2Fsites%2F3%2F2025%2F07%2FIdentity-APM-Maturity-Model_1034-0.pdf%3Futm_campaign=ContentSyndication_Paid_2025_11_24_TL%253BDR%26utm_medium=Paid%26utm_source=ContentSyndication%26Latest_Campaign=701Uw00000b9aF4/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/IZkieNH_0UVpSGlgKSjitNPSUrcskLu2bXk8b7rEVww=442" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Maturity Model Report</strong></span></a> for clear guidance to reduce attack paths.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWFLzri/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/KvGL7nV53-1_hPXtOMG1esuM22QhIVM4obWRB3GVpz8=442">
<span>
<strong>Six JavaScript zero-day bugs lead to fears of supply chain attack (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Koi discovered six zero-day vulnerabilities dubbed "PackageGate" across four major JavaScript package managers (npm, pnpm, vlt, and Bun) that bypass protections against script execution and lockfile integrity designed to prevent malicious code from running automatically. While pnpm, vlt, and Bun patched the flaws, npm (now owned by Microsoft) declined to fix the vulnerabilities, stating that the behavior "works as expected," leaving gaps in defenses adopted after the Shai-Hulud supply chain attack that affected over 25,000 repositories. The bypasses vary by toolβnpm's weakness lies in Git dependencies with malicious .npmrc files, pnpm and vlt have lockfile gaps enabling tarball swapping, vlt has a tar extraction path traversal flaw, and Bun's trust allowlist can be spoofedβraising concerns about potential install-time code execution at scale even in hardened environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F01%2Fcritical-grist-core-vulnerability.html%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/rphANeMttLaxK70KYwzKFHyzDjPcGAnleOeODoFTQZM=442">
<span>
<strong>Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-24002 (CVSS 9.1) is a critical Pyodide sandbox escape vulnerability dubbed "Cellbreak" in Grist-Core that allows attackers to execute arbitrary OS commands or host-runtime JavaScript through malicious spreadsheet formulas. The flaw stems from Grist's blocklist-style sandbox approach that permits traversal through Python's class hierarchy and leaves ctypes available, enabling attackers to access database credentials, API keys, and sensitive files while creating lateral movement opportunities. The vulnerability was patched in version 1.7.9, released January 9, with users advised to update immediately or temporarily mitigate by setting GRIST_SANDBOX_FLAVOR to "gvisor," while avoiding the GRIST_PYODIDE_SKIP_DENO flag that reintroduces the risk.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/Qo0CWvx9bZYnMxIFY0F6FBeJqi1KZ_DMfTgjgwGptDE=442">
<span>
<strong>New Sandbox Escape Flaw Exposes n8n Instances to RCE Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from JFrog discovered two new vulnerabilities in the n8n workflow automation platform that could allow for RCE, one of which received a CVSS score of 9.9. The two vulnerabilities are AST sandbox escapes in both Python and JavaScript sandboxes that could allow for arbitrary code execution on the underlying nodes. The vulnerability has been fixed in the n8n cloud platform, but users running self-hosted versions should update to fix it.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbughunters.google.com%2Fblog%2Ffido%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/h9n9SQYv4G4xP7NoeGlcJdoGzUXVZmQZm8aa9eC3dd8=442">
<span>
<strong>The Evolution of FIDO Experiences on Android (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google detailed Android's evolution from password-based authentication to FIDO2 passkeys, starting with Universal Second Factor (U2F) in 2014 as a phishing-resistant second factor and advancing to passwordless passkeys built on WebAuthn and CTAP2 standards that use device biometrics, PINs, or patterns for authentication. Android announced FIDO2 specifications over USB with PIN support in November 2023, featuring streamlined user experiences with Material3 Design bottomsheets, Credential Manager APIs for easier developer integration, and secure PIN protocol algorithms that avoid storing actual PINs on devices or security keys. Google plans continued FIDO enhancements, including NFC support, native credential management for physical security keys, and post-quantum cryptographic algorithms to ensure passkey security remains robust against emerging threats like quantum computers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsean.heelan.io%2F2026%2F01%2F18%2Fon-the-coming-industrialisation-of-exploit-generation-with-llms%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/gFPgFgqLjCDN9tckUsslQClUU9AiEg2-s73tugwX3Co=442">
<span>
<strong>On the Coming Industrialization of Exploit Generation with LLMs (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The author of this post discovered a novel zero-day in QuickJS using Opus 4.5 and GPT-5.2. They set up a testbed in which the agents were tasked with achieving different objectives across systems with varying protections. The author succeeded in generating over 40 distinct exploits, including complex exploit chains. Experiments such as this demonstrate that tasks like exploit generation are increasingly solvable by LLMs with enough tokens.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.atredis.com%2Fblog%2F2026%2F1%2F26%2Fgenerals%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/a_pTe52UfPcjSgYh0isfWgo_8KbskzXpKUQrN2Oxb9E=442">
<span>
<strong>General Graboids: Worms and Remote Code Execution in Command & Conquer (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers analyzed Command & Conquer: Generals' newly released source code and uncovered three major multiplayer flaws: a filename stack overflow, arbitrary file writes, and an out-of-bounds write during packet fragmentation. By chaining these bugs, they achieved reliable remote code execution, then built a self-spreading worm that drops a malicious DLL, hooks legacy Windows socket APIs, listens for βmagicβ packets or chat messages, executes OS commands, and manipulates local game actions such as camera and UI effects.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecuritylabs.datadoghq.com%2Farticles%2Fide-shepherd-release-article%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/dWaIUpIeGlV5kb35N3NnRBv2gdC_MV3wVrWRCViJKQY=442">
<span>
<strong>Introducing IDE-SHEPHERD: Your shield against threat actors lurking in your IDE (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IDE-SHEPHERD is a free open-source security extension for VS Code and Cursor that addresses trust-based security model vulnerabilities by integrating into the Node.js runtime of the extension host process. The tool uses a require-in-the-middle layer to patch critical modules like child_process, http, and https, enabling real-time interception and blocking of malicious operations, including process execution, network communications, and workspace task execution against a growing ruleset. IDE-SHEPHERD provides granular per-extension behavior analysis rather than publisher-based trust, includes heuristic detection for suspicious extension metadata (wildcard activations, obfuscation, and missing repository links), and offers optional Datadog Agent integration for centralized monitoring while keeping all data local by default.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftailscale.com%2Fblog%2Faperture-private-alpha%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/w719S0B0Dt5Z7uUg9ug7o72xgldeDS8BCfl5htEQij0=442">
<span>
<strong>A first look at Aperture by Tailscale (private alpha) (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Aperture is an alpha-stage AI gateway that offers insights into coding agent usage within organizations. It eliminates the need to share API keys by using Tailscale's built-in identity system for authenticating users and machines. The tool supports CLI and VS Code-based AI coding agents such as Claude Code, Codex, and Gemini CLI, providing centralized monitoring of usage, cost tracking across different models and providers, and SIEM integration via S3 exports, all while linking API usage to specific users and devices. Aperture is free for up to three users, similar to Tailscale's Personal plan. It features an extensible platform, starting with a partnership with Oso to enhance security controls, alerts, and audits, with future plans to extend beyond coding agents to other AI workloads.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FMaldev-Academy%2FDumpBrowserSecrets%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/nsqJluebeLkk23M3qyn_WUq8hrQIvJU88kXeFqyemS4=442">
<span>
<strong>DumpBrowserSecrets (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DumpBrowserSecrets is an improved version of the DumpChromeSecrets program that can extract browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FnFLude/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/8ioD81GawlwzX5dTZ8KCLrMhqu2cYGDhG2qZUea3Kko=442">
<span>
<strong>Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Sicarii ransomware, which emerged as a RaaS offering in December, contains a critical design flaw that makes decryption impossible even if victims pay, as the malware regenerates new RSA key pairs locally during each execution and discards the private key needed for recovery. The ransomware's suspicious "Israeli/Jewish" branding with Hebrew language and historical symbols appears to be a false flag, given its primarily Russian-language operations and machine-translated Hebrew content with errors. It was likely that inexperienced developers used AI-assisted tooling to create the poorly coded ransomware. Organizations affected are advised to abandon ransom negotiations and focus on alternate recovery pathways, including backups and incident response services.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F28%2Ftrumps-acting-cybersecurity-chief-uploaded-sensitive-government-docs-to-chatgpt%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/QXoyHUsi-0Rl143NWRGy6RIusPXkA-9odxWny9rQ7Z4=442">
<span>
<strong>Trump's acting cybersecurity chief uploaded sensitive government docs to ChatGPT (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Acting CISA director Madhu Gottumukkala, a Trump appointee, uploaded internal βfor official use onlyβ contracting documents to ChatGPT, triggering federal security alerts and a DHS review of potential damage. Officials had previously granted him a special exemption to use ChatGPT, even as other staff were barred. His tenure has already been controversial after an unsanctioned polygraph and suspensions of career staff.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Finformation-technology%2F2026%2F01%2Ftheres-a-rash-of-scam-spam-coming-from-a-real-microsoft-address%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/aCkJwm8G6-4WqiapcWSNvYI5-HZpCN0RBciC95m8RjI=442">
<span>
<strong>There's a rash of scam spam coming from a real Microsoft address (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A legitimate Microsoft Power BI email address is being abused to send fake $399 billing alerts that push victims to call a number and install remote-access tools, handing attackers control of their computers. Scammers exploit Power BI's subscription feature so messages come from a trusted Microsoft domain with no malicious links, bypassing filters until Microsoft temporarily disabled the abused feature.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech.<br>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a class="c-link" href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F01%2Fgoogle-warns-of-active-exploitation-of.html%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/LQgTP-8gHgxSvCaN7ycVMdsgP8DHd-k61eAaA4OVFw8=442">
<span>
<strong>Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Russian, Chinese, and financially motivated actors are abusing CVE-2025-8088 in outdated WinRAR to gain persistence via Windows Startup, delivering malware.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F01%2F27%2Fwhatsapp_strict_account_settings_meta_rust%2F%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/tBRo09iU4mTIYKOXYqQhP-6xZ_yYAOmDfHlzqRsOzmI=442">
<span>
<strong>Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WhatsApp is rolling out Strict Account Settings, a one-tap lockdown that hides activity and profile details, blocks high-volume unknown messages, enforces two-step verification, and enables security alerts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Fuk-national-policing-overhaul-cybercrime%3Futm_source=tldrinfosec/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/y1WU3niZx0611pW6nY9m2naqnFlDz_rc4TMmcX-O1Gg=442">
<span>
<strong>UK plans sweeping overhaul of policing amid surge in online crimes (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK government unveiled plans to create a new National Police Service to centralize the fight against cybercrime and fraud.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/xRm-v9Z5Mh7zkKv9DTZt4hUnp4TTCq2dV9-Cp75N0lo=442" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/4EugVbuJ15lMZ3yE9N_vB2xGE2jH4Q5umQPk2dbOlyo=442" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/jMTCP3v-_GKNzqxd63cjCoOV88z7P-OFX8CBfYr_xGk=442"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/ozm8tJPBIsSdaMROsoyuEPHu_21JlOipr86TDjDyebs=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/2zr5IzdiUIid0ilqDGaIianclDRUnfrFzr9FdzCuTTI=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/higzIr0x-jkLp-AyKLCTEEYFEN-DrApEEMCkF_I3s7k=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/uNguoxBaVDElYq_n9P9DoZDhOSXm_dHUoP2gsE7tXL0=442"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/9xm6aikmmoueLHzECjbmosRwgIYTsA4AhuJHUcielVw=442"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/oZCtNSvGToPVxFzEqzYVLFT43sbnQ1lPyQoOeOv-Cpg=442"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/kXk_joUL60rF-EG48UMf5nvUe20W9XOLRXxd47-3ukU=442">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0433ea6a-fcf2-11f0-b976-f5a13b9ea0f4%26pt=campaign%26pv=4%26spa=1769695283%26t=1769695624%26s=49ea3814246afc7e37272d451eda4c86391fee229971423fbe947b81e130de57/1/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/tj70xgsxglibweC685IRc1kYwXkaq-eIFOjX_E8YzpI=442">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c0a143d92-128c2a3d-f577-430b-8fe6-03a460c6d14e-000000/TtG60UCP9GL5GSgScGprYpL6m0GZIE52urXkMkGkWPE=442" style="display: none; width: 1px; height: 1px;">
</body></html>