Email Content

<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
			:root {
				color-scheme: light dark; supported-color-schemes: light dark;
			}
			
			*,
			*:after,
			*:before {
				-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
			}
			
			* {
				-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
			}
			
			html,
			body,
			.document {
				width: 100% !important; height: 100% !important; margin: 0; padding: 0;
			}
			
			body {
				-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
			}
			
			div[style*="margin: 16px 0"] {
				margin: 0 !important;
			}
			
			table,
			td {
				mso-table-lspace: 0pt; mso-table-rspace: 0pt;
			}
			
			table {
				border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
			}
			
			img {
				-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
			}
			
			*[x-apple-data-detectors] {
				color: inherit !important; text-decoration: none !important;
			}
			
			.x-gmail-data-detectors,
			.x-gmail-data-detectors *,
			.aBn {
				border-bottom: 0 !important; cursor: default !important;
			}
			
			.btn {
				-webkit-transition: all 200ms ease; transition: all 200ms ease;
			}
			
			.btn:hover {
				background-color: #f67575; border-color: #f67575;
			}
			
			* {
				font-family: Arial, Helvetica, sans-serif; font-size: 18px;
			}
			
			@media screen and (max-width: 600px) {
				.container {
					width: 100%; margin: auto;
				}
				.stack {
					display: block!important; width: 100%!important; max-width: 100%!important;
				}
				.btn {
					display: block; width: 100%; text-align: center;
				}
			}
			
			body,
			p,
			td,
			tr,
			.body,
			table,
			h1,
			h2,
			h3,
			h4,
			h5,
			h6,
			div,
			span {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			
			@media (prefers-color-scheme: dark) {
				body,
				p,
				td,
				tr,
				.body,
				table,
				h1,
				h2,
				h3,
				h4,
				h5,
				h6,
				div,
				span {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
			
			a {
				color: inherit !important; text-decoration: underline !important;
			}

		</style><!--[if mso | ie]>
		<style type="text/css">
			a {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			@media (prefers-color-scheme: dark) {
				a {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
	 </style>
			<![endif]--></head><body class="">








<div style="display: none; max-height: 0px; overflow: hidden;">OpenSSL patched 12 vulnerabilities in its widely used cryptographic library, most of which involve memory safety and parsing weaknesses ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>

<table align="center" class="document"><tbody><tr><td valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">

<table width="100%"><tbody><tr><td class="container">



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/OMyHmiQLDFq31n6kY0Jlm88M-L4C3yli-LR2ddPoUao=442" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/a0dInwe1hlIkWDFREPS2Ymw_eaq56TlCaGlrpfExiOU=442" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=249390c0-fd98-11f0-b19b-bfcd664f03cf%26pt=campaign%26t=1769782003%26s=711ce2e0a56f13c8ea73534ffcc703fa0cdefc66b496df71ad1136b0ead937d3/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/fnQdpcIgkB1Xw07rpopED3qgCuWeZHMW4JquhZktS8c=442"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>

<br>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="mailto:itcurator@tldr.tech"><img src="https://images.tldr.tech/tldr50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="TLDR"></a></td></tr></tbody></table>


<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">

<h1><strong>TLDR Information Security <span id="date">2026-01-30</span></strong></h1>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="mailto:itcurator@tldr.tech">
                                    <span>
                                        <strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    We are launching a brand new newsletter covering IT and enterprise tech.<br>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a class="c-link" href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F187445%2Fsecurity%2Fopenssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution.html%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/EuHid338KfXlUqJJNzJQTY5bgcEkIK4O8CdDS4JSlyA=442">
                                    <span>
                                        <strong>OpenSSL Issued Security Updates To Fix 12 Flaws, Including Remote Code Execution (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    OpenSSL patched 12 vulnerabilities in its widely used cryptographic library, most of which involve memory safety and parsing weaknesses that can cause denial-of-service or data-integrity issues. Two critical stack-overflow bugs in CMS/PKCS#7 and PKCS#12 parsing can potentially enable remote code execution when handling untrusted data, making timely updates essential for organizations relying on OpenSSL 3.x.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F3rcLHX/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/Z4PDgNnc7B-up4NfpbwMaT_0vSquMQcjTt7RYgb3H3Y=442">
                                    <span>
                                        <strong>Fortinet Confirms New Zero-Day Behind Malicious SSO Logins (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    CVE-2026-24858 is a critical authentication-bypass vulnerability (CVSS 9.8) that affects FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. It allows attackers to log in to devices via FortiCloud SSO. The zero-day, added to CISA's KEV catalog, emerged after reports that the December CVE-2025-59718 patch was being bypassed, prompting Fortinet to temporarily disable FortiCloud SSO globally on January 26. Organizations should immediately upgrade affected products. FortiCloud SSO now blocks login attempts from vulnerable device versions.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmatch-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/5K5jbp1hrS-UegEwJpvNtTWxeYGKbaT_AFTrO3MNWlg=442">
                                    <span>
                                        <strong>Match Group Breach Exposes Data from Hinge, Tinder, OkCupid, and Match (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Match Group has confirmed that a “limited amount of user data” was stolen after ShinyHunters claimed a breach of 1.7GB of stolen files allegedly containing 10M records. The attackers stole data after compromising an Okta SSO account, which gave them access to the company's AppsFlyer marketing analytics platform and to Google Drive and Dropbox accounts. The hackers stated that while the data contains some PII, it's mostly tracking data.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>


<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.praetorian.com%2Fblog%2Fcorrupting-the-hive-mind-persistence-through-forgotten-windows-internals%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/iwl6_fMZVPUjWo4Met6_Cf7uQEbATotc-B8UdUhM0ys=442">
                                    <span>
                                        <strong>Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals (5 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Swarmer is a low‑privilege tool that quietly edits Windows user registry hives without triggering common EDR hooks on standard registry APIs. Swarmer builds offline registry hives with Offreg.dll by abusing legacy mandatory user profiles and the NTUSER.MAN mechanism, enabling per‑user persistence that survives reboots while largely evading traditional monitoring. This post walks through the workflow, implementation quirks, operational caveats, and both defensive detection opportunities and attacker takeaways around this forgotten Windows feature set.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbour.ch%2Fhow-rep-helped-me-identify-a-critical-supabase-jwt-exposure%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/BqAFa-m6VWWFne5T8h3_kAttLQqwPbHXatBEW9JaV3w=442">
                                    <span>
                                        <strong>How rep+ Helped Me Identify a Critical Supabase JWT Exposure (8 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    A security researcher discovered a critical Supabase misconfiguration in which an anonymous JWT embedded in client-side JavaScript granted read access to password_reset_tokens and 34 other tables due to missing Row Level Security (RLS) policies. The exposure of 272 password reset tokens and plaintext passwords enabled a full account takeover, demonstrating how publicly intended anonymous keys become dangerous when RLS is improperly configured. Security teams should audit Supabase deployments by enumerating REST endpoints with anon tokens and validating RLS enforcement across all exposed tables.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2026%2F01%2F29%2Fbuilding-cryptographic-agility-into-sigstore%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/n1UF2OW4L7dVxPjW9-oMsZhLQPGnZD4TkesDi9tGJDc=442">
                                    <span>
                                        <strong>Building cryptographic agility into Sigstore (8 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Trail of Bits collaborated with the Sigstore community to implement controlled cryptographic flexibility through predefined algorithm suites, avoiding the in-band signaling vulnerabilities that plagued systems like JWT while enabling organizations to select signing algorithms beyond the original hard-coded ECDSA P-256. The implementation includes a centralized algorithm registry in Protobuf specifications, configurable algorithm restrictions via --client-signing-algorithms flags in Rekor and Fulcio, and a new --signing-algorithm option in Cosign for ephemeral key generation. Go implementations of post-quantum algorithms, LMS, and ML-DSA were developed to validate that the architecture can accommodate future cryptographic standards.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑‍💻</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Freinsec.io%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/GRHViJ3CAL1t6MsZ2zOkU-Xl3-kcWPNGlg4GDQlgWHs=442">
                                    <span>
                                        <strong>Rein Security (Product Launch)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Rein Security provides in-app runtime protection that baselines normal application behavior and blocks anomalous actions in real time, closing the production visibility gap for modern and AI-driven applications.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FCarterPerez-dev%2FCybersecurity-Projects%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/HjJz1y4pDfykOZjwF5fYtYkjgOZqbfor9myJHaKogeE=442">
                                    <span>
                                        <strong>Cybersecurity-Projects (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    60 cybersecurity projects, certification roadmaps, and everything you need to build your cybersecurity portfolio
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fs4dp4nd4%2Ffrida-c2-mcp%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/E_rDzR3uzF8vGQbJr7Gh_tQZ-loeywOjZ5dvumaj-nY=442">
                                    <span>
                                        <strong>FridaC2MCP (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    FridaC2MCP is an MCP server that exposes Frida's dynamic instrumentation capabilities as a remote server.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>


<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fus-sentences-chinese-man-crypto-scam%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/VrIqfTvn2PfAGScZ-HGd3AbIrqvd4s2GttSE3WGtkyE=442">
                                    <span>
                                        <strong>US Sentences Chinese National for Role in $36.9 Million Crypto Scam (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Jingliang Su, a Chinese national, was sentenced to 46 months in prison for his role in a Cambodia-based cryptocurrency investment scam that defrauded 174 Americans of $36.9 million through fake trading platforms and romance-based social engineering. The operation laundered stolen funds through US shell companies and offshore accounts before converting them to Tether cryptocurrency via Deltec Bank in the Bahamas. Su is one of nine defendants who pleaded guilty, and he was ordered to pay $26.8 million in restitution.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flevelup.gitconnected.com%2Fwhy-the-mitre-att-ck-framework-actually-works-29ac26d2d20c%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/K4Q0dlGCcwyu9nNcJUYVeHqgUghryPRgslOgaH_ioUM=442">
                                    <span>
                                        <strong>Why the MITRE ATT&CK Framework Actually Works (7 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    The MITRE ATT&CK framework can help SOC teams understand behaviors as opposed to isolated data points from alerts. SOC teams can also utilize SIEM tools that map detection rules to ATT&CK tactics to understand their detection coverage. This enables SOC teams to shift from chasing alerts to observing narratives.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F29%2Ffintech-firm-marquis-blames-hack-at-firewall-provider-sonicwall-for-its-data-breach%2F%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/BcdNfZk_yYzFWM_vSICzPtTNxaQQ6aSxuJ2O8ehrImo=442">
                                    <span>
                                        <strong>Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Fintech data broker Marquis has pinned a major 2025 ransomware breach on firewall supplier SonicWall, claiming a SonicWall cloud backup hack exposed its firewall configurations and credentials. Hackers allegedly used this data to bypass defenses and steal sensitive US banking customer information, including Social Security numbers. Marquis is weighing legal and financial recoupment options, while SonicWall publicly disputes any proven link to broader ransomware campaigns.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhydrolix.io%2Fsolutions%2Fbot-insights%2F%3Futm_source=Newsletter%26utm_medium=Email%26utm_campaign=TLDR/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/G6zni7qbDMYQdzHCeMWJpDk3xEUssdoJ4MGZdcDIn0M=442">
                                    <span>
                                        <strong>The $5 million Bots bill (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Bots now dominate internet traffic, silently inflating infrastructure costs (>$5 million to unwanted origin hits, in a client's case). Hydrolix classifies humans vs bots in real time and stops abuse instantly. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhydrolix.io%2Fsolutions%2Fbot-insights%2F%3Futm_source=Newsletter%26utm_medium=Email%26utm_campaign=TLDR/2/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/GN69FPebq-G1FbIuyII77DXXfBBWEY0-A4B49SuGcnM=442" rel="noopener noreferrer nofollow" target="_blank"><span>See how it works.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Fnotorious-russia-based-ramp-forum-seized%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/AVKLsuCIFkC5e2Yon0ySxWrIXsjXyCnKpJbSSDoT_kU=442">
                                    <span>
                                        <strong>Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (3 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    The FBI has seized RAMP, a notorious Russian cybercrime forum used by ransomware groups and initial access brokers.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fintroducing-win-partner-index%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/ajGcRZpMmd-o02pV8Qlbr-240-vzezG9aXWzEiF3CXo=442">
                                    <span>
                                        <strong>Introducing the 2025 WIN Partner Index (4 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Wiz's new annual WIN Partner Index is a data-driven benchmark that analyzes adoption patterns across 240+ integrations to identify which cloud security integrations organizations rely on most, which are gaining traction fastest, and where teams see consistent value.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F01%2Fresearchers-find-175000-publicly.html%3Futm_source=tldrinfosec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/2F8xXluB2ZN9dD3Ek-aXb-Soi6v-yDpezgCZgwwdG_s=442">
                                    <span>
                                        <strong>Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries (5 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Researchers uncovered 175,000 exposed Ollama AI servers worldwide.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/gsi5XN_AavG1GGBkFkdU-SHSLhWy40ECIFay8owVp8g=442" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/XY5xWGSNn8TEaupKohNISIYn-LjyTbP-O8oFnN1jX2Y=442" style="font-size: 16px; line-height: 1.6;  padding: 10px 0; display: inline-block;  text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>




<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/qV6M3HWxl1wNoLWnCdmlgBtuU4avFnGnlidmC5AHr3k=442"><strong><span>advertise with us</span></strong></a>.
</div>
<br>

<!-- New "Want to work at TLDR?" section -->

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/hAvoPs4lA7hswliIRFVP9ClqltZedCEH-dF8dhR4wLk=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/8Bv-CHd52heynqcePF2x-iTF1_yHtdE9zRoclbhOa8Y=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/7c9pRsn0NCvNVk0aWLzNeNEfyWnqpPu3XJcH5w6OxbU=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>

<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/YwldvEyrzRvBbKGZnNsXz5imvfC8cQVgznRhHivYf8I=442"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/9Dqxqk20RAqg8I5B4fTtaez_CBEXMsxr3Fw_1KEPDcg=442"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/waWv2Cbxtd8WL5VkT7xOxiTUPhQbbRYWFhdqvd4rzRk=442"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/pGy0_jaV8cf89Km-AoWSzloTHM8VnGzlihE9Sr_5F3I=442">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=249390c0-fd98-11f0-b19b-bfcd664f03cf%26pt=campaign%26pv=4%26spa=1769781689%26t=1769782003%26s=79126eb43dde05091d3947e0d83cc9b2402a3f9ba8745c16ce241cf8537bb9ec/1/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/UywhP6lTqYGPikvnDBDFk8SRTe-KGIpikMsOvgmNNpg=442">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>



<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c0f3a49a4-9bf29f5a-c329-4d6b-bdd7-466c90d3a1b2-000000/4r08JlI5VJ34_O-wyBlkJpuCBwKV3eQWpslMk6de0Bo=442" style="display: none; width: 1px; height: 1px;">
</body></html>