<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Notepad++ confirmed that a suspected Chinese state-sponsored group compromised its shared hosting provider from June through December 2025 β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/eiFOGQLyOSPz2rGPg-567ynloH9zc5wVaeHw06aTn4I=442" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/4km0Pl8TVsKRSMtuadBBovWdsIf5tz77Y7NqbR3vU74=442" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=06339830-00f6-11f1-bb11-3bd7852b1771%26pt=campaign%26t=1770127610%26s=e9370e82129719f1bef5ac149363b85bca21b9804b729971fde28d56d6c25fe7/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/5pRUpWzmIh5_aqLFWDrSPUQX7l05JD8I0m1LXVRy-2E=442"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_expansion_amer_english_webinar-empowering-it-leaders-to-manage-their-saas-ecosystems_consideration_2026-02%26utm_content=text%26utm_term=live-february-3-newsletter/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/7In8Fwxk7J-Z_CCEdC-jOQ34kEJwCpDxvJECVYj1fV8=442"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_expansion_amer_english_webinar-empowering-it-leaders-to-manage-their-saas-ecosystems_consideration_2026-02%26utm_content=text%26utm_term=live-february-3-newsletter/2/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/s--QVzt9bufjWzZEPMjf4LRxSWEBQCXdRoyn2mhYZWs=442">
<span>
<strong>1Password webinar: Empowering IT leaders to manage their SaaS ecosystems (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Join 1Password for a practical look at how IT can take control of their time and their SaaS landscape.<p></p><p>Learn how to:</p><ul><li><strong>Gain visibility into the apps employees use</strong> β whether IT sanctioned them or not</li><li><strong>Control and optimize SaaS spend, </strong>and make sure employees are actually using the tools you've provisioned</li><li><strong>Stay ahead of contract renewals</strong> with automated renewal tracking and insights</li><li><strong>Streamline user lifecycle management</strong> with automated onboarding/offboarding and access reviews</li></ul><p>The webinar is on Feb 11 at 9 AM PST / 12 PM EST. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=sa_expansion_amer_english_webinar-empowering-it-leaders-to-manage-their-saas-ecosystems_consideration_2026-02%26utm_content=text%26utm_term=live-february-3-newsletter/3/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/a-zNn_GwjxwKIo0PckD7FCjN9Ez162SYcREbxsbJ2Xo=442" rel="noopener noreferrer nofollow" target="_blank"><span>Register today to save your spot.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnotepad-plus-plus.org%2Fnews%2Fhijacked-incident-info-update%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/qmNXc4XPzuu-KHakb0VWeCBSvmX9OrY_FCo-kzJrIps=442">
<span>
<strong>Notepad++ Hijacked by State-Sponsored Hackers (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Notepad++ confirmed that a suspected Chinese state-sponsored group compromised its shared hosting provider from June through December 2025, selectively redirecting update traffic to serve malicious installers by exploiting insufficient update verification controls. The attackers maintained persistent access through stolen internal service credentials even after losing direct server access in September 2025. Notepad++ has since migrated hosting providers and hardened its update mechanism with certificate and signature verification in v8.8.9, with full XMLDSig enforcement expected in v8.9.2.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fwindows-malware-pulsar-rat-live-chats-steal-data%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/toHSywKXvF1m0TMuZ-Mcord3Dwcv-m85cNamUKB3LjE=442">
<span>
<strong>Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A newly discovered Windows malware campaign combines the Pulsar RAT with Stealerv37, using Donut loader shellcode injection into explorer.exe to operate entirely in memory while evading traditional antivirus detection. The attack chain begins with an obfuscated batch file in %APPDATA%\Microsoft that leverages PowerShell for fileless execution, deploying capabilities including webcam/microphone surveillance, clipboard hijacking for crypto wallet address swapping, and credential theft from browsers, VPNs, and gaming platforms. Notably, attackers actively engage victims via a live chat window while simultaneously exfiltrating stolen data via Discord and Telegram, maintaining persistence through a watchdog mechanism and defensive evasion via Task Manager and UAC disabling.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2Fpost%2F1-click-rce-to-steal-your-moltbot-data-and-keys%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/KEio8uWdFCeX3e_K5PjGHDx03FnV4w2NRmvClU90ngY=442">
<span>
<strong>1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253) (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical 1-click RCE vulnerability (CVE-2026-25253) discovered in OpenClaw (formerly Moltbot), the popular open-source AI assistant with over 100,000 users, chains three logic flaws: unsanitized `gatewayUrl` query parameter acceptance, automatic gateway reconnection, and auth token leakage in the WebSocket handshake. The exploit bypasses localhost network restrictions via Cross-Site WebSocket Hijacking due to missing origin validation, then uses the stolen operator-scoped token to programmatically disable user confirmation prompts and container sandboxing before executing arbitrary commands on the host machine. Organizations deploying OpenClaw should immediately upgrade past v2026.1.24-1, rotate all auth tokens, and treat this as a broader warning about the attack surface introduced by AI agents granted extensive system permissions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Fdisrupting-largest-residential-proxy-network%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/0w0dNMHNZ0aWBnWV4HK86-bfKYS1GkLPOelfUvbtocM=442">
<span>
<strong>Disrupting the World's Largest Residential Proxy Network (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Threat Intelligence Group disrupted the IPIDEA residential proxy networkβbelieved to be the world's largestβby taking legal action against C2 domains, sharing intelligence with partners, and enforcing removals of Google Play Protect, reducing the available device pool by millions. The investigation revealed IPIDEA operated through 14+ proxy and VPN brands with four SDK families (PacketSDK, CastarSDK, HexSDK, and EarnSDK) sharing a two-tier C2 infrastructure and approximately 7,400 Tier Two servers, with over 550 threat groups from China, DPRK, Iran, and Russia observed using IPIDEA exit nodes in a single week. Organizations should monitor for published IOCs, block known IPIDEA-associated domains, and audit environments for traffic patterns consistent with residential proxy abuse, particularly from applications that monetize bandwidth.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffumics.in%2Fposts%2F2026-02-01-phone-gps-carrier-tracking%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/x9oAPIOAIFfXjqTp7nh8pZ2nB1E4J84Cs2tuiNrWRkU=442">
<span>
<strong>Your Phone Silently Sends GPS to Your Carrier β Here's How (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mobile carriers can silently ask modern phones to compute and send exact GPS coordinates using low-level RRLP and LPP protocols, bypassing iOS and Android permission systems entirely. This happens in the baseband processor, which talks directly to cell towers and the GPS chip, so operating system privacy settings, VPNs, and app-level toggles offer no protection. Law enforcement, intelligence agencies, and even data brokers have leveraged this capability for real-time tracking, often in murky legal territory. Apple's new C1 modem and iOS 26 add some visibility and consent controls on the iPhone 16e, but billions of other devices remain always-trackable whenever a SIM is active.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbytearchitect.io%2Fmacos-security%2FmacOS-Hardening-a-new-series%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/Smkpruy8AGBZ6hBr7-Otkph-vR7CrMZPsPgvshk-Wgo=442">
<span>
<strong>macOS Hardening: a new series (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gabriel Biondo, a former CISO and pentester, introduces a practical macOS hardening series grounded in defense-in-depth principles, emphasizing that layered security controls across network, application, secrets, and operational layers dramatically reduce compromise likelihood compared to any single control. The series outlines a pragmatic threat modeling approach focused on identifying assets, threat agents, and value-vs-cost tradeoffs rather than over-engineered frameworks, with upcoming installments covering DNS filtering, browser compartmentalization, MFA/passkeys, and compensative controls. Security professionals are reminded that the goal is not invulnerability but raising the cost of attack above that of alternative targets while maintaining system usability.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fuxmal%2Freko%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/OoWkglJHD8QYgAqelWlg27JAdtgV0RcjTG5bbBluCSg=442">
<span>
<strong>Reko (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reko is a general-purpose, open-source decompiler for machine code binaries that supports multiple processor architectures and executable file formats with minimal user intervention. Built on .NET 6.0, it provides command-line, Windows GUI, and ASP.NET front ends for analyzing and decompiling binary executables. Licensed under GPL, it is particularly useful for reverse engineering and binary analysis workflows where legal rights to decompile are established.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmmguero-dev%2FMalcolm%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/8xtYqkJQEqQYzUChmxI58lLDaYtdYGSs5tLf-MPhp3w=442">
<span>
<strong>Malcolm (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs, and Suricata alerts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Findurex.ai%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/WxqboYdGPXKfwUGlOC4wVo93ioLzQTjn1f3DHm0KQOM=442">
<span>
<strong>Indurex (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Indurex provides an AI-powered platform that secures cyber-physical systems by ingesting OT and IT data, correlating industrial and network signals, and unifying the context.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbnuuy.solutions%2F2026%2F02%2F01%2Fps-vr2-recovery-mode.html%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/bKhZDZ5V---dqnLnYxMAo0NHTofQUC1KOcYZKeetEXE=442">
<span>
<strong>The path to pwning the PS VR2 (part 1) - "Recovery mode" (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A stack overflow vulnerability discovered in Sony's PS VR2 kernel-level USB authentication code allows arbitrary firmware downgrading by exploiting an unchecked `memcpy` in `usb_auth_set_auth1_data` that blindly trusts the USB request buffer length beyond the 64-byte structure size. Repeatedly triggering the overflow on device connection forces the PS VR2 into a hidden recovery mode running initial firmware v01.10, from which any firmware version can be installed despite no eFuse-based downgrade protection being present. The exploit tool "vr2jb" has been publicly released. Researchers recommend downgrading to v06.00 as a stepping stone toward a full jailbreak that could unlock features like eye tracking and haptics on PC.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F02%2Fstopice_alerts_hacked%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/wHyu-F5YMZQWREyEtCBE8pU9nCrTLLYrVR-YuOJzq8s=442">
<span>
<strong>StopICE hacked to send alarming text messages, admins accuse border patrol agent of sabotage (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ICE-reporting service StopICE was compromised to send frightening texts falsely claiming user data was handed to authorities and smearing its developer. StopICE's team traced the attack to a US border agent's personal server. It says no usernames, addresses, or GPS data are stored. The service will use βbaitβ data to identify the alleged attackers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zetter-zeroday.com%2Fbooz-allen-tech-contractor-took-irs-job-specifically-to-leak-trumps-tax-records%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/zlMZf1I9S7dXOIxad3lYGTZsJ_XejcBS7w9Y-5EBvj4=442">
<span>
<strong>Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump's Tax Records (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US Treasury Department announced that it was canceling all contracts it holds with Booz Allen Hamilton after their failure to prevent one of its contractors from stealing and leaking tax records years ago. The decision specifically deals with the case of a contractor, Charles Littlejohn, who leaked tax returns of more than 400k US taxpayers between 2018 and 2020. Littlejohn used a private server to siphon the tax returns of President Donald Trump, Jeff Bezos, Elon Musk, and other super-rich Americans.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech.<p></p><p>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FuekFZj/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/le3LyUvCmq0S7vbOmxiqBuP8p-hxxLJpp6G3wmzvvzg=442">
<span>
<strong>McDonald's Netherlands Takes Passwords to the Streets for Change Your Password Day (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
McDonald's Netherlands and TBWA\NEBOKO used digital billboards featuring popular menu items as passwords to spotlight how weak and predictable many online credentials are, as real leak data shows terms like βbigmacβ and βfrenchfriesβ are used tens of thousands of times.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4125947%2Fmicrosoft-disables-ntlm-in-windows.html%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/m37jyya7Fui1ZEAGHLn7uXqxKsgkB2OFrP15eAReHlk=442">
<span>
<strong>Microsoft disables NTLM in Windows (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft is now disabling NTLM by default in Windows 11 and Windows Server as the next step in deprecating the decades-old authentication protocol, which has been frequently exploited in relay attacks to gain full network access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2026%2F02%2Fplease-dont-feed-the-scattered-lapsus-shiny-hunters%2F%3Futm_source=tldrinfosec/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/W2ym5xTSxAc8K99TwN3vXR7Zqt2bWbnqvjE8Wy8N1Bs=442">
<span>
<strong>Please Don't Feed the Scattered Lapsus ShinyHunters (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 221B researchers warn that victims should refuse to pay or negotiate with the Scattered Lapsus ShinyHunters (SLSH) extortion group, whose tactics include swatting executives, threatening families, and manipulating media, as the Com-based gang's chaotic internal dynamics mean they cannot be trusted to honor any promises to delete stolen data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/yRLFNXMGjLh0X5t1sCBuwvUj_2xmD9RMiuGSK30R73g=442" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/G9Tc3eXRINSsBQrc8AY6qmr7GHay5f9rVzaS_AjoLGg=442" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/yoOgdZN3eMXy7giEaCpNGo8kfF3YD8kYhGlKk8TzQHg=442"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/gZr9VW9qemJpP-2x7gbWI9-tT9LsW1wS5hBCFrwOx5M=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/twC70hWlO53u_eptiXzMBsuYcfhaHi9sub56RdbKGTE=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/-OEOW6kgV_FKcPFC87Uy9gp-dv05pTgSTuVuuMiUKTs=442" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/9-ycaw772AFtjEdDiVALFUtMQvEHTsrG0dRI1oftTrg=442"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/kbNL2oeM0u-VN7jodjkOX3TRIVxs5sGR9c_LOvQr7xc=442"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/ySGDz53ccRf5NXRavASLcCXImYgeQaCu6pitR7fyHDs=442"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/oTYPbbgkmLh95rNSd-AFH0nrGlRAyHsrYSNB2AIvKEk=442">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=06339830-00f6-11f1-bb11-3bd7852b1771%26pt=campaign%26pv=4%26spa=1770127284%26t=1770127610%26s=f009cb562127155ad70f6d431b41d71f83319c479a9de2ee1dafeca8dab5fe82/1/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/4Y9sQiLAmpPV7oJt5mTjuu4ZT1Qo8SPkZLAvl2c3_1E=442">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c23d3d3f0-38f6d9f3-fd6a-4900-bc0d-13a74d430993-000000/Y0oMjHThdFyG98LFd0k0J0flBmsL735qRG2O9iH-FQc=442" style="display: none; width: 1px; height: 1px;">
</body></html>