<!DOCTYPE html><html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html charset=UTF-8">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="x-apple-disable-message-reformatting">
<title>TLDR InfoSec</title>
<meta name="color-scheme" content="light dark">
<meta name="supported-color-schemes" content="light dark">
<style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style>
<!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]-->
</head>
<body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The Everest ransomware group claimed to have exfiltrated 90GB of internal data from systems linked to Polycom, now owned by HP Inc β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document">
<tbody>
<tr>
<td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600">
<tbody>
<tr class="inner-body">
<td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr class="header">
<td bgcolor="" class="container">
<table width="100%">
<tbody>
<tr>
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/RwkVinFtsF_k4BOIpB4cPOrOLeP-qnSBCtR84Zh1ncU=443" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/sPl3LVZG9-VNp4NkJqAiigvZim6-wa_3u_9C3GUujZU=443" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=10fa14d8-0254-11f1-b922-d9390ad1d2e9%26pt=campaign%26t=1770300411%26s=88d001c379b395d093bfdb6dd2bfb8b4152944fcf3506884e11f228a1c577b3e/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/0barGGbK3IjDqyVpwfrOA4zqi_-DW3Ak7UAs0ZDpZLM=443"><span>View Online</span></a></span>
<br>
</span></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr id="together-with">
<td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="mailto:itcurator@tldr.tech"><img src="https://images.tldr.tech/tldr50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="TLDR"></a></td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-05</span></strong></h1>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width:100%;" width="100%">
<tbody>
<tr id="sponsy-copy">
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech.<p></p><p>If you are an IT leader interested in writing for us, please send your resume or LinkedIn to <a href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</p>
</span></span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bgcolor="">
<td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Feverest-ransomware-data-theft-legacy-polycom-system%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/dxyCem-oSHEiAyjgtViatkw_EdRrn3PsUBlFukaMb0I=443">
<span>
<strong>Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Everest ransomware group claimed to have exfiltrated 90GB of internal data from systems linked to Polycom, now owned by HP Inc., including engineering build environments, source code, and technical documentation for the RMX and RealPresence conferencing platforms. Evidence suggests the data originated in legacy Polycom environments from 2017β2019, predating HP's acquisition, though it remains unclear when the systems were accessed. HP Inc. has not confirmed the breach.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fvv3zjV/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/2Blu2gJDAJZRZt_7mIw4UxcfGo9_gbMhu3B-PzqfwZ8=443">
<span>
<strong>Vulnerabilities Allowed Full Compromise of Google Looker Instances (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tenable researchers uncovered LookOut, two flaws in Google Looker that allow attackers with developer rights to run remote code, steal secrets, and exfiltrate the internal MySQL database via an auth bypass and error-based SQL injection. Google patched cloud-hosted instances in September 2025, but self-hosted deployments must update, though no active exploitation has been detected.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Ft50Bqt/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/H4JBGRkcUtbsdkR8EbUkrJck0Jmi4fxD5Ye36zSRCDg=443">
<span>
<strong>Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hacktivist collective Chronus claims to have leaked 2.3TB of data from at least 25 Mexican government bodies, potentially exposing personal and healthcare records of 36 million citizens. Mexico's ATDT argues the dump repackages old breaches from obsolete thirdβparty systems, not fresh sensitive data.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fomeramiad.com%2Fposts%2Fgatewaytoheaven-gcp-cross-tenant-vulnerability%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/l0PO7elZ07WIGbPTFu97BRh4vpWAgg-RMTPstNG085g=443">
<span>
<strong>GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A cross-tenant vulnerability (CVE-2025-13292) discovered in Google Cloud's Apigee allowed attackers to chain SSRF via the GKE metadata endpoint, to escalate privileges via Dataflow JAR poisoning, and to abuse autoscaling to access analytics data across all Apigee tenants, including plaintext OAuth access tokens. The attack exploited shared cross-tenant metadata buckets lacking tenant-specific path isolation and overly permissive service account permissions within tenant projects. Organizations using managed multi-tenant cloud services should audit tenant isolation boundaries, restrict access to metadata endpoints from workloads, and ensure that shared infrastructure components enforce strict per-tenant scoping.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fpulse%2Fbuilding-security-unlock-engineering-velocity-shreyas-sriram-deiic%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/HAhJh2mnp865eybkR77fR-YbEkiZ7GlYy9ZkNR0VLfU=443">
<span>
<strong>Building Security to Unlock Engineering Velocity (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Robinhood built SERA (Secure Enhanced Remote Approval), an internal platform that replaces VPN-dependent access approvals with passkey-based biometric authentication, enabling engineers to securely approve requests from any device. The system uses trusted enrollment on corporate devices to bootstrap credentials and then enables flexible remote approvals with tamper-evident audit trails, reducing approval times by over 20%. This approach demonstrates how organizations can reduce friction in security incident response and off-hours workflows without weakening authentication guarantees.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.offensai.com%2Fblog%2Faws-iam-eventual-consistency-persistence%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/5AKUNPAdN3_4LhTBUNEVQyz0uEcsDaXGgHRUDp9xFKc=443">
<span>
<strong>Exploiting AWS IAM Eventual Consistency (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS is a highly distributed system, which can lead to delays as changes propagate across the system. This is known as eventual consistency. This window can be exploited to recreate deleted or disabled AWS access keys within a nearly four-second window while the changes propagate. Disallow the principal from accessing via an SCP, wait 4 seconds, and then use the standard deletion process to prevent an attacker from exploiting eventual consistency. Other IAM operations, such as policy attachment and detachment, and role assumption, share this vulnerability.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsimonwillison.net%2F2025%2FDec%2F25%2Fclaude-code-transcripts%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/BsVgjqGnVhiD2YwqmxS1VVABNfyhPPrR3MITLelWsoE=443">
<span>
<strong>claude-code-transcripts (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
claude-code-transcripts is a Python CLI tool that converts Claude Code sessions into detailed, shareable HTML pages capturing prompts, tool calls, thinking traces, and commits. The tool supports both local Claude Code sessions and Claude Code for web via a reverse-engineered private API. It is useful for maintaining audit trails of AI-assisted development decisions and evaluating prompting strategies across coding agent workflows.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.orionsec.io%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/1zZKQXStTY4fm4Zi9-uXV8t6p-5TVrxGuRHvwLHvAhE=443">
<span>
<strong>Orion Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Orion provides an AI-driven data protection platform that maps how sensitive information moves across an organization, detects risky or abnormal data flows in real time, and automatically prevents leaks and insider-driven data loss across modern cloud environments.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fauthzed%2Fspicedb%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/hoXdZb4AmlXVSFYpiJI5n9GEqLXe0gfw9dlsWRWsQg0=443">
<span>
<strong>Spicedb (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spicedb is an open-source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsoftware%2Fmozilla-will-let-you-turn-off-all-firefox-ai-features%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/OZBxVD6iXSiucmJ--0ct8kBe2U4WW2J0FYYfDWxr2oI=443">
<span>
<strong>Mozilla Announces Switch to Disable All Firefox AI Features (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following user backlash, Mozilla announced that it will be adding a toggle to delay current and future AI features. Along with this toggle, there will be an AI control panel where users can selectively enable or disable specific features. Features will begin enabled in the AI control panel until users choose to disable them if they do not use the βBlock AI Enhancementsβ toggle.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F01%2F29%2Fapples-new-iphone-and-ipad-security-feature-limits-cell-networks-from-collecting-precise-location-data%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/xbRtMQNdaRv_FnCC8MaNKx0AFK1t0MMpDIhS1WhDYAk=443">
<span>
<strong>Apple's New iPhone and iPad Security Feature Limits Cell Networks From Collecting Precise Location Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple has announced a new feature for select iPhones and cellular-enabled iPads that limits the precision of location data shared with a customer's cell carrier. Applications that a user has granted precise location data and emergency calls will still have access to the user's precise location.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F04%2Fnitrogen_ransomware_broken_decryptor%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/AedEnE-OsqPM7Nydj3Jl9Ro8BYMI9bjtgvnCowf95jk=443">
<span>
<strong>Nitrogen ransomware is so broken even the crooks can't unlock your files (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ransomware gang Nitrogen shipped an ESXi encryptor with a fatal bug that corrupted its own Curve25519 public key, making decryption mathematically impossible even if victims pay. The slipup turns a profit-driven campaign into pure destruction: criminals earn nothing while organizations are left with unrecoverable hypervisors and costly rebuilds.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td>
</tr>
</tbody>
</table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%">
<tbody>
<tr>
<td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fstep-finance-says-compromised-execs-devices-led-to-40m-crypto-theft%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/6gG6Dyatl_2FXb53PdxreoIGPrSDWIY53tWyc7cItEs=443">
<span>
<strong>Step Finance says compromised execs' devices led to $40M crypto theft (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Solana-based DeFi platform Step Finance lost $40 million in digital assets after hackers compromised executives' devices and drained multiple treasury wallets.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F03%2Fsudo_maintainer_asks_for_help%2F%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/SzO7LqlSxXohicMLpAQl7aMtHwgdX1yUsJuXFzV8U_c=443">
<span>
<strong>Sudo maintainer, handling utility for more than 30 years, is looking for support (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sudo's sole maintainer, Todd C. Miller, has been seeking sponsorship since losing corporate backing in February 2024, raising concerns about the long-term sustainability of a foundational Unix/Linux security utility.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F874011%2Fopenclaw-ai-skill-clawhub-extensions-security-nightmare%3Futm_source=tldrinfosec/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/lp6PxRBbgFW_ugsGT8KyK0vHUBAjPLbkg7EMfmmL3dw=443">
<span>
<strong>OpenClaw's AI βskill' extensions are a security nightmare (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers warn that OpenClaw's booming βskillβ marketplace has become a major attack surface.
</span>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td>
</tr>
<tr>
<td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td>
</tr>
<tr>
<td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/wRvuwk4j1UHPmkrIdaQWGja7TmUBN9TG2EJl_vnVLQg=443" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td>
</tr>
<tr></tr>
<tr>
<td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/xeT2ZyzKnFdDCsWEmXrc23eQMOO85Ora6ebntyG_kM8=443" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/GKgCRms5DtZC0yUrCp0l7m02oyQvTrJybO0d9sgKlmc=443"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/RkZs8s4HHaL82ncfyayV2LOrGnJj2m-DVKgNdmJ_DMs=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/qFhFy_FJQfOQygOHgB_YdmCf3j6GqPpkuFrrr4cZkGc=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/WBqVcRZwhIWLbzkTl5YY7cTtkqURS3KUvTo1TBqiUck=443" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/u7lptL2KCiVZ0WShPxQgdy6IR8-uT8mL10Mhw-tCkps=443"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/4I5LFLTmf9jnh3pO3OqRaVgeiXyCcqwQnoQDhGAI4Nc=443"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/cwtZ1Dr9Us7s-MiWJwlIniRrrflRGwtClMRJnPPHyvE=443"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td>
</tr>
</tbody>
</table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/IJBmHbIHcGM6V3W-7_eQhWTKXBnZT9pgeDe5fazzpww=443">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=10fa14d8-0254-11f1-b922-d9390ad1d2e9%26pt=campaign%26pv=4%26spa=1770300079%26t=1770300411%26s=253bb78dc57091bda5babe7551a191fc3ff56d57fcc7b812d42470766cf0a3b1/1/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/vhHx7Id1xsXne1-uPeIpONooBtPxxIKTX0rhytOnnvE=443">unsubscribe</a>.
<br>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c2e208f2d-5008795f-aefe-401d-a890-7c4691a531c8-000000/pgzn4tDtY6H8Ozaw4A6X8zPwq6PL1kqcbcTy9LemElc=443" style="display: none; width: 1px; height: 1px;">
</body></html>