<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Unknown threat actors exploited vulnerable SolarWinds Web Help Desk instances in December 2025. Organizations should immediately patch WHD β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/48IqVp4v3mmjwOI5tusRFBGVGvD2353st6fYeaAqLfQ=444" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/1y38TWEemim-dvsLcUyFjiIOz548V5o4U-F_abKp_Tw=444" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e5a935d2-07d7-11f1-8f64-6d9d59627f52%26pt=campaign%26t=1770905302%26s=cb1830ed40362551a7ae4b310fdb27a5a2497456e1bec09158588b5888c3fd92/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/hERBO2pdjhoBo2MGey_qqCDk8A9behBdyLDmhx_Dn_o=444"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fj8SJzc/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/jCU2CI_5ju1mxypYG0yid9sIPYJ-bjFHAIv4gXo_6Gk=444"><img src="https://images.tldr.tech/microsoftazure.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Microsoft Azure"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-12</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fj8SJzc/2/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/yetSh4Y9nkriSTpFq5oUKTgHOJ7tT3SBYCsa5yg1N4w=444">
<span>
<strong>Feel like your tabs have tabs? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Developer tool sprawl is real. You've got one tab for logs, another for metrics, half a dozen for cloud services, and somewhere in there is the code you're actually trying to ship.<p></p><p>π«£ Stop playing hide-and-seek with your tools. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fj8SJzc/3/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/8pWApcC9Ejv7vRhPUnBL1mP6Psmo8T3Xru65A1B3Io4=444" rel="noopener noreferrer nofollow" target="_blank"><span>Microsoft Azure</span></a> brings together everything you need to build and run software in a single workspace.</p>
<p>Goodbye, hunting for the right dashboard. Hello, one unified viewβand a faster path to innovation.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fj8SJzc/4/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/_YOguKZL_tl8RU7VKWDRAP9Hbzj77txVwQkkV6oLBek=444" rel="noopener noreferrer nofollow" target="_blank"><span>Simplify your stack with Azure β</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FcYD0dG/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/ea3xky0rKQ9ro2AUTtDN5ZDDCmxqgRVbPLj-O67PP50=444">
<span>
<strong>New 'ZeroDayRAT' Spyware Kit Enables Total Compromise of iOS, Android Devices (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new commercial mobile spyware toolkit, ZeroDayRAT, sold via Telegram and analyzed by iVerify, offers nation-state-level capabilities, including live camera and microphone feeds, keylogging, GPS tracking, bank credential theft, and crypto clipboard hijacking, for both Android and iOS devices. The self-hosted kit uses a builder model in which operators generate payloads for their own infrastructure, distributing them via phishing, smishing, or trojanized apps. The creators deliberately obscure attribution by advertising in five languages and mixing Chinese, Russian, and Indian targeting indicators. Takedown efforts have been complicated by the decentralized operator model and Telegram's slow enforcement, making this a persistent threat with few available IoCs beyond unusual battery drain and unexplained financial transactions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F09%2Fsolarwinds_mystery_whd_attack%2F%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/JFv7I82MI07w8GAKgVkE7WLnsqu7JvllDv9630kl5t8=444">
<span>
<strong>Someone's attacking SolarWinds WHD to steal high-privilege credentials - but we don't know who or how (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unknown threat actors exploited vulnerable SolarWinds Web Help Desk instances in December 2025 to gain initial access, with Microsoft unable to confirm whether the attacks leveraged CVE-2025-40551 (9.8 CVSS deserialization RCE), CVE-2025-40536 (8.1 CVSS auth bypass), or CVE-2025-26399 (9.8 CVSS command execution). Post-exploitation activity included BITS abuse for payload delivery, installation of Zoho ManageEngine RMM for persistence, LSASS credential dumping via DLL sideloading, and DCSync attacks to extract domain controller password data. Organizations should immediately patch WHD, remove public access to admin paths, scan for unauthorized RMM tools such as ToolsIQ.exe, and rotate service and admin account credentials accessible from WHD.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.koi.ai%2Fblog%2Fclawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/uckl4EskoNOXsuSaVTHX54lUygwcvEwHngCDYn7SIIo=444">
<span>
<strong>ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Koi Security's threat hunting agent analyzed skills being offered on OpenClaw's ClawHub marketplace and discovered that 341/2857 of them were malicious. Most malicious extensions follow a similar pattern: the prerequisites instruct the agent to download and execute a file containing a malicious payload that installs the AMOS stealer. The post also highlights a few unique skills that download other payloads or hide their stealers and backdoors within the code itself.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fflare.io%2Flearn%2Fresources%2Fblog%2F33197%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/4P7hkzQy0BDecMMub74O8AUPBeypqUvZoSD-LxBPTT4=444">
<span>
<strong>The Ransomware Franchise Wars: How Falling Payments Are Spawning a New Generation of Cybercrime Cartels (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The collapses of Black Basta and LockBit have triggered a violent restructuring of the RaaS ecosystem, with new entrants like DragonForce operating as vertically integrated "cartels" that embed access broker marketplaces directly into affiliate panels, compressing the window between initial access and ransomware deployment to hours. A parallel commoditization of EDR evasion tools, including BYOVD-based killers exploiting a still-valid 2006 Microsoft-signed driver, has collapsed the barrier to entry so that even low-budget operators can defeat enterprise security stacks. Defenders should prioritize enabling Microsoft's opt-in Vulnerable Driver Blocklist, monitor access broker marketplaces for organizational exposure, and shift threat intelligence from tracking ransomware brands to tracking persistent infrastructure indicators like shared SSH fingerprints and certificate reuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ontinue.com%2Fresource%2Fvoidlink-dissecting-an-ai-generated-c2-implant%2F%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/SUa_zdnemj5hWlNclRQ2KjUPX0eGzTN4k6NBV12tBAw=444">
<span>
<strong>VoidLink: Dissecting an AI-Generated C2 Implant (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VoidLink is a Zig-based Linux C2 implant that bears strong indicators of LLM-generated code β including structured "Phase X:" labels, verbose debug logging, and documentation patterns left in the production binary β demonstrating how AI coding agents are lowering the barrier to producing functional, multi-cloud malware. The implant fingerprints AWS, GCP, Azure, Alibaba Cloud, and Tencent Cloud environments, harvests credentials from environment variables and metadata APIs, performs container escape via Docker/Kubernetes plugins, and deploys an adaptive kernel-level rootkit that selects eBPF, LKM, or LD_PRELOAD stealth based on host kernel version. Defenders should monitor for unauthorized cloud metadata API queries from workloads, audit Kubernetes service account token access, and treat verbose or structured debug artifacts in captured malware as potential indicators of AI-assisted development requiring adjusted threat modeling.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FS7Aet8/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/SDMtgvfTaRAqE_-sfov4DkZ2BX_X1NH3_RNzIY_1qpE=444">
<span>
<strong>When MFA Wasn't Enough: A Real AitM Incident Review (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers have shifted from credential theft to stealing authentication tokens for initial access. In one incident that the author observed, an attacker successfully stole an authentication token via an attacker-in-the-middle (AitM) Microsoft 365 proxy, but couldn't achieve their goals due to rapid detection and response. In a second incident, the attacker was unable to steal a token because the organization utilized FIDO2 security keys, so the authentication attempt through the AitM proxy failed.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FnANLQ2%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/cepffdli2guZKKsFxjn7-hbmBPWB2bzDMB3kPJuWw1o=444">
<span>
<strong>π How many dashboards is too many? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Every new monitoring tool, service, or "quick integration" adds another dashboard to the pileβand before you know it, you're spending more time switching between tools than actually building. With <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FnANLQ2/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/cjrGcbdLLFj_1s2ah-K7mcFuskOpL12VOZ4hoMHqXq4=444" rel="noopener noreferrer nofollow" target="_blank"><span>Microsoft Azure</span></a>, your entire stack lives in one workspace: infrastructure, data, AI, and more. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FnANLQ2/2/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/gvoJ0ut78I0xbwo46CSfizSlwrSU7dKQLpMsuZjI2Dw=444" rel="noopener noreferrer nofollow" target="_blank"><span>See how Azure brings it all together β</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcisco-ai-defense%2Fskill-scanner%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/aXQb_xgCATuLVBUf2Dt7NkEYJHElbuyvkcAbcgR1TW4=444">
<span>
<strong>Skill Scanner (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Skill Scanner is a security scanner for AI agent skills that detects prompt injection, data exfiltration, and malicious code patterns via a combination of pattern-based detections, LLM-as-a-judge, and behavioral data analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjenish-sojitra%2FJSAnalyzer%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/oMorHNULlGx96kXuhxMdbR0U8FHxvceWG29Du6AY4ME=444">
<span>
<strong>JSAnalyzer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JSAnalyzer is a Burp Suite extension for JavaScript static analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdatabricks%2Fcontainers%2Ftree%2Frelease-17.3-LTS%2Fubuntu%2Fblackice%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/o5hi4tX6YnqjfRdw-CB_2R2K_kzphggNSP6Nu3UJao4=444">
<span>
<strong>BlackIce (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
BlackIce is a containerized toolkit designed for red teaming AI models.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Func1069-targets-cryptocurrency-ai-social-engineering%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/PvDmpZAMGO7vw7xKxclbtnj9PYoRD0WPuEEODD6TE00=444">
<span>
<strong>UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant attributed an intrusion against a FinTech entity to UNC1069, a DPRK-nexus financially motivated threat actor that leveraged a compromised Telegram account, a spoofed Zoom meeting with a reported deepfake video, and a ClickFix attack to deploy seven malware families on a macOS device β including new tools SILENCELIFT, DEEPBREATH, and CHROMEPUSH. The attack chain progressed from the WAVESHAPER backdoor through the HYPERCALL downloader to deploy HIDDENCALL for hands-on keyboard access, while DEEPBREATH bypassed macOS TCC protections to steal Keychain credentials, browser data, and Telegram sessions, and CHROMEPUSH installed a malicious Chrome extension for keylogging and cookie theft. The investigation highlights UNC1069's expanding use of GenAI tools like Gemini and GPT-4o for social engineering, alongside a significant tooling refresh targeting cryptocurrency startups, software developers, and venture capital firms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fmicrosoft%2Fmicrosoft-rolls-out-new-secure-boot-certificates-before-june-expiration%2F%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/N5j3dspcUfy5G03u0vkUnCY1Gi-hPagrmfOi3rS8cE0=444">
<span>
<strong>Microsoft Rolls Out New Secure Boot Certificates Before June Expiration (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The certificates that Microsoft uses for Secure Boot are set to expire in June 2026 after 15 years of use. Users who have automatic updates enabled will receive the new updates automatically. Admins can deploy the new certificates via registry keys, Group Policy, or Windows Configuration System (WinCS). Windows 10 users who are not enrolled in extended security updates will not receive the new certificates.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F02%2Freynolds-ransomware-embeds-byovd-driver.html%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/yb6fzes9qz9PUd374JxdZRLsxgYyr5x6BEBplfxmvBk=444">
<span>
<strong>Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reynolds ransomware bundles a vulnerable NsecSoft NSecKrnl driver (CVE-2025-68947, CVSS 5.7) directly in its payload to terminate EDR processes from CrowdStrike, Sophos, Symantec, Palo Alto Cortex XDR, and Avast before encrypting files, eliminating the need for a separate BYOVD deployment step. Symantec and Carbon Black researchers noted a suspicious side-loaded loader on the target network weeks before ransomware execution, followed by deployment of the GotoHTTP remote access tool for persistent access. The article also covers broader ransomware developments, including LockBit 5.0's shift to ChaCha20 encryption with wiper capabilities, Interlock's use of a gaming driver zero-day (CVE-2025-61155) for BYOVD attacks, and ransomware actors increasingly targeting misconfigured AWS S3 buckets.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fpride-month-phishing-employees-trusted-email-services%2F%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/JXOZuyJieeAlVnHOryOWqQtR2fPMGqs15bRJhg6vHDA=444">
<span>
<strong>Pride Month Phishing Targets Employees via Trusted Email Services (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A phishing campaign leveraging Pride Month and diversity themes has expanded from 504 to 4,768 targeted organisations across multiple countries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cisa.gov%2Fnews-events%2Fnews%2Fcisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/s56KB_cyM00TmxqOt8JZThBXfOfcFW5EHM6y5SToWxM=444">
<span>
<strong>CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
"Barriers to Secure OT Communications: Why Johnny Can't Authenticate" is a guide that addresses the cost, complexity, latency, and interoperability barriers preventing critical infrastructure operators from adopting secure industrial protocols.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fivanti-zero-day-vulnerabilities-netherlands-european-commission-shadowserver%2F%3Futm_source=tldrinfosec/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/8xKqL5LW02hgq-wCc9YMEgoVNe0y0jbg_THvGythoU4=444">
<span>
<strong>Fallout from latest Ivanti zero-days spreads to nearly 100 victims (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Exploitation of Ivanti EPMM zero-days CVE-2026-1281 and CVE-2026-1340 (both CVSS 9.8) has reached 86 confirmed compromised instances.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/Cc6CjupGS0E3OZ3pj8iaY9eNiJaBW6KqoB7pKFub7qU=444" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/VqnL5xjGvdTP-biLMvcbSQ0DOJLwmoug_Hp0OGfgawM=444" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/7ihbnS7nwKpOqS-IhKFN4TuvUWmaiSS-7KMEsCvuDAM=444"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/fGvlp11Yg5Q81VK86ODIxOFGTmZKypZzgTS_QbN1AgM=444" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/KlFyaoZBxhNaC7wjWXRTvb880kQlLJFuYwreKnKch1s=444" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/G4NNu13PmZz3UF1BPX2FG9LjlI95dpvHYcCK-XD774E=444" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/eruKPFdBaY0umzf1z2RyHcrzw8tvXaq4KaHLOq52Wag=444"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/tWAC1LX3GyMipDvkPmIF8ZzXT0TOHtzHIfiPRoSFH2w=444"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/C0Jb8Us3YBKsUZqZakVVQxESdWBxEABPnpZwXYeoV3M=444"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/In_XMGdk242wP1nz8r26nTteygpMHCikgDPKCbtvgA0=444">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e5a935d2-07d7-11f1-8f64-6d9d59627f52%26pt=campaign%26pv=4%26spa=1770904968%26t=1770905302%26s=dd33ba0307017529f59e18e407b3296e5e745db1dbae3c7cd945f70dcd2d4195/1/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/DFQaDFVAXS9yGZX74xUJNVuNSqIkppXUKb-Df8fURyk=444">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c522e785c-4e0bbad5-90fc-44ef-831b-4a2e0950496d-000000/fuWNadQZWHY7dWfKgKYzFHHOXyWxD1yCc7eeBggBuEE=444" style="display: none; width: 1px; height: 1px;">
</body></html>