<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Google patched CVE-2026-2441, a vulnerability in Chrome's CSS engine actively exploited in the wild, marking the first Chrome zero-day of 2026 β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/fSjAYl1oP3MXD1mCw6OubTmanwgJGVbWxJQnuwylrvk=445" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/qT8I7YitN_DtUiK1sAEUriVR5s3ctFN0y1QjWKuiIKc=445" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=17a7cd4a-0bd5-11f1-bfe6-9fe9e3fc50f1%26pt=campaign%26t=1771337205%26s=124730b17c03c75b3b685c0624b0292956bcb4de0b8107fe1e967ba8adc40afb/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/NVK-2vJ2xZH-OJnw6yq6OPeYKZxNnZ3PGeW-r3a882M=445"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=021326/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/7qgLP9dHhLQV0ilAidAW742W3Ps-luCuFQKjwcmJsLQ=445"><img src="https://images.tldr.tech/bitwarden.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Bitwarden"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=021326/2/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/YrizqcLkG0PtBBhKIpYHU6UYZa1PZdLjPe9QY7lNTJg=445">
<span>
<strong>Do you know how your employees are sharing your company's sensitive information? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bitwarden surveyed 2,000+ community members about what they'd never share with generative AI tools:<p></p><ul><li>81% - Passwords or authentication data</li><li>55% - Confidential business data</li><li>52% - Financial information</li></ul><p>Your team handles all three daily and AI tools are everywhere. They need secure alternatives for managing and sharing business data.</p><p>Bitwarden password manager gives teams a secure place to store and share passwords, credit cards, and other sensitive information, with zero-knowledge encryption and trusted open source transparency. Recommended by IT leaders, loved by employees.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fbusiness-password-manager%2Ftldr%2F%3Futm_campaign=34103600-TLDR%25202026%26utm_source=tldr_infosec%26utm_medium=email%26utm_content=021326/3/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/kSq1s4oK0V4fCPPli2JYQT4Z9Z2mMihOQC0unA7WMn8=445" rel="noopener noreferrer" target="_blank"><span>Try Bitwarden Free Today</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4132296%2Fresearchers-unearth-30-year-old-vulnerability-in-libpng-library.html%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/XGQdt8D9tieivg1hY63IErHRGu6DinPamkIZ3P0DAUI=445">
<span>
<strong>Researchers unearth 30-year-old vulnerability in libpng library (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A heap buffer overflow (CVE-2026-25646, CVSS 8.3) in the libpng library, present since its inception nearly 30 years ago, has been patched in version 1.6.55. The flaw lies in the png_set_quantize function, which is used to reduce color in PNG images. Exploitation requires careful heap grooming and crafted-but-valid PNG files, potentially leading to crashes, information leakage, or remote code execution on unpatched systems that use the widely bundled Linux/Unix library. Although the rarely used vulnerable function lowers practical severity, security experts warn that AI-powered bug-hunting tools are accelerating the discovery of similar dormant vulnerabilities across open-source libraries, increasing the risk of threat-actor exploitation before coordinated disclosure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fchocapikk.com%2Fposts%2F2026%2Flightllm-pickle-rce%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/y949kFS3KvoDhKPztPSn1HcCGQP4oz-Ke09GjGDlPU4=445">
<span>
<strong>LightLLM: Unauthenticated RCE via Pickle Deserialization in WebSocket Endpoints (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical unauthenticated RCE vulnerability (CVE-2026-26220, CVSS 9.3) has been revealed in LightLLM, a widely used LLM inference engine with 3,890 GitHub stars. The flaw involves WebSocket endpoints in the prefill-decode disaggregation system calling pickle.loads() on unauthenticated binary frames, and the server code explicitly disallows binding to localhost, exposing the server to network threats by design. This vulnerability mirrors CVE-2025-32444 (CVSS 10.0) in vLLM and underscores a broader issue of insecure deserialization across ML inference frameworks, as disaggregated serving architectures create additional attack surfaces between nodes. Organizations using LightLLM in PD mode should immediately restrict network access to WebSocket endpoints, as the maintainers have largely ignored security reports for nearly a year without providing a fix.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F02%2Fnew-chrome-zero-day-cve-2026-2441-under.html%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/MkzSuc9pVrledrvr0rBV3UVcq81CN8BcONF9udNb550=445">
<span>
<strong>New Chrome Zero-Day (CVE-2026-2441) Under Active Attack β Patch Released (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google patched CVE-2026-2441 (CVSS 8.8), a use-after-free vulnerability in Chrome's CSS engine actively exploited in the wild, marking the first Chrome zero-day of 2026. The flaw allowed remote attackers to execute arbitrary code inside a sandbox via crafted HTML pages in versions prior to 145.0.7632.75. Users should immediately update Chrome on all platforms, and organizations using Chromium-based browsers such as Edge, Brave, Opera, and Vivaldi should apply fixes as they become available.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberandramen.net%2F2026%2F02%2F16%2Ftracking-digitstealer-how-operator-patterns-exposed-c2-infrastructure%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/1R-v-EgiHqgcY4QBUIncOsDNTcTCA_M91G7moHYrUS4=445">
<span>
<strong>Tracking DigitStealer: How Operator Patterns Exposed C2 Infrastructure (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An infrastructure analysis of DigitStealer, a macOS infostealer targeting 18 cryptocurrency wallets and Apple M2 devices, revealed that the operator's consistent use of a single Swedish ASN (ab stract ltd), Tucows domain registration, Njalla nameservers, and identical OpenSSH versions created a fingerprint that enabled clustering of previously unreported C2 domains. The malware operates as a persistent backdoor via Launch Agent, polling C2 endpoints every 10 seconds and using a cryptographic challenge-response mechanism for anti-analysis, while communicating over four distinct API endpoints for credential theft, file exfiltration, and command execution. The infrastructure uniformity strongly suggests a closed, single-operator campaign rather than a MaaS model β a reminder that when threat actors prioritize efficiency over operational security, defenders can exploit these patterns to proactively identify and burn C2 assets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.philvenables.com%2Fpost%2Fthe-ciso-s-craft-watchmaker-or-gardener%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/fw6aM99gSdyYB8D8a-fk1DJZFKcinMZ3aGT5VmAP4bQ=445">
<span>
<strong>The CISO's Craft: Watchmaker or Gardener? (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post examines two distinct models of CISO leadership: the Watchmaker, which focuses on precision, strict controls, and auditability, and the Gardener, which promotes an adaptable security culture, team empowerment, and organizational resilience. The Watchmaker style works well in regulated settings but can lead to rigidity and burnout. In contrast, the Gardener encourages shared responsibility but depends on high organizational trust and long-term cultural commitment. The most successful CISOs combine elements of bothβbuilding strong foundational controls while fostering an adaptable security environment that evolves with emerging threats.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.kaspersky.com%2Fblog%2Fmoltbot-enterprise-risk-management%2F55317%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/o6SD94zdIxVQX0UoVue5gV5J3oIya8OKzsX4TlE-s-A=445">
<span>
<strong>Key OpenClaw risks, Clawdbot, Moltbot (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenClaw, previously known as Clawdbot, is a viral open-source AI assistant flagged as a major insider threat due to security flaws such as CVE-2026-25253 (CVSS score 8.8), insecure defaults (e.g., disabled authentication), plaintext secret storage, and a malicious skills ecosystem targeted by infostealers such as RedLine and AMOS. Its design includes privileged host access, exposure to untrusted data, and external communication capabilities. Organizations should detect OpenClaw through specific file paths, network signatures, and unusual OAuth activity, while reducing shadow AI risks with application allowlisting, least-privilege policies, isolated deployments, and transparent usage policies with staff training.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.haproxy.com%2Fblog%2Freact2shell-cve-2025-55182-mitigation-haproxy%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=Newsletter%2Bsponsorship%26utm_id=TLDR%2Bnewsletter%26utm_term=react2shell/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/DcjTI9pqvCCxM8xhbKEFDdo40uhEnovYqzANkTL-Q1Y=445">
<span>
<strong>Zero-Day Blocked: How HAProxy One Shielded Against React2Shell (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Traditional WAFs react too late. HAProxy One's advanced machine learning and global edge threat intelligence proactively shielded customers from zero-day threats like React2Shell, detecting the attack at the edge before a patch was available without impacting latency. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.haproxy.com%2Fblog%2Freact2shell-cve-2025-55182-mitigation-haproxy%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=Newsletter%2Bsponsorship%26utm_id=TLDR%2Bnewsletter%26utm_term=react2shell/2/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/6nYS58Zqy7rgpQfTfDHVA1kJ4mJ6305a2N7rW1ZbszQ=445" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See how HAProxy protected customers from react2shell.</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fawesome-foundation%2Faws-config-d%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/wvyRGUvpWmgYM1IOcn8yLg3dtglMJt3p1I5K6nLNVa4=445">
<span>
<strong>aws-config-d (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
aws-config-d splits the monolithic ~/.aws/config file into per-organization files under a config.d/ directory, automatically concatenating them via a shell hook on session start β useful for security teams and consultants managing SSO profiles across multiple AWS organizations. The tool includes SHA-256 drift detection that warns when external changes (such as aws configure sso) modify the config outside the managed workflow, preventing silent overwrites of carefully scoped access configurations. It supports bash, zsh, and fish with zero dependencies and ships with 42 containerized tests covering rebuild triggers, migration, and idempotency.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.kasada.io%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/9DM8DZbCIqTylLCLUPEQBwcFQeEEcWSoc9gO9e0sMPw=445">
<span>
<strong>Kasada (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kasada is a cloud-based anti-bot security platform that protects websites, APIs, and mobile apps from malicious automated traffic such as scraping, credential stuffing, account takeover, and online fraud using adaptive, invisible bot detection instead of CAPTCHAs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdwisiswant0%2Fsandboxec%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/LQqZ46uOufG5fqacXaxNhfbqllQ9lCA1E2ctw40c-xY=445">
<span>
<strong>Sandboxexec (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A lightweight command sandbox for Linux, secure-by-default, built on Landlock. Use it to run risky commands with a tighter blast radius: third-party CLIs, untrusted scripts, generated code, and one-off tooling.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FY6J73q/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/NcKmr5S9hC6GvnHdoCxdtBnv-UXutuGGrohwP-yDAZE=445">
<span>
<strong>Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ring has canceled a planned integration with Flock Safety after public backlash over a Super Bowl ad featuring AI-powered neighborhood tracking and broader concerns about a βdystopianβ surveillance ecosystem. The integration never launched, so no customer footage was shared. The controversy amplified scrutiny of Ring's facial recognition features and Flock's vast license-plate tracking network amid mounting privacy and civil liberties criticism.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F16%2Fdutch_cops_breach%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/-9RCfRe8ujFd3siqSvr1NMVOEQSmja5PADxAcV3KgRI=445">
<span>
<strong>Dutch cops arrest man after sending him confidential files by mistake (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch police accidentally gave a Ridderkerk man access to confidential documents by sending a download instead of an upload link, then arrested him for refusing to delete them without compensation. Officers seized his devices, reported a data breach, and charged him with unauthorized access.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FXbmuOE/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/Kh_1khsXqWH9B9W8PJ_jz31onV0aZbWdBR6SPttlfrQ=445">
<span>
<strong>260K+ Chrome Users Duped by Fake AI Browser Extensions (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
More than 30 lookalike Chrome extensions posing as AI assistants have siphoned email, browser data, and sensitive inputs from over 260,000 users, including corporate environments. Attackers embed a full-screen iframe that proxies real LLM APIs while exfiltrating content and API keys, evading Chrome Web Store review due to minimal local permissions and off-platform malicious logic.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwinbuzzer.com%2F2026%2F02%2F14%2Fmicrosoft-blocks-credential-autofill-windows-hello-flaw-cve-2026-20804-xcxwbn%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/3RQ8dEvl5QP4dU8tS8dMS3Rrbo0WRyEtPSrfGd4V_Sg=445">
<span>
<strong>Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's February 2026 Patch Tuesday blocked credential autofill in Windows 11 remote desktop and screen-sharing tools to address CVE-2026-20804, a Windows Hello tampering flaw demonstrated at Black Hat 2025 that allowed attackers to inject biometric data and bypass authentication without detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fskillaudit.sh%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/Uf59qdTYm1xUR8aFZK9w5Nf96vnoI5bBvRvMjNkcBOw=445">
<span>
<strong>SkillAudit (Web App)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Paste a repo, and get an instant report on the vulnerabilities of the skill files.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Foperation-doppelbrand-trusted%2F%3Futm_source=tldrinfosec/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/qH1V7iMzHakYwhnAV7Q9cd7b6RVS5G4zmCZIGlLEPFE=445">
<span>
<strong>Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Operation DoppelBrand is a GS7-run phishing operation that abuses lookalike domains and cloned portals of major US banks, insurers, and tech firms to steal credentials and device data, then pipe them into Telegram for triage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/50ZGxzLiJ62Yazvv54okD-eMwVzBVJxPG5JfVys_2D8=445" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/hgV1M1u3jDOMaoxCD1v58in_mQvAWSK_dcCBS4MUxQs=445" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/QdkKkBtItwTHnBMOrpoi1ugJD-I-Oj47wHV6scDrAm4=445"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/3DUXKWpOKbcNZEgOJK5kFua8-ayND7L5iyb_6nIBymk=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/O-jxvIr4uHBaOwsZWkV33ZWSPI9PBkEWhFNkW5-pZps=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/PMLbyL5PENoExFSvCIkLzYf92wGXWmD0GmpSOhR8qfo=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/n4j2r4S4Gdwi7C2MJlVyrdY_4ATz66oCAmZTfl5GpoI=445"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/ORQDPX1AvPv7Q3EUyBHghXiXaHmaKGEIw5gsWBb6XL0=445"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/UltLpim1IUxwnAvnVQZG3XrtAsPDIalozHb8KKc7PRU=445"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/k_6LPWxzwHz10G2kSOn1IZaTqMUOZALY53Ta4zlTMOw=445">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=17a7cd4a-0bd5-11f1-bfe6-9fe9e3fc50f1%26pt=campaign%26pv=4%26spa=1771336885%26t=1771337205%26s=9837cccd2cb2c304ae20d98a4ad4a4edff590ce7ca64ddc4c2804f45270886b5/1/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/AMsePLfKRkaT8yi97RGA7rre6V8eCBd2TGU7HgsKOxo=445">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c6becc772-d96ab363-034e-4d1a-9742-034b49c0599a-000000/CwIwXh7HGS-CXHddWd8q7ouBTo4YGnmS9AVO3aV6hY4=445" style="display: none; width: 1px; height: 1px;">
</body></html>