<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A single-character typo in a SpiderMonkey Wasm GC array refactoring commit introduced a use-after-free vulnerability in Firefox's renderer process β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/4Qd1OQ7m0XdZms98r2s2bnllngdFFPJX8IbppITy9vE=445" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/ZAxEZFRdurfln5dRWq55YSAU8Gko2cRh11GGcKx6Cck=445" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=eec0802a-0c8d-11f1-b27c-29d3e9115885%26pt=campaign%26t=1771423723%26s=4e86aeddb7becdba0d126dd45fc8eba6e47a8fab1291faed66aa7ae7a6a795c0/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/_yoWGVtlHriryk1mnbhGStuMPknmBF7O3cxcprqon4s=445"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week1/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/FVJuLyN84v_bsbHtSIudTsmEpSTKj1OhoTbf7YZnKjE=445"><img src="https://images.tldr.tech/illumio.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Illumio"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-18</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week1/2/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/G4fBAYyYUWcNKj32XsI9fruwnSJyzbthsqsPF7x3O5Q=445">
<span>
<strong>Your Breach Started in AWS. Spread to Azure. Exfiltrated From GCP and headed to your private data center. And you're still logging Into 3 Consoles (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers don't respect cloud boundaries β they pivot across your AWS, Azure, and GCP environments in minutes. <strong>That's because your security tools are still siloed by cloud providers.</strong> <p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week1/3/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/KngumSinuSJLVRSwD0R9jYJCEs5OKx7sfTIVEvGrDB4=445" rel="noopener noreferrer nofollow" target="_blank"><span>Illumio Insights</span></a> shows the complete attack path across all your clouds: </p>
<ul>
<li>One map for everything. See cross-cloud lateral movement in real-time, not pieced together days later. </li>
<li>Detect when dev in AWS talks to prod in Azure over unauthorized protocols. </li>
<li>Find the servers you didn't know existed (such as acquisitions, shadow IT, forgotten test environments). </li>
<li>Stop multi-cloud attacks at the first hop and quarantine before they pivot on to another cloud environment. </li>
</ul>
<p>Your SOC stops hunting across consoles. And your attackers stop getting multiple chances to succeed. </p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.illumio.com%2Finsights-free-trial%3Futm_source=tldr%26utm_medium=newsletter%26utm_adgroup=insights_week1/4/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/Tqx4Hotejxn2JaubERwba3_ZfrJj3iBS-bCjmMueQAc=445" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Start a free Insights 14-day trial to get unified visibility across every cloud.</strong> β </span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwts.dev%2Fposts%2Fchatgpt-atlas-bug%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/9nphbXYBRfnAJgHTcjCNG_ogC9LXK8YKZK9zcz3NMgg=445">
<span>
<strong>How I "hacked" ChatGPT Atlas... and why it wasn't patched (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A researcher discovered that ChatGPT Atlas's OWL architecture allows local attackers to replace the headless Chromium "OWL Host" with a malicious app, inheriting Atlas's macOS TCC privileges to silently access the microphone, camera, or other permissions previously granted by the user. OpenAI declined to patch the bug, citing Chrome's threat model, which excludes local attacksβa stance inherited downstream by Electron and Chromium forks that the researcher argues leaves macOS users fundamentally less secure. The unpatched vulnerability highlights a growing tension between Chrome's threat-model assumptions and macOS's TCC permission system, in which confused deputy attacks can bypass OS-level consent controls without user awareness.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F02%2F13%2Findias-major-pharmacy-chain-exposed-customer-data-and-internal-systems%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/WZYLyzDJ7dR3CZEDgCbneGtjhJnXB2sh4CtlFtcp3Uc=445">
<span>
<strong>Indian pharmacy chain giant exposed customer data and internal systems (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A misconfigured βsuper adminβ interface at DavaIndia Pharmacy, part of Zota Healthcare, allowed anyone to create high-privilege accounts and access data on nearly 17,000 online orders across 883 stores, including names, contacts, addresses, and purchased medicines. Attackers could have altered pricing, discounts, and prescription requirements before the flaw, reported to CERT-In in August 2025, was quietly fixed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkqx.io%2Fpost%2Ffirefox0day%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/uvttgyIbXD_VjnXZE9DruQt6V_LGzhpwUAQ96kT_V5E=445">
<span>
<strong>How a single typo led to RCE in Firefox (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A single-character typo (using `&` instead of `|`) in a SpiderMonkey Wasm GC array refactoring commit introduced a use-after-free vulnerability in Firefox's renderer process, enabling arbitrary read/write primitives and full code execution. The bug caused out-of-line array forwarding pointers to be incorrectly zeroed during garbage collection, allowing attackers to reclaim freed memory via heap spraying, bypass ASLR through pointer leaks, and hijack control flow. The vulnerability affected only Firefox 149 Nightly and was patched within six days of the report. No release versions were affected.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FoIQ3uE/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/McOa638j1whp71zOjZAIxQW7WXUqkx-cQ1fqsyQUyck=445">
<span>
<strong>Inside Bashe: The Interview with the Ransomware Group Known as APT73 (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bashe (formerly APT73) is a RaaS group rebranded around a Chinese mythological serpent identity. It operates with a 0.25 BTC affiliate entry fee as both a monetization and anti-infiltration measure, and collaborates with initial access brokers and disgruntled corporate insiders. The group claims full-stack encryption, EDR bypass capabilities, and centralized control over negotiation panels and data publication timers, while excluding healthcare, schools, and CIS countries from targeting. This pattern is consistent with norms in the Russian-speaking ransomware ecosystem. Their deliberate vagueness on technical specifics such as key management architecture, combined with profit-first rhetoric and a shifting geographic focus toward countries with higher payment rates, provides useful threat intelligence for defenders modeling RaaS operator behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmatheuzsecurity.github.io%2Fhacking%2Febpf-security-tools-hacking%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/kGHhLDbWj4NRbgOaAQ0rU-itxtGtEh7mARn2HW4eaB0=445">
<span>
<strong>Breaking eBPF Security: How Kernel Rootkits Blind Observability Tools (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Research has shown that kernel rootkits can systematically blind eBPF-based security tools by using ftrace to hook the data-delivery plumbing, BPF iterators, ring buffers, perf events, and map operations, rather than targeting the eBPF programs themselves. The Singularity rootkit selectively filters hidden processes and network connections at the kernel-to-userspace boundary, causing security tools to operate on a fabricated view of system state while believing they have complete visibility. The findings underscore that eBPF observability assumes a trusted kernel, and defenders must prioritize preventing kernel compromise through Secure Boot, signed module enforcement, and layered out-of-host detection rather than relying solely on kernel-level telemetry.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.lasso.security%2Fblog%2Fprompt-injection-taxonomy-techniques%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/iGuRHkY5NOoQg7zwmlsT0ftf4n7SvS3001_nAKtsXD0=445">
<span>
<strong>A Standardization Guide to Prompt Injection (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lasso proposes a structured taxonomy for prompt injection, distinguishing between attacker intent (system prompt leakage vs. jailbreak) and text-based techniques, including instruction override, role-playing, and others. Each category includes concrete subtypes and examples to help practitioners more reliably detect, reason about, and defend against modern LLM prompt attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDFy9Le%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/7wuODDxCWOga11PRyEI7nVk__EMhcZVpPQ-DYC9Fv1A=445">
<span>
<strong>π§ββοΈ Peace of mind in every sprint (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Writing code can be stressfulβbut not half as stressful as a surprise security meltdown. Inject optimism and calm into the developer scrum with <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDFy9Le/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/R5F-1bQE3lNldkZ5Qfep-VDlTgsSJCAEUp2pbs--hQo=445" rel="noopener noreferrer nofollow" target="_blank"><span>Microsoft Azure</span></a>. Unified security across code and cloud environments and built-in DDoS protection mean you've got less cause for concernβand a clear mind for innovation. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDFy9Le/2/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/HNSQG4fIxV51aCha-kfm3cl8lrwmxMgauCrXKZY2EMA=445" rel="noopener noreferrer nofollow" target="_blank"><span>Help secure your apps with Azure ></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FWhitecat18%2FLazyDLLSideload%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/1FRXwnAVROSP20X98f9dI_LVSboiCP_Z4FqOzU8GSB4=445">
<span>
<strong>LazyDLLSideload (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LazyDLLSideload is a Rust-based tool for generating DLL proxy and sideload projects for red team engagements, automatically parsing PE export tables and producing ready-to-compile implants with payload embedding, string obfuscation, and dynamic invocation via dyncvoke. It supports two modes: sideload (pure DLL replacement with stub exports) and proxy (forwarding calls to the renamed original DLL while intercepting a specified function), with optional native syscall execution via NtCreateThreadEx for improved OPSEC.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjusot99%2Fpwnhub%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/ZHpQ0uACcxbXpACtokawZmwoqLUn6H8hG_14RJSEYLE=445">
<span>
<strong>Pwnhub (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Handβcurated offensive security toolkit, scripts, and writeups for ethical hackers, pentesters, and IT pros eager to level up.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vulncheck.com%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/w90lN9K5iziiIiM7t04PrqK2wF7jfibNhGkO0HQj0cs=445">
<span>
<strong>Vulncheck (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VulnCheck provides a vulnerability intelligence platform that tracks vulnerability lifecycles and active exploitation, monitoring exploit code and payloads so security teams can identify, prioritize, and patch the CVEs that pose the most immediate, real-world risk.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.fireblocks.com%2Freport%2Fthe-fireblocks-defense-in-depth-approach-to-security%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/KSL_OdADBmus_-XkP0BrmkXJ2DY_39VEzvj0kwsTfC4=445">
<span>
<strong>Securing Digital Assets in an Evolving Threat Landscape: The Fireblocks Defense-in-Depth Approach to Security (29 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fireblocks published a comprehensive whitepaper detailing the blockchain threat landscape, where over $17 billion in cryptocurrency has been stolen since 2020, with DPRK-linked actors accounting for approximately $6.75 billion and three-quarters of all attacks on crypto platforms. The paper outlines a defense-in-depth architecture combining zero-trust infrastructure, MPC-based distributed key management, multi-device transaction approval, and real-time DeFi threat detection to mitigate attack vectors, including spear phishing, API compromise, blind signing, and address poisoning. Security teams managing digital assets should evaluate their own controls against the included readiness assessment, particularly ensuring no single compromised component β whether an endpoint, admin account, or cloud environment β can enable unauthorized fund movement.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F5eJqyT/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/gkr1os2_8MXMkO2W42OlgP3hQZDAyPc2icdpXYr_XmY=445">
<span>
<strong>Hackers Offer to Sell Millions of Eurail User Records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers claim to have stolen 1.3 TB of data from Eurail's AWS S3, Zendesk, and GitLab, including source code, support tickets, and database backups with personal data on potentially millions of Eurail and Interrail customers. Exposed fields range from contact and passport details to health and bank data for DiscoverEU travelers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F02%2Finfostealer-steals-openclaw-ai-agent.html%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/wG5Kr4skmCrBPJ0z0wX5rg3tbsd17jWEPqrk7u4IDq0=445">
<span>
<strong>Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An infostealer, likely a Vidar variant, exfiltrated OpenClaw config files containing gateway tokens, device keys, and an AI agent βsoul,β enabling remote access and identity hijacking. Meanwhile, malicious ClawHub skills, exposed OpenClaw instances with RCE potential, and persistent Moltbook accounts are growing attacker interest as OpenClaw's ecosystem rapidly scales.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=d127516f-842c-4119-8b3d-7315bcfc3d71%26sc_channel=el%26utm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/Ke7BO6B-8TkuSaTa3jjIA-jr7cVweL5OPEnbXqrnVtI=445">
<span>
<strong>Hands-on security tutorials for AWS builders (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Explore how you can deploy modern security patterns with <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fmarketplace%2Fbuild-learn%2Fsecurity%3Ftrk=d127516f-842c-4119-8b3d-7315bcfc3d71%26sc_channel=el/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/kU40FBifi0jhjOt7le3pqUAMDUUzbmFwJvufqksA9G4=445" rel="noopener noreferrer nofollow" target="_blank"><span>step-by-step tutorials</span></a> from AWS. Not compliance checklistsβactual implementation guides you can follow.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F188039%2Fhacking%2Fmicrosoft-alerts-on-dns-based-clickfix-variant-delivering-malware-via-nslookup.html%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/Non_OXS6UM0dls5t-zRhwghnwhcg_jW5ozp-yJ6OSFk=445">
<span>
<strong>Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
There is a new ClickFix variant that uses nslookup commands via the Windows Run dialog to retrieve and execute second-stage payloads through DNS, ultimately deploying the Python-based ModeloRAT remote access trojan.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fcisa-orders-feds-to-patch-beyondtrust-flaw-within-three-days%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/XAuXtp_cyuxJ1UP4bNa1WUi5wHbcNnNnLd-Z0h283W4=445">
<span>
<strong>CISA gives feds 3 days to patch actively exploited BeyondTrust flaw (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA added BeyondTrust's actively exploited OS command-injection flaw (CVE-2026-1731) to its KEV catalog, ordering federal agencies to patch Remote Support and Privileged Remote Access instances by February 16, as approximately 8,500 on-premises deployments remain exposed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Flegal%2Fspain-orders-nordvpn-and-protonvpn-to-block-laliga-stream-piracy%2F%3Futm_source=tldrinfosec/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/mJ9EC6D5Rr6_6YBC37A1DmSoubBoDqZdI4QkyaJ26-U=445">
<span>
<strong>Spain orders NordVPN and ProtonVPN to block LaLiga stream piracy (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Spanish court ordered NordVPN and ProtonVPN to block 16 piracy websites under the EU Digital Services Regulation, with both providers contesting the ruling as procedurally invalid since neither was notified or given the opportunity to defend themselves.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/inpb6CxH-omSn4B89huvvN6UFnAYP2gTHXH0i0j5T8c=445" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/mccHlQ8lJ4pwe5nCAHEIEWCqNbwhKeaiuxhMamVE-io=445" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/RNl3UR-LfGtlMbMBB0zKk9Z3Ye5moWzVKK7Nw6zlPpw=445"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/_YAlilycuxiJJeSVVL_c6rJ2Y4D_wZ8hKOdn4VZJ5do=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/O5kz-39zZVW0IU9SfyQWFCIitk-8jPYm97w8UB4o7BI=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/dq1pVC-lzC-tExX_-1UtZppTfYWKZqIm4WO_M00yjHM=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/vNNrNV7oo3O72W_nFK4O_v3WvuIwMCMFHQtRftAZCSU=445"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/p6NoMdX-cKC2KtoWsU7z_RKlYlpm9g1TBQOZwfEa1E8=445"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/r_Rrg3owBMCDOIApgaRn0PfTGYE-v2txiTEUofc5Te4=445"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/5-6UtJ8xNE0qV-UgHMo8KEBuHkoS8_TEJZXRWWo_wLk=445">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=eec0802a-0c8d-11f1-b27c-29d3e9115885%26pt=campaign%26pv=4%26spa=1771423407%26t=1771423723%26s=1f4387406eccc78fcc60818b737e2b0da3c431fe6f8ab88a079ff34ee981fbfd/1/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/DqMwNL49py9WIBq3ZnSz53If68a69CxHtdGeQyOVHkk=445">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c7114f18b-7b653fae-bd24-4e1a-a772-d6605a48b497-000000/iYXn6P_UGpQ0ceAAV2fPz8OxtGtZx0JSESjRjYhAEVs=445" style="display: none; width: 1px; height: 1px;">
</body></html>