<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Keenadu is a firmware-level Android malware embedded via supply chain compromise that hijacks Android's Zygote process to inject itself β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/3OPN8IDkdGb7pVHp-m_oXjxXVS5-7KspTREyrdX9Gf0=445" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/s4Hab923iShq26MrPjmNBUFOlTnq29qRKvcU2rpNpSE=445" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a58f68f0-0d5d-11f1-86d6-07697c2a729d%26pt=campaign%26t=1771510105%26s=44dbb7399a29a5d8bf3ff208322d4690a332174a133155cf69a9c172c8337912/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/Qx1jMtSpBSAnJ-i1CyD4VxbGpOOs8CT0mq24e5BeMas=445"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2FBloodHoundScentry%2F%3Futm_medium=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000fX3h6%26source=Ad%2520-%2520Media%2520Sponsorship/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/SLqnZih11fwuYBpmG62wkRjKWfLCQsJT-lUAAUB25bM=445"><img src="https://images.tldr.tech/specterops.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="SpecterOps"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-02-19</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2FBloodHoundScentry%2F%3Futm_medium=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000fX3h6%26source=Ad%2520-%2520Media%2520Sponsorship/2/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/9zdyXjFSu0B4tf4-8XdSmfeQRiKaUT6t71k1ciM01FA=445">
<span>
<strong>BloodHound Scentry β Identity Attack Path Management, Operationalized (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers don't go through your tools β they go around them, chaining identity relationships to reach critical assets.<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2FBloodHoundScentry%2F%3Futm_medium=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000fX3h6%26source=Ad%2520-%2520Media%2520Sponsorship/3/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/dmxDkKD3gqTnNck_oRcPc0BL6Oh8Up-jCkjrRtKjubU=445" rel="noopener noreferrer nofollow" target="_blank"><span><strong>BloodHound Scentry</strong></span></a> pairs the BloodHound platform with SpecterOps experts to continuously identify and disrupt identity attack paths across on-prem, cloud, and hybrid environments.</p>
<p>White glove implementation. Privilege Zone configuration. Ongoing graph analysis. Structured remediation planning.</p>
<p>This isn't more alerts. It's operationalized Identity APM.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2FBloodHoundScentry%2F%3Futm_medium=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000fX3h6%26source=Ad%2520-%2520Media%2520Sponsorship/4/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/UM2Z0BFOoEUUyAGJHhTga8GVD9w3V7iR6kiZX3PybUc=445" rel="noopener noreferrer nofollow" target="_blank"><span>Learn about BloodHound Scentry</span></a>.
<br><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fnews%2Fspecterops-launches-bloodhound-scentry-to-accelerate-the-practice-of-identity-attack-path-management%2F%3Futm_medium=Advertisement%26utm_source=TLDR%26Latest_Campaign=701Uw00000fX3h6%26source=Ad%2520-%2520Media%2520Sponsorship/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/n80qp7hR6I9CmYNsnE4QDc_-AtJC_z54Vl4MKm5e1Qc=445" rel="noopener noreferrer nofollow" target="_blank"><span>Read the Press Release</span></a>.
<br><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F43zK4m/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/r_oj_xqZ4Z4Ijw7qg8lKr9mZnmV7TVee1E9YwG0rf1E=445" rel="noopener noreferrer nofollow" target="_blank"><span>Register for the Feb 19 Scentry Webinar.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FAzF0rJ/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/EZft2pp4LFy3hHmWFOq8c9mPc-_8LRHJeBWWHyJ-I1Q=445">
<span>
<strong>Supply Chain Attack Embeds Malware in Android Devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Keenadu is a firmware-level Android malware embedded via supply chain compromise that hijacks Android's Zygote process to inject itself into every app on infected devices. It affects 13,000 devices across Russia, Japan, Germany, Brazil, and the Netherlands. Operating as a multistage loader, Keenadu deploys modules targeting shopping platforms such as Amazon and Temu, monitors Chrome queries, and commits ad fraud. Organizations should cross-reference Kaspersky's published IoCs against managed Android fleets. Firmware-level infections require full firmware replacement, and system app infections are mitigated by disabling or replacing the compromised app.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F18%2Fshinyhunters_cargurus_breach%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/goJaiMyf2nU-_mlO4HrkCdosiZ8cNWC6n3FRTvqQyG0=445">
<span>
<strong>ShinyHunters allegedly drove off with 1.7M CarGurus records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercrime gang ShinyHunters has claimed the theft of 1.7 million CarGurus corporate records, including personal and internal data, and is extorting the company with a February 20 deadline. The crew has chalked up 15 alleged breaches in 2026, hitting financial firms, retail brands, car marketplaces, and dating platforms, often via social engineering and SSO abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fblog%2F2026%2F02%2F17%2Fstop-the-cap-making-entra-id-conditional-access-make-sense-offline%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/rKNuCI27hQLWFMvmfozzU_ti-pSKJCqY61lCZzl3Vxo=445">
<span>
<strong>STOP THE CAP: Making Entra ID Conditional Access Make Sense Offline (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CAPSlock is an offline Conditional Access Policy (CAP) analysis engine built on ROADrecon that simulates sign-in scenarios without generating tenant artifacts and distinguishes between definitively applied policies and signal-dependent ones. The tool addresses a critical gap in Entra ID assessments, overlapping CAPs create hard-to-reason enforcement behavior, particularly around MFA bypasses and platform-specific policy gaps, by modeling normalization, exclusion logic, and cumulative policy enforcement offline. Both red teamers and defenders should evaluate CAPSlock for CAP auditing workflows, with the caveat that pending AAD Graph deprecation will require elevated Microsoft Graph permissions for future policy collection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fobjective-see.org%2Fblog%2Fblog_0x85.html%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/eaHgxtYHr5la3JF30-ZJ7rsrAOAvBG10NDV-U7X5c_Y=445">
<span>
<strong>ClickFix: Stopped at β+V (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post details a lightweight macOS defense against ClickFix attacks β now integrated into BlockBlock v2.3.0 β that intercepts β+V keystrokes via NSEvent global monitoring, pauses the terminal process with SIGSTOP, and prompts the user to review clipboard contents before execution. The approach works across major terminal emulators and is particularly effective given that most documented ClickFix campaigns β including recent campaigns by North Korean APT UNC1069 and LLM-propagated attacks β explicitly instruct victims to use the keyboard shortcut. Notable limitations include no coverage for right-click paste operations, a dependency on Accessibility permissions, and Apple's Endpoint Security framework lacking an equivalent ES_EVENT_TYPE_AUTH_PASTE event, making user-space interception the only practical approach.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbrennan.day%2Fthe-curious-case-of-the-triton-malware-fork%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/E3vjdo9ixzX4lyBGOMu6pI_CvL1liIZblTW1RxvpVao=445">
<span>
<strong>The Curious Case of the Triton Malware Fork (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A suspicious fork of the Triton macOS omg.lol client turns out not to be simple plagiarism, but a clumsy malware delivery attempt hosted on GitHub. The attacker floods the README with links to a Windows-only malware ZIP hidden in an Xcode asset path, then pads the GitHub contribution graph with fake backdated commits to appear legitimate. Sandbox analysis shows a multistage Windows infection chain using 7zip, LuaJIT, anti-analysis tricks, and C2 traffic masquerading as Microsoft and blockchain traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmverschu%2Fadwsdomaindump%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/jpgrzOo38FGRtnfNirr47gc_p42D2Q7CWleoxZq2f-4=445">
<span>
<strong>ADWSDomainDump (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ADWSDomainDump is an Active Directory domain dumper that uses ADWS (port 9389) instead of LDAP to enumerate AD objects, bypassing both Microsoft Defender for Endpoint and CrowdStrike Falcon detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Falways-further%2Fnono%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/dhHv--W54EKpdYQaokkunREKuHGqrM2bxyikY6Qvvt4=445">
<span>
<strong>Nono (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nono is a secure, kernel-enforced sandbox for AI agents, MCP, and LLM workloads. It features capability-based isolation with secure key management and blocking of destructive actions in a zero-trust environment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cogent.com%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/UcT21ZPMwV-QeXgiUPOgVKcCSPzRLZa0BCx05BHOKmU=445">
<span>
<strong>Cogent Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cogent Security is an agentic AI platform for vulnerability management that autonomously investigates, prioritizes, and orchestrates remediation of security issues.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fethz.ch%2Fen%2Fnews-and-events%2Feth-news%2Fnews%2F2026%2F02%2Fpassword-managers-less-secure-than-promised.html%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/RpS6g92Bz7aTpMqcZoOGjhFdcQN6YPbO69octnzxuIY=445">
<span>
<strong>Password managers less secure than promised (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ETH Zurich's Applied Cryptography Group demonstrated 25 total attacks across Bitwarden (12), LastPass (7), and Dashlane (6), collectively serving ~60 million users breaking their "zero-knowledge encryption" guarantees by operating a malicious server that deviates from expected client behavior during routine actions such as login, vault access, and sync. Attacks ranged from targeted vault integrity violations to full organizational vault compromise, requiring only lightweight server-impersonation tooling rather than significant computational resources, with the root cause attributed to feature-bloat complexity and reliance on obsolete 1990s-era cryptographic primitives. Security teams should evaluate password manager vendors against criteria of transparent vulnerability disclosure, third-party audits, and modern end-to-end encryption enabled by default, pending publication of full findings at USENIX Security 2026.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tomshardware.com%2Ftech-industry%2Fdutch-secretary-of-defense-threatens-to-jailbreak-nations-f-35-jet-fighters-says-its-just-like-cracking-open-an-iphone-in-response-to-questions-over-software-independence%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/Y9a2p5GE3_6b4lDPROCREJfdZSM2fE6DurKt4xRMuRU=445">
<span>
<strong>Dutch Secretary of Defense threatens to 'jailbreak' nation's F-35 jet fighters (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch defense chief Gijs Tuinman suggests F-35 fighter software could be βjailbroken,β raising sharp questions about European dependence on US control systems and cloud services. The question is whether there are hidden kill switches or how Lockheed's update and logistics infrastructure can effectively ground fleets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Func6201-exploiting-dell-recoverpoint-zero-day%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/Ys-f46KZoA7IrcNAH5_3mrtu9hFvzubXIpGISjwECkE=445">
<span>
<strong>From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant and GTIG described how UNC6201 exploited CVE-2026-22769 (CVSS 10.0), a hardcoded admin credential in Dell RecoverPoint's Apache Tomcat configuration located at /home/kos/tomcat9/tomcat-users.xml. This enabled unauthenticated deployment of WAR files via/manager/text/deploy and allowed root-level code execution. Persistence was maintained by hijacking convert_hosts.sh, which is run at boot via rc.local. GRIMBOLT, a C# backdoor replacing BRICKSTORM in September 2025, is compiled with native AOT to remove CIL metadata, making static analysis more difficult. It shares C2 infrastructure with its predecessor and introduces new lateral movement techniques in VMware, such as using "Ghost NICs" and iptables-based Single Packet Authorization on compromised vCenter appliances. Defenders should review /home/kos/auditlog/fapi_cl_audit_log.log for requests to /manager, search for GRIMBOLT using published YARA rules and IOCs, immediately apply Dell's patch, and monitor for changes to convert_hosts.sh.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Ftrafficking-victim-to-cybercrime-whistleblower%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0224-web-brand-na-broad-all-x-x-comm_edu-whistleblower%26hnt=69chp4kodqn4/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/QPH3ZIRnRdg4hNTLQvctnGJgb13wZ7SKrvHaxkRD6DQ=445">
<span>
<strong>From Trafficking Victim to Cybercrime Whistleblower (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Join Huntress on 2/24 at 9am ET for a panel discussion with WIRED and Jen Easterly, featuring a survivor sharing scam tactics and how you can stay safe.<br><br><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Ftrafficking-victim-to-cybercrime-whistleblower%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q1-0224-web-brand-na-broad-all-x-x-comm_edu-whistleblower%26hnt=69chp4kodqn4/2/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/IsCEoc6dHRAS6qlHnDhNmNp7-T4HD-iDXUmrc9oWZfw=445" rel="noopener noreferrer nofollow" target="_blank"><span>Join the Event</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F18%2Fanthropic_debuts_sonnet_4_6%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/ig3u93ZOGT8ULmNUx1Y6GdKOUogY8tJABZKXDrtNhhM=445">
<span>
<strong>Anthropic's latest Sonnet gets better at using computers, amid bouts of existential angst (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude Sonnet 4.6 features improved computer use, enhanced prompt injection resistance, and a 200K default context window.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F02%2Fnotepad-fixes-hijacked-update-mechanism.html%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/mI8wMFgGDKV14qrMsi61j3MK5S_6V6Bqzrz12D1STZk=445">
<span>
<strong>Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Notepad++ 8.9.2 introduces a double-lock update design that verifies both signed installers and signed XML from its update server to prevent hijacked updates.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fphobos-ransomware-affiliate-arrested-poland%2F%3Futm_source=tldrinfosec/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/3kBQbgNbLVzI2nYmBV2GwyfnjiKwdlXV1ylYU5Wku6c=445">
<span>
<strong>Polish authorities arrest alleged Phobos ransomware affiliate (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 47-year-old man was arrested in Poland's MaΕopolskie province as part of the Europol-led "Phobos Aetor" operation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/mKLOfRzzC9GVxJi7Tvw5o09-gJ6p_jAR9yOK74jBOvA=445" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/IT34D2f_-YueyTDJKXEMGo3L5sbLR410RUJiSYWNKSg=445" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/gVdWOcd13t0rQoJQszbiYOSA--y6BkL1ADlKIgN5u2Y=445"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/Vf2xqlWTZvRQadzWtNn7jakNvZm2mX1Hfr1IISpwVe0=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/SgjQ265SqRfmersqi-9MvI7GMdiv1LK4-qcPxi-t3m8=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/O1Plgjv6HBqNUbV0XIR-Zh1gbMY7yhtJdWlIrxBN95I=445" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/yS7iqz0Zyo-AZQK9IfpAlrP59fYitZbOihCh5--qRvA=445"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/qiQrEVeTku83csE1xjNGyUlnsGbxe_Pjy-3VGXdwK9s=445"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/ePAhnxVgBKGbgzkb1yBAfQfbJ34fCanmxSzcWmh5AOs=445"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/6V_6j7VnnzC6bOLdfZP8UQ6FbBI15hmWTOtUYyxRvwU=445">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a58f68f0-0d5d-11f1-86d6-07697c2a729d%26pt=campaign%26pv=4%26spa=1771509758%26t=1771510105%26s=039bc3799101c4d8328cf1de5098dfd75ed2907171be88ba51126e5f47292f7a/1/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/o3MBkgdc5b-bG9QwM-ZlTeHfLqYQcwQq2nf4HN63780=445">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019c763b0545-37ecf7d7-6fa2-464f-addb-2190552f406d-000000/ds4gGdN6Luwnz3m5trUtoaQMWM4ry2e3oq_q5G_0BEc=445" style="display: none; width: 1px; height: 1px;">
</body></html>