Email Content

<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
			:root {
				color-scheme: light dark; supported-color-schemes: light dark;
			}
			
			*,
			*:after,
			*:before {
				-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
			}
			
			* {
				-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
			}
			
			html,
			body,
			.document {
				width: 100% !important; height: 100% !important; margin: 0; padding: 0;
			}
			
			body {
				-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
			}
			
			div[style*="margin: 16px 0"] {
				margin: 0 !important;
			}
			
			table,
			td {
				mso-table-lspace: 0pt; mso-table-rspace: 0pt;
			}
			
			table {
				border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
			}
			
			img {
				-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
			}
			
			*[x-apple-data-detectors] {
				color: inherit !important; text-decoration: none !important;
			}
			
			.x-gmail-data-detectors,
			.x-gmail-data-detectors *,
			.aBn {
				border-bottom: 0 !important; cursor: default !important;
			}
			
			.btn {
				-webkit-transition: all 200ms ease; transition: all 200ms ease;
			}
			
			.btn:hover {
				background-color: #f67575; border-color: #f67575;
			}
			
			* {
				font-family: Arial, Helvetica, sans-serif; font-size: 18px;
			}
			
			@media screen and (max-width: 600px) {
				.container {
					width: 100%; margin: auto;
				}
				.stack {
					display: block!important; width: 100%!important; max-width: 100%!important;
				}
				.btn {
					display: block; width: 100%; text-align: center;
				}
			}
			
			body,
			p,
			td,
			tr,
			.body,
			table,
			h1,
			h2,
			h3,
			h4,
			h5,
			h6,
			div,
			span {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			
			@media (prefers-color-scheme: dark) {
				body,
				p,
				td,
				tr,
				.body,
				table,
				h1,
				h2,
				h3,
				h4,
				h5,
				h6,
				div,
				span {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
			
			a {
				color: inherit !important; text-decoration: underline !important;
			}

		</style><!--[if mso | ie]>
		<style type="text/css">
			a {
				background-color: #FEFEFE !important; color: #010101 !important;
			}
			@media (prefers-color-scheme: dark) {
				a {
					background-color: #27292D !important; color: #FEFEFE !important;
				}
			}
	 </style>
			<![endif]--></head><body class="">



<div style="display: none; max-height: 0px; overflow: hidden;">A 2025 e‑commerce breach at Canadian Tire exposed data from over 38 million accounts, including names, contact details, and hashed passwords ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>

<table align="center" class="document"><tbody><tr><td valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">

<table width="100%"><tbody><tr><td class="container">



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/E7rZq0lnJEBOUaBBL2-Fe5f-gCy0MwiKwbZncDNgnXs=446" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/VCWe2fs_9zH9FiYXxeShN5c4tyTIBqxntd8Gus4JMsQ=446" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d51d1220-15fa-11f1-b869-fb0498e9f401%26pt=campaign%26t=1772460550%26s=a94c8ebca9a920f122771f228b35aaf6b65eaebfee5ff78a42918f8dae108126/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/ueU75K1zEl_Nk3ptEC2bUrwxGao12E5mr0ZQy_Ijrwc=446"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>

<br>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwebinar%2Finside-the-soc-ep001-whats-working-for-attackers-right-now%2F%3Futm_campaign=37935163-2026_webinar_inside-the-soc%26utm_source=tldr-newsletter%26utm_medium=email%26utm_term=260302%26utm_content=episode-001/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Nx1vNO99vdFoVaLKOVFgnkU9X_KctoFJy61DO0HBYUA=446"><img src="https://images.tldr.tech/blackpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Blackpoint"></a></td></tr></tbody></table>


<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">

<h1><strong>TLDR Information Security <span id="date">2026-03-02</span></strong></h1>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwebinar%2Finside-the-soc-ep001-whats-working-for-attackers-right-now%2F%3Futm_campaign=37935163-2026_webinar_inside-the-soc%26utm_source=tldr-newsletter%26utm_medium=email%26utm_term=260302%26utm_content=episode-001/2/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Ppm13w-OPxm5JhfbQg60EuJswqj2QHBtzrq9WtSbtRE=446">
                                    <span>
                                        <strong>Inside the SOC EP#001: What's Working for Attackers Right Now (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    ClickFix, Fake CAPTCHA, and ScreenConnect misuse are familiar threats, but they're still getting results.  <p></p><p>In this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwebinar%2Finside-the-soc-ep001-whats-working-for-attackers-right-now%2F%3Futm_campaign=37935163-2026_webinar_inside-the-soc%26utm_source=tldr-newsletter%26utm_medium=email%26utm_term=260302%26utm_content=episode-001/3/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Sh1gAeioyu2CoVT0sVIC4zWu9-DfQ71DqgE6L86AsQE=446" rel="noopener noreferrer nofollow" target="_blank"><span>45-minute live session</span></a>, our SOC walks through the tradecraft, staging patterns, and execution behaviors threat actors are using, along with practical mitigation guidance.</p>

<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwebinar%2Finside-the-soc-ep001-whats-working-for-attackers-right-now%2F%3Futm_campaign=37935163-2026_webinar_inside-the-soc%26utm_source=tldr-newsletter%26utm_medium=email%26utm_term=260302%26utm_content=episode-001/4/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/e8g8sB8c4GYD4HbsPb-vVlFC11LVZgOn4QyLFFSYi0Y=446" rel="noopener noreferrer nofollow" target="_blank"><span>Save your Seat</span></a>


</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F188659%2Fdata-breach%2Fcanadian-tire-2025-data-breach-impacts-38-million-users.html%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/BSnWCxQQZ7wyStaDwTs1BeUyxRxoo8LuEoNKsji2bS8=446">
                                    <span>
                                        <strong>Canadian Tire 2025 data breach impacts 38 million users (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    A 2025 e‑commerce breach at Canadian Tire exposed data from over 38 million accounts, including names, contact details, hashed passwords, and partial card numbers, with under 150,000 records containing full dates of birth. Financial systems and in‑store transactions were reportedly unaffected, but 42 million records were added to Have I Been Pwned.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F9dnBzF/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/zq1zUg-5PUDhCBQa4rNU_Dh8A_HKxTvx5qcfc_-aY1E=446">
                                    <span>
                                        <strong>ManoMano data breach affects 38 million customers via third-party provider (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    DIY marketplace ManoMano is notifying about 38 million affected customers after unauthorized access at a subcontracted customer service provider handling Zendesk-based interactions. Threat actor “Indra” claims to have compromised data for 37.8 million accounts, including names, emails, phone numbers, and support communications.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F02%2F27%2Fodido_shinyhunters_leaks%2F%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/LJpukDhSLoS3ZsIq8kbvPP0yI_iQcOstUDHxuU1VgeM=446">
                                    <span>
                                        <strong>Cops back Dutch telco Odido after second wave of ShinyHunters leaks (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    ShinyHunters is dumping Odido customer records in daily batches, exposing sensitive identifiers, bank details, and support notes, and threatening to escalate the leaks after already impacting more than a million accounts. Dutch police publicly support Odido's stance of refusing ransom payments and emphasize the need for rapid law enforcement engagement and anti‑phishing vigilance.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>


<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fmh1F33/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/KBArwxAR7GiNPKZvb8NYBNpa6TYCv-p4LQRG5QXtOig=446">
                                    <span>
                                        <strong>Delinea Protocol Handler - Return of the MSI: RCE via Custom Launcher (8 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    AmberWolf disclosed an RCE vulnerability in Delinea's Secret Server Protocol Handler (≤6.0.3.39) and Connection Manager (≤2.7.1) where improper sanitisation of the sslauncher:// URL handler's generic process launcher allowed a malicious server to supply attacker-controlled process names and arguments via encrypted launcher data, achieving arbitrary code execution on both Windows and macOS when a victim visits a crafted webpage and accepts a security prompt. The exploit, implementable as a NachoVPN plugin, abuses the legitimate key exchange flow to inject serialized launcher configurations that RDPWin.exe blindly executes via Process.Start(). Delinea patched the protocol handler as of January 17. Organizations should upgrade immediately and monitor for anomalous child processes spawned by RDPWin.exe.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.buchodi.com%2Ftwitch-ships-server-side-eppo-keys-in-its-ios-app-exposing-its-entire-product-roadmap%2F%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/IZApuImYM31G-I-OMWG3xFO6dKL46PTi8aWLYYVQABQ=446">
                                    <span>
                                        <strong>Twitch Ships Server-Side Eppo Keys in Its iOS App, Exposing Its Entire Product Roadmap (10 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Twitch's iOS app uses server-side Eppo SDK keys instead of client tokens, exposing over 260 unobfuscated production feature flags via a CDN endpoint that can be freely polled once a key is observed in traffic. The flags reveal Twitch's near-term roadmap. Hardcoded IDs, internal codenames, and future launches like “Elevate Prime 2026” are visible, turning feature flags into a live intelligence feed on product, security posture, and internal economics.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.originhq.com%2Fblog%2Fprocess-preluding%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/G_6Syv6goNNZip3fhi5Q03nstE9HJ0j4dhH52uXqcIY=446">
                                    <span>
                                        <strong>Process Preluding: Child Process Injection Before the Story Begins (7 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Many security products in Windows 10 and 11 use kernel Event Tracing for Windows (ETW) hooks to monitor process creation and be notified of potentially malicious activity. An attacker can bypass these checks by exploiting a race condition between the kernel's completion of the executive process object setup and the invocation of process-creation callbacks. Attackers can also use legacy APIs for process creation, which do not trigger process-creation callbacks.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑‍💻</span></div>
</div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F0xv1n%2Fmacnoise%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/WDUHWGQRaju59b3QvaPUT7DPxxc0L9kVZQaXEDswHjU=446">
                                    <span>
                                        <strong>MacNoise (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    MacNoise is a modular macOS telemetry-generation framework designed to help security teams validate EDR, SIEM, and firewall detection coverage by producing real system events across the network, process, file, TCC, and persistence categories. The tool includes MITRE ATT&CK-mapped modules, pre-built APT emulation scenarios, and OCSF 1.7.0-compliant audit logging for structured correlation. Scenarios can be dry-run previewed, chained via YAML, and output as JSONL for automated detection gap analysis.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Frustdesk%2Frustdesk%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/xgH7T8mvdZly9IB4i0FAPhDcVZ2JSyDvat1CY0378d0=446">
                                    <span>
                                        <strong>Rustdesk (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Rustdesk is an open-source remote desktop application designed for self-hosting. An alternative to TeamViewer, it works out of the box with no configuration required. You have full control over your data, with no security concerns.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FMatheuZSecurity%2Fksentinel%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/WSpE6rPfbJ1dP1TxB0k9dbI9WcyHXDkF_qWxrYvw3Mk=446">
                                    <span>
                                        <strong>ksentinel (GitHub Repo)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    ksentinel is a Linux kernel module that monitors syscall table integrity, function prologues, and LSTAR MSR values using FNV-1a hashing to detect unauthorized modifications from rootkits such as PUMAKIT, Diamorphine, and KoviD. It covers 500+ syscall wrappers, plus critical VFS, networking, credential, and tracing functions, with anti-unload protection via a compile-time-generated unlock key. The module supports Linux versions 5.4 to 6.12+ on x86_64 and ARM64. It features configurable check intervals and a management script for live monitoring and violation alerts.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>


<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FNHhBvb/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/4__ju5SgCrzOUE6GIRSRs1qI8NkukzBmoGvCvZ3CwkA=446">
                                    <span>
                                        <strong>Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Researchers reported flaws in Gardyn Home and Studio, which exposed roughly 138,000 indoor smart gardens to unauthenticated, internet‑reachable remote compromise, including OS command execution via command injection and hardcoded admin credentials in the Gardyn IoT Hub and Azure IoT infrastructure. Thankfully, patches are out and auto‑delivered.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FSJ6Ms7/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/WMHvpKg38DQUgy_FD865ntWSleayjn387YrFT5Hgqko=446">
                                    <span>
                                        <strong>What is EC2 Instance Attestation (5 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Nitro enclaves were introduced in 2020 to provide a trusted execution environment for security-sensitive applications. However, application development was more complex due to the execution environment's limitations. Last year, AWS launched EC2 instance attestation, which extends the security enclave to the full instance, enabling more use cases and improving usability at the cost of greater effort to secure the instance and increased deployment complexity. This post walks through the process of creating an application running on an EC2 instance with attestation, including a GitHub Actions workflow to build a hardened, attestable AMI.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ncsc.gov.uk%2Fcollection%2Fzero-trust%2Fdemystifying-zero-trust%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Q3Q7vjw71-AQ0KMbtBw8fw_Y0xpEQny6rzJb1jTi-dU=446">
                                    <span>
                                        <strong>Demystifying Zero Trust (5 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    This part of the UK's NCSC multi-part guide on implementing zero trust in an enterprise focuses on defining zero trust beyond the buzzword or a specific product. Zero trust defines a strategic shift where users are continually authenticated as opposed to a point-in-time authentication at the beginning of a session. It implies a defense in depth approach where controls are layered in a system and may work in conjunction with existing systems or replace them.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">

<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>

<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.action1.com%2Ffree-edition%2F%3Futm_source=paidmedia%26refid=Newsl_Q126_TLDR/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/szmvyEGFGaBbqAjv2aHGxVfwP44Gsce0CjrGFSR_sdE=446">
                                    <span>
                                        <strong>Free patching for your first 200 endpoints, Action1 (Sponsor)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Action1 - patching that just works, first 200 endpoints are free forever. No feature limits, No credit card. No catch. <a class="Hyperlink SCXW192574555 BCX0" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.action1.com%2Ffree-edition%2F%3Futm_source=paidmedia%26refid=Newsl_Q126_TLDR/2/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/8dcj98jpXQeqFXUOpiqkHeTqbxJqgOFXT7rMkdY-S3I=446" rel="noreferrer noopener" target="_blank"><span>Activate 200 Free Endpoints</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fspain-arrests-suspected-anonymous-fenix-hacktivists-for-ddosing-govt-sites%2F%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Lvf8bvuPS9UfbkUXqtfKw1B8yPPuua6LQPr2KbVXNMc=446">
                                    <span>
                                        <strong>Spain arrests suspected hacktivists for DDoSing govt sites (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Spanish Civil Guard arrested four alleged members of "Anonymous Fénix" for conducting DDoS attacks against government ministries and public institutions.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fzero-day-flaws-pdf-platforms-xss-one-click-attacks%2F%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/IeGGZhzqOHWiMgDSzwyg3KH0IwcGR62-7IBamXgFvHc=446">
                                    <span>
                                        <strong>Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    Novee Security disclosed 16 zero-day vulnerabilities across Foxit and Apryse PDF platforms.
                                </span>
</span>
</div>
</td></tr></tbody></table>

<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
                                <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F02%2Fmalicious-stripeapi-nuget-package.html%3Futm_source=tldrinfosec/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/IwBZumzM0eJBYiV0shHnDW4M1jDoDUBzUoRl7NiCXlk=446">
                                    <span>
                                        <strong>Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens (2 minute read)</strong>
                                    </span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
                                    A typosquatted NuGet package named "StripeApi.Net" impersonated the legitimate Stripe.net library with artificially inflated download counts (~180K across 506 versions) and silently exfiltrated Stripe API tokens while maintaining full payment processing functionality to avoid detection.
                                </span>
</span>
</div>
</td></tr></tbody></table>

</td></tr></tbody></table>



<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/vmqHiCx1FdWaBas0Yqgiuxtf5rLOhNQxPKB9NnkODws=446" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/7JWESiGTgdWCUrMufmw7jd9ip_J0cim8ljWd-EUZ1pk=446" style="font-size: 16px; line-height: 1.6;  padding: 10px 0; display: inline-block;  text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>




<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/_E3WKWp5sNa5hNclANaLhgd1L4GMvStRMHkkXGH9vqs=446"><strong><span>advertise with us</span></strong></a>.
</div>
<br>

<!-- New "Want to work at TLDR?" section -->

<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/_ksRk4qRpHubZDv6ut0lTyqmK8CQd4ld5jm07geBa1s=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/C0k6hBgL1SgoK7IronaVJtBnTXsxzQNh-JkuZ4vXSUI=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/QF7BiL7i6CVS4Wro5RVUfG4n53TZcFC8_sFRWdPTEas=446" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>

<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/pC74XzDUavBa3O5Lj-KPJJ1UJwgF_TlnCP5D2tmoOYg=446"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/n0Lm-66W7UVqhdjW2e3zG200SsPb3-N22FvhW6vSrfo=446"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/cQj77tRUDXws2SATqpORdS8eFuh-lBQjmNIS3TG5Pfg=446"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>

<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/Sx6x-hw7StpTaZsqVWxdLbZgeUXMlcZ_hHQdy2ZtKRI=446">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d51d1220-15fa-11f1-b869-fb0498e9f401%26pt=campaign%26pv=4%26spa=1772460203%26t=1772460550%26s=04e7c8550aa6d4b2b238a93a211080f1d7fffecb629424592ae671350cbe370e/1/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/hc6PZxoNpVaAEkIdEVhKFeh42OLsxnLhMFpBlu9Wumk=446">unsubscribe</a>.
<br>

</div>
</td></tr></tbody></table>

</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>



<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019caee1a8ac-5bbed8b3-5a72-48cb-b885-4e8d11cf675a-000000/qRN25roIxb7w6T25b_AOVkVcz9cnC2SlZkq76mxhBZw=446" style="display: none; width: 1px; height: 1px;">
</body></html>