<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Franceβs health ministry has confirmed a data breach involving the exposure of administrative information for 15.8 million patients β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/h04gg_u1SAtifiM2osaqkzXu7h1hOQ31eLx0grlazIg=447" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/PjmcXgY-lOAkjCg5cMKKzmCCp6MacxEYPABedT1Aqxg=447" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=42d77a72-17cb-11f1-818f-cb663538e569%26pt=campaign%26t=1772633236%26s=18d0a8ea0bdfbceb6390de8513b6cdc83ab09914699dc94510c024eddccb78c9/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/sYsKq8wt7EuYCKMcGuLq01RnwfdHooLIF847AocmTHE=447"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="mailto:itcurator@tldr.tech"><img src="https://images.tldr.tech/tldr50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="TLDR"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-04</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:itcurator@tldr.tech">
<span>
<strong>TLDR is hiring a Curator for TLDR IT! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
We are launching a brand new newsletter covering IT and enterprise tech. We already have <strong>500,000+ subscribers</strong> waiting for the first edition.<p></p><p>We need a domain expert to curate and write the daily summaries. If you want to be the voice of the IT industry, please send your resume or LinkedIn to <a href="mailto:itcurator@tldr.tech" rel="noopener noreferrer" target="_blank"><span>itcurator@tldr.tech</span></a>!
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F03%2Fbrit_games_studio_cloud_imperium%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/HLE5JSOkvnOfuNfX1fdeEmPwNUYCcmkiPsPHlSiGTiA=447">
<span>
<strong>Brit games studio Cloud Imperium admits to data breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloud Imperium Games, the studio behind Star Citizen, disclosed a January 21 data breach over a month later, revealing that attackers gained unauthorized read-only access to backup systems containing usernames, contact details, dates of birth, and other personal information. The company downplayed the risk by noting no financial data or passwords were compromised, but security experts warn the exposed PII is sufficient to fuel targeted phishing campaigns. Players criticized the delayed, near-hidden disclosure, with the breach notice buried in a small pop-up rather than communicated directly via email.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FPpltxE/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/t9Y-FHCZxmCzahC1mQXMzJcJAvgFo2j8vYa2y373UEg=447">
<span>
<strong>1.2 Million Affected by University of Hawaii Cancer Center Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware attack on August 31, 2025, compromised the data of 1.2 million at the University of HawaiΚ»i Cancer Center, targeting research servers but sparing clinical operations. This affected 87,493 study participants' names, SSNs, health info from a 1993 cohort, plus 1.15 million others' names, driver's licenses, SSNs, and voter records.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7jMwHn/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/Fmmet5PPKLZCztUK-HZQrGyUdvZdBCKIUcMrT5IYF7M=447">
<span>
<strong>Hackers steal medical details of 15 million in France (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
France's health ministry has confirmed a data breach involving the exposure of administrative information for 15.8 million patients and sensitive doctors' notes for approximately 165,000 individuals. The breach is connected to Cegedim Sante software, which is used by around 1,500 practices. Reports indicate that data such as sexual orientation and AIDS status appeared online, prompting experts to warn of potentially irreparable damage to privacy.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmoonlock.com%2Ffake-vcs-target-crypto-talent-clickfix-campaign%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/pcT8IeF0-wjfa8XAeu6BfLIgiX4Fl89p5vy3nvms5TE=447">
<span>
<strong>Fake VCs target crypto talent in a new ClickFix campaign (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A suspected DPRK-aligned campaign is targeting crypto professionals through fabricated VC firms (SolidBit Capital, MegaBit, and Lumax Capital) on LinkedIn, funneling victims to spoofed Zoom/Google Meet pages that deploy cross-platform ClickFix payloads via fake Cloudflare CAPTCHA. The attack chain uses clipboard poisoning to inject OS-specific commands, delivering fileless PowerShell loaders on Windows and multi-stage Python payloads on macOS, with fully undetectable Mach-O binaries evading all VirusTotal vendors. Crypto and Web3 professionals should treat unsolicited LinkedIn outreach with extreme caution, verify company domains via WHOIS, and never paste commands into a terminal as part of any "verification" process.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmalwr-analysis.com%2F2026%2F03%2F03%2Fanalysis-of-an-integrated-phishing-campaign-utilizing-google-cloud-infrastructure%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/TURrByvqLYoqLR3hS7DU-H_DYPlMQL_sKhnIKCYdHHE=447">
<span>
<strong>Analysis of an Integrated Phishing Campaign Utilizing Google Cloud Infrastructure (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A coordinated phishing operation abuses Google Cloud Storage to host a redirector HTML file at storage.googleapis.com, allowing emails to sail through SPF/DKIM checks while pointing to seemingly trustworthy Google infrastructure. The operator reuses one GCS bucket but fans out across 25+ lures, ranging from βCloud Storage Fullβ and fake AV expiry to retail rewards and health offers, all converging on credit-card-harvesting pages that present low βshippingβ or βserviceβ fees. Defenders should flag storage.googleapis.com links in email, scrutinize sender metadata, and report abusive buckets like βwhilewaitβ to Google Cloud Abuse to collapse the campaign's shared infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infoblox.com%2Fblog%2Fthreat-intelligence%2Fabusing-arpa-the-tld-that-isnt-supposed-to-host-anything%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/O4vwyLX4AblxXtWWqUz3rWgtMgsGBkrqlDMVeoh3sGA=447">
<span>
<strong>Abusing .ARPA: The TLD That Isn't Supposed to Host Anything (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Infoblox Threat Intel team detected a novel phishing campaign that abuses the .arpa domain using IPv6 reverse domains to bypass firewalls and other detections. The .arpa TLD is a special TLD that is primarily used to map IP addresses to domains and is unlikely to be blocked. The attackers were able to find DNS registrars that allowed them to create A records for these domains and used them in phishing campaigns that advertised free prizes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fresources%2F2026-cyber-threat-report%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-brand-global-broad-all-x-x-2026_threat_report%26hnt=gnhgjip4vlgi/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/N8l9ZypWRU4-jpU83zRAcNaX53eBpElqoAbS7aV0_AA=447">
<span>
<strong>Cybercrime is the world's third-largest economy (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The costs of cybercrime are expected to reach $12.2 trillion annually by 2031. The Huntress 2026 Threat Report breaks down the main profit centers: RMM abuse, malicious AI use, social engineering, ransomware, identity attacks, and more. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fresources%2F2026-cyber-threat-report%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-brand-global-broad-all-x-x-2026_threat_report%26hnt=gnhgjip4vlgi/2/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/sg0rGdqy_8v5fi9PFNDMAU0fwkR1cr21hoaSZYu_02c=447" rel="noopener noreferrer nofollow" target="_blank"><span>Get the full report</span></a>. Just want the highlights? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fresources%2F2026-cyber-threat-report-tldr%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-01-camp-brand-global-broad-all-x-x-2026_threat_report_tldr%26hnt=xvx0noxmnifb/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/XnpxlEq7Wp6qyxEdo0cTrVUkzyFaxUN8_6q0-CFY57E=447" rel="noopener noreferrer nofollow" target="_blank"><span>Download the TL;DR</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftrailofbits%2Fmquire%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/j9JTXd6Ckjx5l8oysnk8kezrufhu8tHP88ji2bbFP3U=447">
<span>
<strong>mquire (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
mquire is an osquery-inspired memory forensics tool that enables SQL-based querying of Linux kernel memory snapshots without requiring external debug symbols. Written in Rust, it leverages embedded BTF and Kallsyms data to enumerate processes, open files, and network connections, and to extract cached files directly from memory dumps. Designed for incident response and malware analysis, it supports interactive shell, single-query, and custom command modes, including process tree visualization and file carving.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F02%2Fnearby-glasses-new-app-alerts-you-wearing-smart-glasses-surveillance-meta-snap-bluetooth%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/cwBiagM2NXfzqu9O1CGfppogbWU2H553iy5hWSvbfuo=447">
<span>
<strong>A new app alerts you if someone nearby is wearing smart glasses (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nearby Glasses is a new Android app that continuously scans for Bluetooth signals from smart glasses made by Meta and Snap, alerting users when potentially always-recording wearable devices are detected nearby. The app matches manufacturer-specific Bluetooth company identifiers and supports custom IDs for detecting a broader range of surveillance wearables, though it may produce false positives from VR headsets. The tool addresses growing privacy concerns about covert recording devices, particularly following reports that Meta Ray-Ban smart glasses were used in immigration raids and harassment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.fig.security%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/d5MFiJweVneWP298X3cRD9fu9B0BcQdd2mSXkxSS_c8=447">
<span>
<strong>Fig Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fig Security traces data flows through security stacks, alerting teams to changes impacting detection or response. It back-traces detections, samples data pipelines, and simulates fixes via SIEM integrations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fctrlaltintel.com%2Fthreat%2520research%2FAeternum-Part-2%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/194tWKE9QHNX_6LT_4wtNXEfIp_-XMXVYM70Is1PQxw=447">
<span>
<strong>Aeternum Loader: Inside the binary (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers reversed the Aeternum Loader malware, revealing its use of the Polygon blockchain for C2 communications via a hardcoded smart contract address, with AES-encrypted commands that can be decrypted using only the contract address as the key. The loader employs per-string XOR obfuscation, CRC32/DJB2 API hashing, NTFS ADS-based self-deletion, PPID spoofing to explorer.exe, and novel anti-VM checks including CPUID thermal/power MSR detection and SMBIOS BIOS characteristics bit counting. Notably, the blockchain C2 approach creates a permanent, immutable record of all attacker commands, giving defenders a historical audit trail once the encryption is broken.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.svd.se%2Fa%2FK8nrV4%2Fmetas-ai-smart-glasses-and-data-privacy-concerns-workers-say-we-see-everything%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/_V6fnqgXFsWF4_SKWJfSoGEed55Tc1jZFXg3kxN9bnQ=447">
<span>
<strong>She Came Out of the Bathroom Naked, Employee Says (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A joint investigation by Svenska Dagbladet and GΓΆteborgs-Posten revealed that data annotators at Meta subcontractor Sama in Nairobi routinely encounter intimate footage from Meta Ray-Ban smart glasses, including nudity, bank details, and sexual content from users who appear unaware they are being recorded. Network traffic analysis confirmed the glasses require constant communication with Meta servers to function, contradicting retailer claims that data stays local, while Meta's own terms permit both automated and human review of user interactions. Privacy lawyers and Sweden's data protection authority questioned the legality of transferring such sensitive data to Kenya, where no EU adequacy decision exists, raising significant GDPR compliance concerns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FfSKisA/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/cvYhBTxnQjlZY7TlK6v6E804kDpGk2YS2RsDI4bl_OY=447">
<span>
<strong>Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's Claude Code Security and OpenAI's Aardvark raise concerns about being slow, expensive, and noisy compared to established SAST tools, especially when the same AI both writes and reviews code. Experts argue these assistants should augment, not replace, existing pipelines, as AI-driven βvibe codingβ accelerates insecure code and growing security debt. The real value lies in AI-enhanced remediation workflows and the potential revival of interactive, AI-powered code review.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fstate-of-llm-security%3Futm_campaign=14995291-SOPR%2520AI%2520cut%25202025_06%26utm_source=TLDR%26utm_medium=enewsletter/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/xp7eH683wGE5EJuEsM6LnR9UkUY6kfb8HBWG4jjyRNs=447">
<span>
<strong>You know LLM security is bad. You don't know how bad (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cobalt reviewed data from 16k+ pentests, and the results are as ugly as it gets. Only 21% of serious LLM vulnerabilities actually get resolved. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresource.cobalt.io%2Fstate-of-llm-security%3Futm_campaign=14995291-SOPR%2520AI%2520cut%25202025_06%26utm_source=TLDR%26utm_medium=enewsletter/2/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/ir_wTXJVGSR_XdHlH4e4m1paXHXXHPZwYcdR56yaWOo=447" rel="noopener noreferrer nofollow" target="_blank"><span>See why</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F03%2Fhuawei_takes_ai_datacenters_global%2F%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/u7D3FOYNeBq6tH0MI4LcFQK23DT2w92jHoGXZO4AqSk=447">
<span>
<strong>Huawei brings its flatpack AI datacenters, packed full of Chinese chips, to the world (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Huawei is marketing its modular AI datacenters globally, featuring homegrown Kunpeng CPUs and Ascend GPUs with a 4-to-6-month deployment promise, targeting nations outside Western security restrictions where Nvidia and AMD GPU supply remains scarce.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bbc.com%2Fnews%2Farticles%2Fcgk28nj0lrjo%3Futm_source=tldrinfosec/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/1OSzpA7-vO3wxhigOw5caovyDX91wZ8g9pMUAZqS7mo=447">
<span>
<strong>Amazon says drones damaged three facilities in UAE and Bahrain (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Drone strikes linked to Iranian retaliatory attacks hit three AWS data centers in the UAE and Bahrain, causing structural damage, power disruptions, and service outages in what experts called the first time major cloud infrastructure has been knocked offline by military action.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FxHiwP9/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/KWP1l5EQSiM3aiKe2ScyRv1wi0viw837BVJ6vXTQtnA=447">
<span>
<strong>Malware attacks weaponizing Windows File Explorer, WebDAV underway (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing campaigns targeting European corporate networks exploit Windows File Explorer and WebDAV to deploy RATs via malicious shortcut files hosted on Cloudflare Tunnel domains.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/gk0w47uMobPqU5AuFy6SQ0nIPanNlwryVXvbKx_y7Qo=447" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/Rk6HN70GKtrPQKm6Hq13UUYxsNARn_ZVbVSwfDrp5lA=447" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/Ws0n9ZZS2x0UT7kYcYt-LhJYpifQyc4YYnHYc-qo1Oc=447"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/Wcr4NlDOcPiWn7sU1nOasNGEwMDG7rEmzjS35ZbHPmE=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/8WcW0uO97ejpR0SeuRJrBgS4UTyWDlO-kv6s8J9e97g=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/E8NBhTjtC-_JaTuhFEZ0GLyUn62lu8ft44lkWQGbt-4=447" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/b965nBq97yHRpBA9hg4yUpOUXkVoEZT5ou60ZiyT6QU=447"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/5TZjeelOWA7zddiTKWUpGHsZNHByTaEAdp5dXqRiuIY=447"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/aqsv5TWGFOGLx0BnMAwWkYvB27b9hKsWP6gPXtGNpmo=447"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/LomTnBRMexCTot8bMRRPA1EE9BBZY8GYax0giXSe1IY=447">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=42d77a72-17cb-11f1-818f-cb663538e569%26pt=campaign%26pv=4%26spa=1772632911%26t=1772633236%26s=2b8e7740661fb0b83192dc2522f525e710f6a6aee0fac2c29f9581940c5b3c42/1/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/7wb5UyslNl64pGJpd6l0NLBAx_MpGnyF5O23CgYCY_g=447">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cb92ca5fd-ba8b5875-f23d-4136-9384-bda751ef4aab-000000/z8hthSg96UNW4iUC_bGrmbjYKuq5u4cA2gCkqO5wsPM=447" style="display: none; width: 1px; height: 1px;">
</body></html>