<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">China's CNCERT warned that OpenClaw, a self-hosted AI agent, poses significant risks due to weak default settings and privileged system access </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/NrbdxsBbhN_Z0zxa6d9_yxaO_bYNBqEt-NfXQfq5ocA=448" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/d20J5w7GzOj5YKbnjW0BHnZTRn154geiyON9KTR5FqI=448" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2b34a856-2133-11f1-85e7-737ead227745%26pt=campaign%26t=1773666429%26s=24372245d0652ece550aa8d9ac3adcedfaa64b9ce7964785cf1de62bf026f1d2/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/lzKc36T9jQFok7Me5E59yaTC6atvRFWdjUR1KYBAKI8=448"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/LWb_sco7Bqvy5oY2VyJ8i3y8j_dvWxIoGM0eMDUNCq8=448"><img src="https://images.tldr.tech/drata50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Drata"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-16</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/2/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/b_4EKIaztrioieivdy_D-MjGeal9PFOUfbUxDyjQdLA=448">
<span>
<strong>Manual GRC doesn't scale -- move to Agentic Trust Management with Drata (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Compliance doesn't end when you get your SOC 2 certificate. Security reviews, audits, and vendor questionnaires demand constant attention -- and leave GRC teams too overwhelmed to actually think about security strategy.<p></p><p>Drata's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/3/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/FrJgkIJj7rhirNblzdzzjwt8IFfMykQutr0bhenwihM=448" rel="noopener noreferrer nofollow" target="_blank"><span>Agentic Trust Management Platform</span></a> automates the most time-consuming tasks, from security questionnaires to continuous evidence collection, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/4/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/BM2TlXL2QrR0A6hIJLIBtJbem9eEovkPpwBKZOXgS4E=448" rel="noopener noreferrer nofollow" target="_blank"><span>saving teams hundreds of hours</span></a> each year. Drata's AI chases down documents, so you can focus on outcomes.</p>
<p>With Drata's built-in Trust Center, you can streamline security reviews, share your security posture, and build trust faster throughout the deal process.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/5/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/2cnwn6HT9bsipWlHqQTC02bI4wHUWkiqvTZpd1tsCfo=448" rel="noopener noreferrer nofollow" target="_blank"><span>⚡️ Automate and accelerate trust with Drata ⚡️</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F03%2Fopenclaw-ai-agent-flaws-could-enable.html%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/Ok33KIizNjwtdsBzD5ertBL2BCuJ69ihxNAyUHNAoGk=448">
<span>
<strong>OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
China's CNCERT warned that OpenClaw, an open-source self-hosted AI agent, poses significant risks due to weak default settings and privileged system access. These vulnerabilities can enable indirect prompt injection attacks, where malicious instructions embedded in web content can force the agent to exfiltrate sensitive data via attacker-constructed URLs shown as link previews in Telegram or Discord — no user click needed. Other attack points include malicious skills uploaded to ClawHub that can execute arbitrary commands or install malware, instruction misinterpretation leading to irreversible data deletion, and threat actors distributing trojanized OpenClaw installers on GitHub that deliver malware such as Atomic Stealer, Vidar Stealer, and the Golang proxy GhostSocks via ClickFix-style lures. Recommended mitigation steps include blocking OpenClaw's default management port from internet exposure, isolating the service in a container, avoiding plaintext credential storage, and restricting skill installations to trusted channels only.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F189438%2Fsecurity%2Fstarbucks-data-breach-impacts-889-employees.html%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/vE9Cz7dYcWnFN0Pn0dJeXlc_FVCkco-E15mFVlOqbmw=448">
<span>
<strong>Starbucks data breach impacts 889 employees (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing sites impersonating Starbucks Partner Central captured employees' credentials, allowing an unauthorized third party to access staff accounts between January 19 and February 11. The intrusion exposed names, Social Security numbers, dates of birth, and bank and routing details for 889 employees.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F03%2Fauthorities-disrupt-socksescort-proxy.html%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/O5AJ24YvjkmGQ0sXStth1jKmrvnaQch7PONperCGorI=448">
<span>
<strong>Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Law enforcement shut down the SocksEscort proxy service, which sold traffic tunneled through 369,000 infected home and small-business routers in 163 countries since at least 2021. Operation Lightning seized 34 domains, 23 servers, and froze $3.5 million in crypto linked to more than €5 million in proxy sales. Criminals used the network for fraud, ransomware, DDoS, and CSAM, abusing RCE and command injection flaws in some 1,200 router models and, in some cases, flashing custom firmware that permanently disabled updates.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcookie.engineer%2Fweblog%2Farticles%2Fmalware-insights-macos-phexia-campaign.html%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/Q9RrVV4c-aVLjx3B6O9sYqPI4wBM_QZ_AU_kxoxa9gw=448">
<span>
<strong>Malware Insights: macOS Phexia Campaign (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Phexia Campaign, likely linked to APT28, deploys a four-stage macOS attack chain initiated via a ClickFix prompt that tricks users into pasting a base64-obfuscated osascript payload into Terminal, establishing LaunchAgent persistence at ~/Library/LaunchAgents/com.components.campaign-id.plist and polling a Telegram bot for live C2 domain updates. The implant uses tccutil reset All to clear TCC permissions and resurface permission dialogs, masquerades a credential-harvesting dialog as System Preferences with 150 retry loops to capture the macOS user password, then, every 60 seconds, pulls and executes a Phexia Stealer osascript payload targeting all crypto wallets, browsers, Keychain, and Telegram auth data. Defenders should alert on launchctl load activity writing to ~/Library/LaunchAgents, monitor for tccutil reset All execution, block vdsina[.]com-hosted domains at the DNS layer, and treat any Terminal paste prompt from a website as an immediate IOC.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.endorlabs.com%2Flearn%2Freturn-of-phantomraven%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/TwIP342m7To9MjagTV8kbt5vEpNfYwv4T7x9bGaHlLo=448">
<span>
<strong>The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Endor Labs identified 88 new malicious npm packages across three PhantomRaven waves (Waves 2–4) published between November 2025 and February 2026, with 81 packages still live and two C2 servers still active, both AWS EC2 instances running plaintext HTTP on port 80. The campaign abuses Remote Dynamic Dependencies (RDD) like HTTP URL entries in package.json that cause npm itself to fetch and execute a 259-line credential-harvesting payload from attacker infrastructure at install time, exfiltrating developer emails, CI/CD tokens, and full system fingerprints via triple-redundant GET/POST/WebSocket channels to PHP endpoints jpd.php and npm.php. Defenders should reject any npm package with non-registry URL dependencies, block outbound HTTP to domains matching the artifact-themed C2 pattern, and audit CI/CD pipelines for token exposure across the 50+ disposable npm accounts attributed to this operator.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fagentseal.org%2Fblog%2Fmcp-server-security-findings%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/h7IVz6m4Km_bp7XxtK516jcFuWX69GjFmV-kL3VYYcc=448">
<span>
<strong>We Scanned 1,808 MCP Servers. 66% Had Security Findings (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MCP servers have rapidly become the default integration layer for AI agents, but large‑scale scanning of 1,808 servers shows that 66% expose security issues. The riskiest patterns are code execution, toxic cross‑server data flows, and tool‑description prompt injection, which enable data exfiltration, supply‑chain attacks, and even zero‑click RCE via clients like IDEs and desktop agents. Real incidents demonstrate that MCP01–MCP06‑style issues are already being exploited in production. Security‑minded teams should treat MCP as a live attack surface: check servers against the MCP Security Registry, tightly scope tokens, test system prompts, and rigorously review tool and config changes before granting autonomous access.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fcustomers%2Fdatabricks%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=secondary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/kKX13BbhQcRLwJp1EiwcR8ObTE8jLcvAfIQamJ57c9Y=448">
<span>
<strong>How Databricks Scales Modern Identity Governance with Opal Security (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most identity governance platforms add work instead of reducing it. Databricks took a different approach with Opal, <strong>using automation and developer-friendly policy controls</strong> to manage access at scale while maintaining visibility and control.<p></p><p><strong>Automated workflows</strong> speed provisioning. <br><strong>Policy-driven governance</strong> scales access rules. <br><strong>Unified visibility</strong> shows who has access and why.<br><br><strong>→</strong> <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Fcustomers%2Fdatabricks%2F%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=secondary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/2/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/4pNCTmFPGi2UDw7dYi6PgwnCiHdN-iXKHjh0QgOZ4ts=448" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Read the Databricks case study</strong></span></a></p>
<p><strong>→ </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.opal.dev%2Ftry-now%3Futm_source=tldr%26utm_medium=cpc%26utm_campaign=databricks%26utm_term=jit%26utm_content=secondary%26hstk_campaign=39785132%26hstk_network=tldr%26hsa_acc=45127704%26hsa_net=tldr/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/peo3mEK80B4LvRAKzBvzzAJGyUzDP8UtkR37FeRRrPg=448" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Learn more about Opal Security</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcartography-cncf%2Fcartography%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/xlJYZ_THzqzUjXXdhpWyuVdItm55bXUuV84WWAezHpA=448">
<span>
<strong>cartography (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
cartography is a CNCF Python tool that ingests infrastructure assets from 30+ platforms into a Neo4j graph database to map asset relationships and expose hidden attack paths. Security teams can query cross-tenant IAM relationships, network ingress/egress paths, and datastore access patterns, or run framework compliance checks via `cartography-rules`, with extensible plugin support for custom data sources.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fonyx.security%2F%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/e-d_4pfZNXQKKiCKMyZSi6gaxXoubkQ8tFdK78ssYK4=448">
<span>
<strong>Onyx Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Onyx Security provides an AI control plane that discovers, monitors, and governs autonomous AI agents across cloud, endpoints, code, and SaaS so enterprises can securely deploy, supervise, and scale large numbers of agents.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FChiChou%2Fgrapefruit%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/ayIMLIL6N-qjejfe1Ji9pF6ZzI7bOfNZ3cwAvAHTCeU=448">
<span>
<strong>Grapefruit (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Runtime mobile application instrumentation toolkit powered by Frida. Inspect, hook, and modify mobile apps through a web-based interface.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.rapid7.com%2Fblog%2Fpost%2Ftr-malicious-websites-wordpress-compromise-advances-global-stealer-operation%2F%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/H5BxseMiRl0TUpsyDZTP_B-EXe3hA5ty93YO96Pr4qw=448">
<span>
<strong>When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rapid7 Labs identified an active campaign compromising over 250 legitimate WordPress sites across 12 countries, injecting a fake Cloudflare CAPTCHA ClickFix lure that tricks Windows users into pasting a PowerShell command that downloads the DoubleDonut shellcode loader, ultimately delivering Vidar Stealer v2, a newly identified .NET stealer dubbed Impure Stealer, and a new campaign-specific C++ stealer named VodkaStealer. The attack chain runs almost entirely in memory, injecting payloads into svchost.exe via VirtualAllocEx and CreateRemoteThread to evade file-based detection, while the ClickFix JavaScript actively filters out WordPress admin cookies, known bot user agents, and wp-admin referrers to avoid tipping off site owners. WordPress administrators should restrict public access to wp-admin, enforce MFA, audit plugins for known-vulnerable versions, and review Rapid7's published YARA rules and IOCs to detect this campaign.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F15%2Fwiz-investor-unpacks-googles-32b-acquisition%2F%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/dpGVbpIgyLncmDP8rdF3xCsHtezKaRyqu1JDOpIkjOY=448">
<span>
<strong>Wiz investor unpacks Google's $32B acquisition (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google closed its $32 billion acquisition of Wiz this week, marking the largest acquisition in Google's history and the largest ever of a venture-backed startup. Index Ventures' Shardul Shah, Wiz's largest shareholder, attributes the outcome to the founding team's track record and Wiz's position at the intersection of AI, cloud, and security — the three dominant enterprise spending categories. The deal signals growing consolidation in cloud security, with hyperscalers moving to acquire best-of-breed CSPM platforms rather than build them in-house.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Finterpol-operation-synergia-iii-malicious-ip-94-arrest%2F%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/WfHhtaWLCzsm-j6H_i3gQdVi8rdRVHQKf4YkjFIbdcE=448">
<span>
<strong>INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Operation Synergia III, a six-month INTERPOL-coordinated effort spanning 72 countries from July 2025 to January 2026, resulted in the seizure of 45,000 malicious IPs and servers, 94 arrests, 110 suspects under active investigation, and over 200 devices and servers confiscated—doubling the scope of 2024's Synergia II. The targeted infrastructure included phishing sites, ransomware networks, and social engineering operations, with notable actions in Macau (33,000 fraudulent websites identified), Bangladesh (40 arrests), and Togo (dismantling a romance scam and sextortion ring). A separate but concurrent operation by European and US authorities dismantled SocksEscort, a residential proxy network used to launder malicious traffic, seizing 34 domains, 23 servers, and approximately $3.5 million in cryptocurrency.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudsecurity.cisco.com%2Fwebinar-instant-threat-detections%3Futm_name=ROI-DNA%26utm_medium=media-email%26utm_source=publisher-direct%26utm_content=fir-fy26-q3-na-0317-webi-instant-threat-detections%26utm_term=roi-digital-abm%26utm_campaign=roi-fy26q3-glbl-fir-att-exp-fir-me-tldr-bh-mh-lt-dp-webi-0317-hmf%26utm_adgroup=0317-hmf/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/VR2ygRgn9cLXR3ImpcswSsCti4oFodTnrKype5gkMYM=448">
<span>
<strong>Tune in Tomorrow: How Cisco's Hybrid Mesh Firewall Turns Network Data Into Real-Time (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hear directly from Cisco threat researchers on how they're implementing advanced threat research by correlating IPS rules to network telemetry, and delivering detection directly to Cisco firewalls. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudsecurity.cisco.com%2Fwebinar-instant-threat-detections%3Futm_name=ROI-DNA%26utm_medium=media-email%26utm_source=publisher-direct%26utm_content=fir-fy26-q3-na-0317-webi-instant-threat-detections%26utm_term=roi-digital-abm%26utm_campaign=roi-fy26q3-glbl-fir-att-exp-fir-me-tldr-bh-mh-lt-dp-webi-0317-hmf%26utm_adgroup=0317-hmf/2/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/xK0k1ieRLI7fdhhQBeZE9V7GIC48tCoBktJyu6kBZ64=448" rel="noopener noreferrer nofollow" target="_blank"><span>Join the webinar!</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FjzJbR3/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/s7MqPMINWrZ1sMzGT8viJM2e7JSdJujS3VGKU8yvZAA=448">
<span>
<strong>Microsoft re-releases Windows 11 OOB hotpatch to fix RRAS RCE flaw (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft re-released hotpatch KB5084597 for Windows 11 24H2/25H2 and Enterprise LTSC 2024 to address three RRAS RCE flaws (CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111) that allow a domain-authenticated attacker to trick users into connecting to a malicious server via the RRAS Snap-in.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbughunters.google.com%2Fblog%2Fgoogle-vrps-in-review-2025%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/dtXchmwiM6-C8tkrFk5lQO_QB8msbCvj0X3bSNLJ_Ss=448">
<span>
<strong>Google VRPs in Review – 2025 (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's 2025 VRPs paid out over 17 million USD to hundreds of researchers across Chrome, Android, and cloud products.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fshinyhunters-1-petabyte-data-breach-telus-digital%2F%3Futm_source=tldrinfosec/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/OG5aZRyZW9hL435fdgYMOIb5VUNQlnK8ha7chhbcli8=448">
<span>
<strong>ShinyHunters Claims 1 Petabyte Data Theft from Telecom Giant Telus (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters claimed responsibility for a breach at Telus Digital, alleging theft of up to 1 petabyte of data, including customer support recordings, source code, and employee records with FBI background check results.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/rcuKsyp4zIKylD_vTneRQVxix_k9Nsfnr9k_PHkdYLE=448" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/xZXKihGYb0ooyW5eOHoy2vy4yJPNZjakRs6Mgqm5s6c=448" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/__dQkg6y_F7A75rhdlZ4Pzrxb72RG6pvf-l1XGZPfQo=448"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/IQNetuLM5bG5Q6hYTz5_UXdz187CSTRih_nIR4GiJGk=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/2K_Q2tge1CgltEgj3xjmZJH-KnrybuclbeEyI9xoYvk=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/i4HxU8Okc7SYdBRzFLUR3HUuFqU_gOGaFzQoFqKPztw=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/tAhTSMglXApZb3VRCsb-lBaak7m5T82PR-NSY0m0fTE=448"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/MDsYkhLeivYt4L0RJp1z_VH5fhH_cg_mmxs4SC2hCa8=448"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/re8-jV2vmVy3kc3ITOQIgMUTPzLgC4Mn25BVahwXXfA=448"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/E0OaZq6H0Aali9rVdJmOCpoTFMUu3PaD1IsZY0NlA3M=448">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2b34a856-2133-11f1-85e7-737ead227745%26pt=campaign%26pv=4%26spa=1773666100%26t=1773666429%26s=3f7b365c9bf73cc83e361608b500cbfe7ab5fc6f8c24398fd59c9434327edbdd/1/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/yhDt34SuD_dtoSnj8lDZXuXEAtDugrFFn_6i7fyeeHs=448">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cf6c1ec08-4de17061-7dfb-4896-90a6-32fcb5168cfc-000000/ygoy3IrNHCTORbm_VbE3IYc_zrIPzd09LjL9ojhEYI0=448" style="display: none; width: 1px; height: 1px;">
</body></html>