<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Hacked records from DHS's Office of Industry Partnership expose over 1,400 funded contracts worth $845M spanning 2004 to late 2025 โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/Pxj3ehVx917-opWxMkZuP-9SH0eM9mMcXbDe3s9jvVE=448" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/oU1lzBmbebsEUQ6IoQT1x3wEVgWwcRXkxq--vRPupGg=448" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=c401a31e-21f0-11f1-89f1-1778851b6239%26pt=campaign%26t=1773753008%26s=951eb699112444575cc68f5870d1519ccd0dfe94070b599e4da72aaefd42cd17/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/d3_DyaaVTGy9wgckcH2y8u3zC9dlyCyh9xSUfeYf1RA=448"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-primary-1703/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/N4VzxDt3o3tRQFR-KL_vPjFJXhlIiYD-uI7AxNebwag=448"><img src="https://images.tldr.tech/tines50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Tines"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-primary-1703/2/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/IpGSVKtWFmZjc9e7MldPsIaAYQ7ElzNhEX8-1t9BzH0=448">
<span>
<strong>The future of IT infrastructure is here (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Environments have become more distributed and messier -- yet many IT Ops teams still rely on manual workflows to manage capacity, reliability, and scale. The result? Hidden waste, slower incident response, growing risk, and teams stuck firefighting instead of improving systems.<br><br>Tines published a <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-primary-1703/3/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/81IBPuRh6Q8Cl5Q2pDK9CDz3oYJk2gLzBimG3Eo42w0=448" rel="noopener noreferrer nofollow" target="_blank"><span>new essential guide for IT teams</span></a> that shows how to change that.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-primary-1703/4/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/3ytVd9eQjy1weNkLD0ricEy-HyarJ5SRG5pJ5a--TwY=448" rel="noopener noreferrer nofollow" target="_blank"><span>Download a free copy</span></a> to learn:</p>
<ul>
<li>Why manual capacity management quietly drives cost and operational drag</li>
<li>How reactive incident response undermines infrastructure reliability</li>
<li>Using intelligent workflows for predictable, auditable scaling</li>
<li>Practical ways to orchestrate infrastructure using the tools you already have </li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-future-of-it-infrastructure%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-primary-1703/5/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/lbI_T3e83_tGe2EJrX672-BwTCxWg2MNPaYRJdxW7hI=448" rel="noopener noreferrer nofollow" target="_blank"><span>Download <em>The Future of IT Infrastructure</em> from Tines</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn2.qualys.com%2Fadvisory%2F2026%2F03%2F10%2Fcrack-armor.txt%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/1XekAM5OdIWtucdc3153VY9vIc0X7QSACdhXTteP38g=448">
<span>
<strong>CrackArmor: Multiple vulnerabilities in AppArmor (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Qualys identified nine vulnerabilities in Linux AppArmor, which is enabled by default on Ubuntu, Debian, and SUSE. These flaws involve a confused-deputy issue where world-writable pseudo-files allow unprivileged users to manipulate profiles, leading to potential privilege escalation and denial-of-service attacks. Immediate kernel updates and permission audits are recommended to mitigate these risks, with patches already merged into Linus's tree.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F03%2Fglassworm-supply-chain-attack-abuses-72.html%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/UvSoQ3pqk1BF3sdQ29GSp3XzGwyQ9W7d1oLeIeFIhEs=448">
<span>
<strong>GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Socket identified 72 more malicious Open VSX extensions active since January 31, 2026, as part of an intensified GlassWorm campaign. This campaign exploits `extensionPack` and `extensionDependencies` in `package.json` to chain seemingly harmless extensions into delivery mechanisms for transitive malware once trust is established. The malware continues to exhibit classic GlassWorm features, such as Russian locale checks, Solana transactions used as dead-drop resolvers for C2 resilience, and invisible Unicode characters used to hide payloads. Additionally, it now employs greater obfuscation and wallet rotation to evade detection. Meanwhile, Aikido linked the same actor to LLM-generated cover commits across 151 GitHub repositories and two npm packages (@aifabrix/miso-client, @iflow-mcp/watercrawl-watercrawl-mcp) from March 3 to March 9, 2026, targeting credentials, tokens, and secrets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fcompanies-house-glitch-exposes%2F%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/5-cmsK_5d3NM4GeR63ewwIhLhrGjr-JqEt2MWgneJh4=448">
<span>
<strong>UK Companies House Web Glitch Exposes Corporate Details to Fraudsters (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK's Companies House, the agency responsible for incorporating and dissolving the nation's listed companies, has taken its WebFiling dashboard down due to a vulnerability. The vulnerability allowed a user to access other companies' dashboards by selecting โfile for another companyโ and repeatedly pressing the โbackโ key when prompted for an authentication code, which would redirect them to the other company's dashboard. Attackers could exploit this to view and edit information belonging to other companies.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐ง </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.infoguard.ch%2Fposts%2Fdecrypting-and-abusing_paloalto-cortex-xdr_behavioral-rules_biocs%2F%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/uYd37XpPsXCEyGCF2IRh5Sgq7DKXedgiIfn2bBjwE9c=448">
<span>
<strong>Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
InfoGuard Labs researchers decrypted the AES-256-CBC-encrypted CLIPS rule files shipped with Palo Alto Cortex XDR agents 8.7 and 8.8 (content version 1790-16658), exposing hardcoded global whitelists that exempted any process with `:\Windows\ccmcache` in its command line from roughly half of all BIOC detections, including LSASS dump prevention rules mapped to MITRE ATT&CK T1003/TA0006. The global whitelist has been removed in Cortex XDR Agent 9.1 with content version 2160, though individual rule exceptions remain exploitable by attackers with knowledge of the plaintext rules. Defenders running agents below 9.1 should prioritize upgrading immediately. Those on patched versions should audit process command-line telemetry for ccmcache path injection and treat any closed-box EDR as a single layer rather than a complete control.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FFVelfV/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/e7xzk7rtVjifoee-U05ZneaLgGEMV9R-D90OG_gDypY=448">
<span>
<strong>[New Threat Intelligence] European Security Vendor Targeted by Hackers Fronting as Cisco Domain (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Outpost24's threat intel team uncovered a multi-stage phishing campaign that starts with DKIM-validated JP Morganโthemed emails and abused Cisco Secure Email Gateway links, then chains through Nylas tracking, a compromised Indian development company's infrastructure, and a re-registered legacy domain before landing on Cloudflare-protected infrastructure. An anti-bot โhuman validationโ step filters out automated analysis and ultimately delivers a highly convincing Microsoft 365 credential-harvesting page, likely powered by the Kratos Phishing-as-a-Service kit.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frushter.com%2Fblog%2Fgithub-malware%2F%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/QHOele-B6QoIzxU9TCpJ3LbnA13t3U7seJQ39eKotgA=448">
<span>
<strong>The rise of malicious repositories on GitHub (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitHub is seeing a surge of malicious repositories that impersonate legitimate projects and offer only infected Windows binaries, often removing build instructions and technical detail while using LLMโgenerated text to appear authentic. Some repos target macOS/Linux ecosystems like Homebrew but still ship only Windows executables, suggesting a lowโeffort or automated campaign. Attackers abuse README updates and recognizable zip naming patterns to climb search rankings, sometimes using longโstanding or hijacked accounts. While many downloads are now blocked by browser and AV protections, developers still need to verify repos and binaries carefully to avoid compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐งโ๐ป</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fdeploy-cdr-with-cnapp%3Futm_source=email%26utm_medium=tldr%26utm_campaign=cnapp-brief-march-2026/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/-B9g885c8cIe_OnTdgL_YKEoVCFP80v3iVT0nzXXqcg=448">
<span>
<strong>When posture isn't enough: cloud intrusions are up 136% over last year (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CSPM and CNAPP lock the doors, but attackers are already logging in with stolen keys. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fdeploy-cdr-with-cnapp%3Futm_source=email%26utm_medium=tldr%26utm_campaign=cnapp-brief-march-2026/2/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/3RjXBSlg34xRh1nlKM4jNbbimVzrYQ1LalhmOuEEamM=448" rel="noopener noreferrer nofollow" target="_blank"><span>This Mitiga report</span></a> lays out a dual-layer strategy that protects AI adoption while minimizing AI-driven threats. See why posture management falls short and what zero-impact breach prevention looks like. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fdeploy-cdr-with-cnapp%3Futm_source=email%26utm_medium=tldr%26utm_campaign=cnapp-brief-march-2026/3/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/IY-Qkaj05Aw7UFSjZ-aw9IrGLKoEORiIyoMCKpjgtMU=448" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FBaddKharma%2FredStack%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/zn7Z7uxgHCAve4f1EzhCeVQh2kubLJ3oW7mN8mNE1dE=448">
<span>
<strong>redStack (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
redStack is a Terraform-provisioned, boot-to-breach red team lab on AWS that deploys Mythic, Sliver, and Havoc C2 servers behind an Apache redirector with X-Request-ID header validation, URI filtering, and AV/Tor exit blocking, all accessible via a Guacamole portal with an isolated Windows operator workstation. The architecture uses dual VPCs with peering to keep all C2 servers off the public internet and supports OpenVPN integration for closed-lab environments such as HackTheBox, Proving Grounds, and VulnLab.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPulseBeat02%2Fyt-media-storage%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/VIqdKbydNFlnAwFFTVjctMs09QSsqlPcKB1SYUwvWUY=448">
<span>
<strong>YouTube Media Storage (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
YouTube Media Storage is a tool that allows for storing files on YouTube by encoding them into lossless video and then decoding them back to the original file.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Frunreveal%2Fsigmalite%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/1fV5Em9J8bmfny9pwO82MxUr0ZoUcSqe3_yzdjeQD-U=448">
<span>
<strong>sigmalite (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sigmalite is a Golang package that provides a parser and execution engine for the Sigma detection format.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theguardian.com%2Fus-news%2F2026%2Fmar%2F15%2Fhacked-data-homeland-security%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/DktuVwkf6sDUUpetWrX3MLMeDnN9Fc0LlmcmDvFD3o8=448">
<span>
<strong>Hacked data shines light on homeland security's AI surveillance ambitions (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hacked records from DHS's Office of Industry Partnership, obtained by transparency nonprofit Distributed Denial of Secrets, expose over 1,400 funded contracts worth $845M spanning 2004 to late 2025, including May 2025 awards for mobile biometric harvesting devices, AI-powered airport CCTV passenger profiling systems, and a nationwide 911 call data lake with predictive policing capabilities. The leak also reveals 6,000+ companies that bid with the agency, showing the full breadth of private-sector appetite for DHS surveillance work and technologies considered but never funded. The disclosures arrive amid DHS's $165B funding boost and ongoing controversy over agents collecting visual and biometric data on protesters, reigniting civil liberties debates around AI-assisted behavioral screening programs that have repeatedly failed independent review.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.engadget.com%2Fsocial-media%2Fmeta-is-killing-end-to-end-encryption-in-instagram-dms-195207421.html%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/-QcyQ6fwNUXdk1R-o2hc-DZ6WipSuHOcIvSi3QMegKY=448">
<span>
<strong>Meta is Killing End-to-End Encryption in Instagram DMs (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta announced it is discontinuing end-to-end encryption in Instagram DMs due to low adoption. The feature had only been rolled out to a subset of users and required opting in for each chat individually. While Meta does support end-to-end encryption in WhatsApp, it has been unclear about the progress made towards it in Messenger and other apps.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FATKCTB/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/-h1OO7MVOyQZjqQyAVLudjsVPmBiD-vjwb2FSWFyNaw=448">
<span>
<strong>FBI Seeks Victims of Steam Games Used to Spread Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI's Seattle division is requesting that gamers who installed Steam titles containing malware complete a form to provide additional information. Based on the questions in the form, the FBI appears to be investigating the apps for cryptocurrency theft and account takeover. Victims are also requested to include any screenshots of communications with individuals promoting the games.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">โก</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudsecurity.cisco.com%2Fwebinar-instant-threat-detections%3Futm_name=ROI-DNA%26utm_medium=media-email%26utm_source=publisher-direct%26utm_content=fir-fy26-q3-na-0317-webi-instant-threat-detections%26utm_term=roi-digital-abm%26utm_campaign=roi-fy26q3-glbl-fir-att-exp-fir-me-tldr-bh-mh-lt-dp-webi-0317-hmf%26utm_adgroup=0317-hmf/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/yoWAJF7GmAkAG9frPnkqIY3srgh-N6txUr-PM6E730w=448">
<span>
<strong>Tune in Live: How Cisco's Hybrid Mesh Firewall Turns Network Data Into Real-Time (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hear directly from Cisco threat researchers on how they're implementing advanced threat research by correlating IPS rules to network telemetry, and delivering detection directly to Cisco firewalls. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudsecurity.cisco.com%2Fwebinar-instant-threat-detections%3Futm_name=ROI-DNA%26utm_medium=media-email%26utm_source=publisher-direct%26utm_content=fir-fy26-q3-na-0317-webi-instant-threat-detections%26utm_term=roi-digital-abm%26utm_campaign=roi-fy26q3-glbl-fir-att-exp-fir-me-tldr-bh-mh-lt-dp-webi-0317-hmf%26utm_adgroup=0317-hmf/2/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/HTW-BeCEANqaqBfpq4iM38iKz44f75RCnA5anqaQNXk=448" rel="noopener noreferrer nofollow" target="_blank"><span>Join the webinar!</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F15%2Fbytedance-reportedly-pauses-global-launch-of-its-seedance-2-0-video-generator%2F%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/1bc7kZOnES8QKHkdIGGLuaI2aHqkN0GwSec16FkqzS8=448">
<span>
<strong>ByteDance reportedly pauses global launch of its Seedance 2.0 video generator (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ByteDance has delayed the global rollout of Seedance 2.0, its viral AI video model, after Hollywood studios, including Disney, issued cease-and-desist letters over unauthorized use of copyrighted IP.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techradar.com%2Fpro%2Fsecurity%2Floblaw-confirms-data-breach-canadian-retail-giant-says-basic-customer-information-affected%3Futm_source=tldrinfosec/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/gAbqkYL5zlRz6kZLXFkx5J3T2wDWDSCImCIjRw1qcvA=448">
<span>
<strong>Loblaw confirms data breach - Canadian retail giant says 'basic customer information' affected (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers accessed a non-critical Loblaw network segment and stole customer contact data, including names, phone numbers, and email addresses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJH9ggL/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/A0j2VF2sUfEdwzxhVqsutNsk9YJ9RBLEYujfVrjDVCo=448">
<span>
<strong>Hacking Attempt Reported at Poland's Nuclear Research Center (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers recently tried to breach IT systems at Poland's National Centre for Nuclear Research, which operates the MARIA research reactor and backs the country's civilian nuclear program.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/L8XlIx1_Cqmd9blZhvH5Qos4MEQgZpYSr6h6L5OTnxM=448" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/r76FaWz8ovhvB2_FjK8odBAvf4WnCQmYU-wcan6EdwQ=448" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ๐ฐ
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/L6hlT0UJ30xbLlbyLBHVxF96VRmCLoTV7YT8ePrmCwI=448"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ๐ผ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/XaTymZZLg1WRsEQLYZk9CcKHnAUbPm5EkCyurF_rWig=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/dxT1ovk7tBz3I4hJTSgf4hhzjei8adBDcjWYD_-JT9I=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/U4mA1UO-xy3uQOBGb2YEZeGEnqV6KV-2qh-6Y0O4rxM=448" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/oqiRjEbjioVnj39QoJOph1y66HMxZAUYRRg3iuiJEPo=448"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/XMH0bSRnQj5m1fjY4c9S-ItT2HWwU1duPSabCyd30ts=448"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/_RzlqTSKPvJ1eW0vjMbK34IgzcCUfoczhdwF0CEclow=448"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/nBZ85kmxzuR60oDDNgcmyH8_eOcBYGytktivsdB1pD8=448">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=c401a31e-21f0-11f1-89f1-1778851b6239%26pt=campaign%26pv=4%26spa=1773752690%26t=1773753008%26s=5997a562e89ca50b5f197190e5bc2d719b7532af304f005098951199257c65c2/1/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/Z4jdiCVLpAjD_WKfAn0LxgIbJruoF1BqjZ5KcL1Gc3o=448">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019cfbeb0093-bf5771d1-ecc5-4bae-88d4-c820bcc51110-000000/uxdNUQtWYcbz9S1EyIeo_KhvFy6TMJc5fDx2jthli8Q=448" style="display: none; width: 1px; height: 1px;">
</body></html>