<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The @openclaw-ai/openclawai npm package, uploaded March 3 and active for a week before removal, infected 178 developers on macOS â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â â </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/XX_t87r6uTq4FZYuyqqibqWNnNx431JCq1AsUOnTuS8=450" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/lrfH5441JfScIo19WG5fRXQpT_bT1y_yhDNxdBH5cmw=450" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2ffb7d12-273f-11f1-9e2d-7f4621686d18%26pt=campaign%26t=1774357637%26s=ce99b34ca563d477e6c88048233e9b135456a48d18a0f752817905415b9f95ed/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/TJ3mONH7nevK6uBOCm35ytHb4NLE6YFH2EG7vGzQFGo=450"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netscout.com%2Fresources%2Febooks%2Ffrom-alert-to-insight-elevating-cybersecurity%3Futm_source=tldr%26utm_medium=display%26utm_campaign=brand-campaign-cybersecurity%26utm_keyword=display%26utm_content=campaign_page/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/EH3lbpyvkSLpOW2Ld9Z74s4iSYVpawKglPvrkQLi2vY=450"><img src="https://images.tldr.tech/netscout.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="NetScout"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-24</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netscout.com%2Fresources%2Febooks%2Ffrom-alert-to-insight-elevating-cybersecurity%3Futm_source=tldr%26utm_medium=display%26utm_campaign=brand-campaign-cybersecurity%26utm_keyword=display%26utm_content=campaign_page/2/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/SpEOndlDBQt12W_9V7Gg0XJdrfZHcU58MOaMTUZ6QKw=450">
<span>
<strong>Beyond detection: 3 resources for investigation-first cybersecurity (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The missing link between detection and response is investigation. Start with these 3 resources from NETSCOUT:<p></p><p><strong>ð</strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netscout.com%2Fresources%2Febooks%2Ffrom-alert-to-insight-elevating-cybersecurity%3Futm_source=tldr%26utm_medium=display%26utm_campaign=brand-campaign-cybersecurity%26utm_keyword=display%26utm_content=campaign_page/3/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/Yko8BWerJWBYHjoor8h297-YULiSZ5tWzlQZr_PSZEk=450" rel="noopener noreferrer nofollow" target="_blank"><span>[Ebook] From Alert to Insight - Elevating Cybersecurity:</span></a><strong> </strong>How network visibility improves incident response and helps security teams close the gap against sophisticated attackers.</p>
<p>ðĨ <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netscout.com%2Fresources%2Fvidyard-all-players-15%2Fone-smart-question-why-is-full-investigation-essential-for-cyber-resilience%3Futm_source=tldr%26utm_medium=display%26utm_campaign=brand-campaign-cybersecurity%26utm_keyword=display%26utm_content=campaign_page/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/bQjUMVUzVOyIXzVMFuEaALkMlTvzR0gjv--lPzjyiMM=450" rel="noopener noreferrer nofollow" target="_blank"><span>[Video] One Smart Question: Why is Full Investigation Essential for Cyber Resilience?</span></a> Six key stages to fully understand the scope of the attack, obtain the proof, isolate the threat, and respond tactfully.</p>
<p>ð <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netscout.com%2Fproduct%2Fcyber-intelligence%3Futm_source=tldr%26utm_medium=display%26utm_campaign=brand-campaign-cybersecurity%26utm_keyword=display%26utm_content=campaign_page/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/D7jW81DpyHb8527z77XBjJK2SPpaDVrqzq5OZf1pewQ=450" rel="noopener noreferrer nofollow" target="_blank"><span>Omnis CyberStream and Omnis Cyber Intelligence NDR Platform.</span></a> A scalable, investigation-focused Network Detection and Response (NDR) solution powered by deep packet inspection (DPI).
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">ð</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cryptopolitan.com%2Fghostclaw-steals-crypto-wallet-data-devs%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/v0K0fd6oYpwjtnNFdTYcvx-fBwca86JndnPE3dPIfXc=450">
<span>
<strong>GhostClaw steals crypto wallet data from devs (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The @openclaw-ai/openclawai npm package, uploaded March 3 and active for a week before removal, infected 178 developers on macOS by posing as a legitimate OpenClaw CLI tool before deploying GhostLoader, a second-stage JavaScript payload retrieved from a C2 server that harvested crypto wallet keys, macOS Keychain passwords, SSH keys, cloud credentials, and AI platform API tokens for OpenAI and Anthropic. GhostLoader polled the clipboard every three seconds for private keys and seed phrases, cloned browser sessions for direct wallet access, and exfiltrated stolen data via Telegram, GoFile, and attacker-controlled command servers. A parallel GitHub-based campaign tagged developers in issue threads with fake $5,000 CLAW token airdrop offers, redirecting victims through token-claw[.]xyz to a phishing site at watery-compost[.]today that drained wallets on connection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Feconomist.com.na%2F105290%2Ftechnology%2Finc-ransomware-group-target-airports-company-500gb-of-data-at-risk%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/mAKOCpp7pic77I_Jz_bJ5zFEPfHPuNFWvDhC1x0vI3c=450">
<span>
<strong>INC Ransomware Group Targets Airports Company (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Namibia Airports Company (NAC) has announced that it suffered a data breach when an unauthorized party stole 500GB of data from its system and threatened to release it online. The stolen data allegedly contains financial records, HR information, customer data, and contact details. The INC ransomware group has claimed responsibility for the attack but has not yet released the data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJg7SfO/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/mpeBEqnymUHDrw2QBmYmycmLUg15ODUnumKQWD4l-HI=450">
<span>
<strong>Mazda Discloses Security Breach Exposing Employee and Partner Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mazda states that attackers exploited a vulnerability in a warehouse management system for parts procured from Thailand, resulting in a breach of employee and partner data. The breached data includes: user IDs, full names, email addresses, company names, and business partner IDs. The company has implemented security improvements, including reducing internet exposure, applying security patches, increasing monitoring for suspicious activity, and introducing stricter access policies.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">ð§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrypt3ia.wordpress.com%2F2026%2F03%2F20%2Fthreat-intelligence-report-mango-sandstorm-indoor-fakeset-activity%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/8HwJV1kTFrQoh4zOJhqY30geSRWN0Zodw1_WfnCfGOM=450">
<span>
<strong>Threat Intelligence Report: MANGO SANDSTORM Dindoor / Fakeset Campaign (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MuddyWater (MANGO SANDSTORM/MERCURY) conducted an espionage campaign in February against a US financial institution, a US airport, a Canadian non-profit, and an Israeli defense software subsidiary using Dindoor, a Deno runtime backdoor chosen specifically to evade PowerShell/Python-tuned detection logic, alongside the Python-based Fakeset implant linked to prior Stagecomp and Darkcomp certificate lineage (T1059, T1566, T1567, T1105, and T1071). Rclone exfiltrated data to Wasabi cloud storage while staging infrastructure leveraged Backblaze B2, deno.land, and Cloudflare-fronted domains including uppdatefile[.]com, serialmenot[.]com, and moonzonet[.]com to blend C2 traffic within legitimate enterprise cloud activity. Defenders should prioritize detecting Deno runtime execution in non-development environments, anomalous Rclone invocations outside sanctioned backup workflows, and outbound traffic to commodity cloud storage, as the absence of traditional static IOCs is itself a deliberate operational characteristic of this campaign.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnasser.nz%2Fblog%2Frug-pull-attack%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/Z7ZTbSQlE8EJpHuB7okpYUWPyWkEEj-h-SyltRonxbc=450">
<span>
<strong>The Rug Pull Attack (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The MCP spec contains no versioning, content hashing, or approval-time snapshots, allowing a malicious server to silently rewrite a tool's description, parameters, and behavior between user approval and agent execution, enabling exfiltration that existing observability platforms like LangSmith and Datadog cannot detect since they record what was called but not whether it matched what was authorized. The attack is fully silent: the tool name and parameter schema remain unchanged, the agent receives a normal-looking response, and mutable logs provide no cryptographic evidence of what the tool actually did with accessed data, creating HIPAA, SOC 2, and EU AI Act Article 12 compliance gaps. Mitigation requires SHA-256 hashing the full tool definition at approval time, verifying the hash before each execution call, and recording every action in a Merkle-tree-backed append-only hash chain that produces tamper-evident receipts independently verifiable without trusting the agent framework or MCP server.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.marisec.ca%2Freports%2Fwhy-your-brain-is-a-cyber-security-risk%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/f-4CukaQ7QP5J1buoebsL9rvEvLWMQyniGMf7PxIiGw=450">
<span>
<strong>Why Your Brain is a Cyber Security Risk (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Under stress, the brain defaults to familiar choices, a response that threat actors deliberately exploit. A fake password reset email triggers panic, which leads to clicking a phishing link and reusing an old password. That reused password can compromise a corporate account. Familiarity bias and cognitive narrowing are the mechanisms behind this. The fixes are concrete: deploy MFA with certificates on VPN, roll out a corporate key vault, stop forcing password expiry per NIST SP 800-63B, adopt passkeys, run monthly security awareness training, and monitor dark web credential leaks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">ð§âðŧ</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oligo.security%2Fcadr-for-dummies%3Futm_campaign=369717496-TLDR%2520Newsletter%2520March%25202026%26utm_source=TLDR%26utm_medium=newsletter%26utm_term=TLDR-newsletter-traffic%26utm_content=newsletter-ad/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/Z50OyQWuuPk6zItPHBCYdWHJmmx4nhEueQDeQwixd48=450">
<span>
<strong>Cloud security is moving closer to the application. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Detection and response needs to happen at runtime, where real activity occurs. Cloud Application Detection and Response (CADR) is emerging to address this shift. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oligo.security%2Fcadr-for-dummies%3Futm_campaign=369717496-TLDR%2520Newsletter%2520March%25202026%26utm_source=TLDR%26utm_medium=newsletter%26utm_term=TLDR-newsletter-traffic%26utm_content=newsletter-ad/2/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/iWoBlrWIspyeh31cACHQhIe6PFSOXzZXyRJGXNphpAo=450" rel="noopener noreferrer nofollow" target="_blank"><span>The CADR for Dummies book</span></a> explains how teams protect cloud applications and AI systems in production.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oligo.security%2Fcadr-for-dummies%3Futm_campaign=369717496-TLDR%2520Newsletter%2520March%25202026%26utm_source=TLDR%26utm_medium=newsletter%26utm_term=TLDR-newsletter-traffic%26utm_content=newsletter-ad/3/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/VfDmUOOD3Ypqx6wJF_3yRFMVxPi2S8sxmGQqqW1t7p0=450" rel="noopener noreferrer nofollow" target="_blank"><span>Get the Guide â</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Felder-plinius%2FOBLITERATUS%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/BYlnea7ErRL7VF7M03PAHqo3iSdpv6-OkidI4FQlLYk=450">
<span>
<strong>OBLITERATUS (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An open-source mechanistic interpretability toolkit that locates and surgically removes refusal behaviors from transformer-based LLMs using SVD decomposition to extract refusal direction vectors from hidden states, then projects them out via norm-preserving biprojection across attention and MLP layers without retraining. The pipeline spans 15 analysis modules covering concept cone geometry, alignment imprint detection (distinguishing DPO vs. RLHF vs. CAI from subspace geometry), cross-model universality indexing, and Ouroboros effect quantification to predict whether guardrails self-repair post-removal. Every opted-in run contributes anonymous benchmark data, including refusal rate, perplexity, and KL divergence, to a crowd-sourced cross-architecture dataset accessible via a community leaderboard on HuggingFace Spaces.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fscanner.dev%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/dk_GTQg2N3FKkQcXJ2sFZn4FN4qGKjBVbEe15hfB9P0=450">
<span>
<strong>Scanner (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Scanner lets security teams build a cloud-native security data lake that connects to existing tools and runs fast threat hunting, continuous detections, and AI-agent workflows using inverted indexes that scale up on query and down when idle.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsecutils-dev%2Fsecutils%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/BknDrQs37N46GS2eGtni_PnOMxOWAxtZuz3EhEtk7eM=450">
<span>
<strong>Secutils (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Secutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers built by application security engineers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">ð</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2026%2F03%2Ffeds-disrupt-iot-botnets-behind-huge-ddos-attacks%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/PXHabOen8b7nJcHUOG_gTnhF4v8YyMIKM6mM81Ck7kY=450">
<span>
<strong>Feds Disrupt IoT Botnets Behind Huge DDoS Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US Justice Department, alongside Canadian and German authorities, seized infrastructure behind four IoT botnets named Aisuru, Kimwolf, JackSkid, and Mossad that collectively compromised over three million routers and webcams and launched hundreds of thousands of record-breaking DDoS attacks against targets including DoD infrastructure. Aisuru emerged in late 2024 and seeded Kimwolf in October 2025, a variant that introduced a novel lateral-movement mechanism capable of infecting devices behind internal networks, a technique subsequently copied by several competing botnets. Law enforcement actions in Canada and Germany targeted suspected operators, including a 22-year-old Canadian identified as a core Kimwolf operator and a 15-year-old in Germany.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F03%2Fwe-found-eight-attack-vectors-inside.html%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/tw_CXJhEg2-F5_tVAZGQpistF3MB3jVxQhjVpvt1aTY=450">
<span>
<strong>We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
XM Cyber's research team mapped eight validated attack vectors in AWS Bedrock targeting permissions and integrations, not the models themselves. A single over-privileged identity can redirect invocation logs to an attacker-controlled S3 bucket, steal SaaS credentials stored in Knowledge Base configs, hijack agents via bedrock:UpdateAgent, inject malicious Lambda layers, reroute flow data, strip guardrails entirely, or poison shared prompt templates in-flight â all without triggering an application redeployment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theguardian.com%2Ftechnology%2F2026%2Fmar%2F22%2Fpalantir-extends-reach-into-british-state-as-it-gets-access-to-sensitive-fca-data%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/ZD-LbD6XthGSTJuUuEMRHCTPgf0Sc-gEtea5m5gla5M=450">
<span>
<strong>Palantir Extends Reach Into British State as it Gets Access to Sensitive FCA Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK's Financial Conduct Agency (FCA) has awarded Palantir a contract to design an AI system to help the agency tackle financial crimes such as money laundering, fraud, and insider trading. The data includes sensitive information such as recordings of phone calls, emails, and social media posts. Employees within the FCA have raised alarms at feeding this sensitive data into a private company's AI system.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">âĄ</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fhacker-group-lapsus-astrazeneca-data-breach%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/t64rDwahBxPgvEIDiKxdyKZjdQE3UcWGvQiVcC1YW5s=450">
<span>
<strong>Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A group claiming to be LAPSUS$ is auctioning an alleged 3GB AstraZeneca dataset containing GitHub Enterprise role mappings, employee and contractor PII, and claimed AWS/Azure/Terraform configurations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fsocial-engineering-surge-intrusion-vector-mandiant-m-trends%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/P9Hv2-CSifjHHsEKBLedU5ikoNUgIp8yWWH4EEcFloI=450">
<span>
<strong>The phone call is the new phishing email (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant's 2025 M-Trends report found voice-based phishing, a hallmark of The Com and Scattered Spider, accounted for 11% of all investigated incidents as email phishing collapsed from 22% in 2022 to just 6%.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fpolice-shut-down-dark-web-sites-csam-network%2F%3Futm_source=tldrinfosec/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/tM_cGB56D76F19_UIkuAO0s0D8kN7-9cY7ELe_pFIV8=450">
<span>
<strong>Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Operation Alice, a Europol-backed takedown spanning 23 countries from March 9 to 19, dismantled 373,000+ dark web onion domains, seized 105 servers, and identified 440 customers of a single-operator CSAM and CaaS network that netted over âŽ345,000 in cryptocurrency.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/1XV7D-WxxyBywXl6rG-Od89xoZiGNEcwdKaWE9Up68w=450" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/c0lSMm48hERWpFKcxR2rmkzMA3rbsklCftIgRoL9nvA=450" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ð°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/F--KNTSvSBn9VwkGAeM-IoG-Yh2REYKKZB7GyV1TWJA=450"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ðž
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/yHIwzbdbJRNdd8feswApoKxP4_uTQITD1-rawfixtFk=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/x-E4IpcwvPoa-49UJldmf3yRHo7JsiZcyHtckTIzbO4=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/SbHnImyZcI8vs04cK-gErNZpyIsh6rzK4cQvkLHGUnA=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/QzXjNB9T1qWLlHiHsnBWwpMMqkWxsHcF1F5pJy8xTWI=450"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/U97h09AuNkY4IibRBfwJk8QEMQ60AKanFac328BvBYk=450"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/kwemLiTufKCqwlQVQgixL_w-icoQClhqtMx_4lxJs5Q=450"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/8z27BIS5K0Hs3jQaA4Fhre1ghnj54hCqCaWlAb01Cig=450">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2ffb7d12-273f-11f1-9e2d-7f4621686d18%26pt=campaign%26pv=4%26spa=1774357317%26t=1774357637%26s=b6bc4ce1a2728ef457507312730b256767142956a6ebc2c6026e0e087e98d1df/1/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/efbgVRE_6HU2ndL7ua1JFhB-Zt8HLlgaVfxyMvD7Er0=450">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d1ff4eb94-d9f26622-1a3b-4488-8549-9efc536ae57c-000000/AsVp6i93bCJ6PGvbMgHX0pS-YwbGv1hWC7tkHwBMGnY=450" style="display: none; width: 1px; height: 1px;">
</body></html>