<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A validation flaw in Google Cloud Looker's directory deletion API allowed attackers to pass `["/"]` as the target path, bypassing `.git` protection β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/uvJ54c_2iMNuvUK3C3aC1KdiepNybnFIID8XZ58boQM=450" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/0QuHXapwjR-xe7y8ggDwAlNZfvJEjrHcGyg5t0oDAPM=450" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=41915e0c-27f3-11f1-9643-1926ae0fc3d8%26pt=campaign%26t=1774444024%26s=399261a5804a3576f21c4e9b046821d832ad3b172b78ed748a17a74b4f12dd98/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/L3JN-qUqETFXDTpKEQgCm3Sir1LGym5BDV1a-IltuoE=450"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/pV6vHQO05_U2o6LK741cv_yv2bx8xI3hQ06bY2os7cI=450"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-25</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/2/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/tq6UQGObP-u7hGe7d6rc2wqTdb6KcLYkqCu3w3isjww=450">
<span>
<strong>Ransomware is up 53% - and identity is the primary exploit vector (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The 1,500% increase in AI threat activity is just the beginning of the professionalization of cybercrime. For a data-driven look at today's (and tomorrow's) threat landscape, read <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/3/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/fYSk1GGJoKqJ33WG2gpv9MsU6zqDLQ0V3CUjLBhZy_o=450" rel="noopener noreferrer nofollow" target="_blank"><span>Flashpoint's 2026 Global Threat Intelligence Report</span></a>.
<p></p>
<p>Topics include:</p>
<ul>
<li><strong>The Rise of Agentic Frameworks for Attackers: </strong>Why threat actors are transitioning from GenAI to autonomous agents that execute end-to-end attacks without human intervention.</li>
<li><strong>The Extortion Franchise Model: </strong>How the professionalization of groups like RansomHub and Clop is scaling the cybercrime economy.</li>
<li><strong>The Pivot to "Pure-Play" Identity: </strong>How <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/4/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/y878A8vQ3emyRCgxWmhhLoB4Oj55SFn0KQzhitQkFhI=450" rel="noopener noreferrer nofollow" target="_blank"><span>3.3 billion compromised credentials</span></a> and cloud tokens are making identity the primary exploit vector.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/5/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/TAn-U7KXE8drxbJDDm4yeGBhhjNqNld-hRnJ0g9wKJk=450" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fflatt.tech%2Fresearch%2Fposts%2Fremote-command-execution-in-google-cloud-with-single-directory-deletion%2F%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/zsulxIYgz81bXPm4w4SU62uoNuvx0vrhX3qSPHMqLjc=450">
<span>
<strong>Remote Command Execution in Google Cloud with Single Directory Deletion (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A validation flaw in Google Cloud Looker's directory deletion API allowed attackers to pass `["/"]` as the target path, bypassing `.git` protection checks and triggering deletion of the entire repository directory. By exploiting a race condition in Ruby's `FileUtils.rm_rf` post-order traversal and pre-placing forged Git configs with a malicious `fsmonitor` hook in the worktree, an attacker could achieve RCE on the Looker server during the deletion window. Post-exploitation revealed overpermissioned Kubernetes service account credentials that enabled privilege escalation across Looker instances in the same cluster. Google patched both vulnerabilities and classified the privilege escalation as Sev0.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FZ9thPK/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/eeygwIX7iyAesWCt8HnA-TNiQWg6KZwRaFgdkbagSfs=450">
<span>
<strong>HackerOne Discloses Employee Data Breach After Navia Hack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bug bounty platform HackerOne reported that sensitive information belonging to 287 employees was exposed due to a BOLA vulnerability in benefits provider Navia's platform. The exposed information includes a combination of SSNs, full names, addresses, phone numbers, dates of birth, email addresses, plan enrollment dates, effective dates, and termination dates.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fi7s1ET/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/4wLPRuDH7dcJDMKORGPQboo1sXyHcxhdNis6_JGjdl0=450">
<span>
<strong>AstraZeneca Data Breach: What You Need to Know (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LAPSUS$ has posted an alleged AstraZeneca breach on a Dark Web forum, advertising a ~3 GB archive for sale at no fixed price. The claimed data includes Java, Angular, and Python source code; AWS, Azure, and Terraform infrastructure files; GitHub Enterprise user and access records; and SQL scripts tied to internal operations. The file tree spans 1,486 directories and 5,892 files. Nothing has been independently verified yet.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.netomize.ca%2Fdetect-snappyclient-c-c-traffic-using-packetsmith-yara-x-detection-module%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/gpj67_9v8kfXbdb_DIVJpr05i0xa4uauwhHtLpbqW3U=450">
<span>
<strong>Detect SnappyClient C&C Traffic Using PacketSmith + Yara-X Detection Module (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SnappyClient, a C++ malware family, communicates with its C&C server over TCP ports 3333/3334 to 151[.]242[.]122[.]227 using a custom binary protocol encrypted with ChaCha20-Poly1305, making its traffic resistant to traditional IDS/IPS signature matching. The detection approach combines PacketSmith's protocol-level PaIDs with Yara-X's math module to fingerprint the fixed 3-byte packet header, validate the length field against actual payload size, check the flag byte at offset 0x02 for 0x00 or 0x01, assert entropy >= 4, and confirm fewer than 8 null bytes in the encrypted payload. Validated against 647MB of unrelated traffic with zero false positives, the rule serves as a practical template for detecting encrypted C&C channels where payload content offers no traditional anchoring opportunities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.netskope.com%2Fblog%2Fopenclaw-trap-ai-assisted-lure-factory-targets-developers-gamers%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/80WbjZ33HVCgbqW04_3zgvza0-NFus4y4wnImj-SNmc=450">
<span>
<strong>OpenClaw Trap: AI-Assisted Lure Factory Targets Developers & Gamers (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Netskope uncovered a campaign tracked as TroyDen's Lure Factory, spanning 300+ GitHub-hosted packages that target developers, gamers, Roblox players, and crypto users, using LuaJIT payloads. The Trojan uses two inert components, a renamed LuaJIT runtime and an encrypted Lua script, that only arm when run together, bypassing sandbox analysis. Once live, it runs five anti-analysis checks, sleeps for 29,000 years to defeat timed sandboxes, disables proxy inspection via four registry writes, geolocates the victim, and immediately exfiltrates a full desktop screenshot to a Frankfurt C2 backed by eight load-balanced nodes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloudposse.com%2Fblog%2Fyou-need-more-aws-accounts-than-you-think%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/sNENnbDu3Zd2tN2UZVr5TSpHMFouKhhw5X2zHofwRMQ=450">
<span>
<strong>You Need More AWS Accounts Than You Think (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Many organizations start with a small number of AWS accounts, assuming they won't need more. Organizational needs often grow to require 9-10 accounts with complex migration pathways. The following accounts are good starting points: production, development, and staging environments, a security account, a transit account, an automation account, an audit account, an artifacts account, an optional account for DNS functions, and the root account.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fguides%2Fgrc-engineering-101%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=low-intent/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/YaGECS6rCK_yricOVK5MpGETJBuDALhCmv8lQ6SKyvU=450">
<span>
<strong>GRC Engineering 101: Program as Code (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Real engineering work doesn't happen in spreadsheets. GRC engineers declare controls in Terraform, version them in Git, and route every update through pull requests and CI/CD pipelines. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fguides%2Fgrc-engineering-101%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=low-intent/2/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/JHVAYOgqik8dm_RkjrITS21GKlfO_iIoJZfykTRT86Q=450" rel="noopener noreferrer nofollow" target="_blank"><span>Download GRC Engineering 101</span></a> to learn how to get started, or lean more about <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fgrc-engineering%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=awareness/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/FFze286hKSF_TOFH0_j7_fVyVDpRSixskXxUzzhWckg=450" rel="noopener noreferrer nofollow" target="_blank"><span>managing GRC as code with Anecdotes AI</span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.elastic.co%2Fblog%2Fworkflows-soar%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/S2PFvNtjnv0epc3uX08hVmEns4HCirFXcxVwqvDSQ3A=450">
<span>
<strong>Native automation with Elastic Workflows β No SOAR required (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Elastic launched Workflows in technical preview, a native YAML-driven automation engine built directly into Elastic Security that eliminates the need for a standalone SOAR by giving playbooks and AI agents direct access to alerts, cases, and investigation data. Workflows support both scripted playbook execution for deterministic tasks and agentic reasoning via the Elastic Agent Builder integration, enabling actions such as host isolation, threat-intel queries, and case escalation without context switching across platforms. Teams retaining an existing SOAR can migrate Elastic-adjacent automation incrementally. One European government SOC reported a 2.5-hour reduction in daily manual triage across 500 alerts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fpeakoss%2Fanti-slop%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/n_OAojK8LDg36vhjX0iMwmg0w1r7oXFykCEeVVeCZaU=450">
<span>
<strong>anti-slop (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A GitHub Action that automatically detects and closes low-quality and AI-generated PRs using 31 configurable check rules covering branch patterns, commit messages, PR descriptions, file changes, and contributor history signals derived from 130+ manually reviewed slop PRs. Owners, Members, and Collaborators are exempt by default, and a configurable max-failures threshold prevents false positives against legitimate first-time contributors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FxU3sIA/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/vLe75DiNa908gg1_pPbkmObwMZXrVUZOJJoPFtQ_3_E=450">
<span>
<strong>Firefox Now Has a Built-in VPN With 50GB Monthly Data Limit (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mozilla announced that version 149 of Firefox will ship with a built-in VPN. Users with a Mozilla account will get 50GB of traffic per month, with notifications when they approach the limit. The VPN service is hosted in the US, and Mozilla will only collect technical information relevant to maintaining the performance and stability of the new services and interaction data to understand usage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcursor.com%2Fblog%2Fsecurity-agents%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/Fg3cx_PWxIUUFtzEX4xY0OApyNmTFYZ_hzlWudVGXKY=450">
<span>
<strong>Securing our codebase with autonomous agents (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cursor's security team deployed four Cursor Automations backed by a serverless security MCP Lambda to handle the 5x surge in PR velocity: Agentic Security Review blocks vulnerable PRs at the gate check, Vuln Hunter scans the existing codebase by dividing it into logical segments, Anybump runs reachability analysis and auto-opens dependency patch PRs after tests pass, and Invariant Sentinel runs daily subagents to detect security and compliance drift against a stored baseline. A Gemini Flash 2.5 classifier embedded in the MCP deduplicates semantically equivalent findings across agents, while all results route through consistently formatted Slack alerts with code-location evidence. In the first two months, agents reviewed 3,000+ PRs per week and caught 200+ vulnerabilities before they reached production.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theverge.com%2Fnews%2F899172%2Ffcc-foreign-router-ban%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/RBThcUldDIsJUSh6KoF7C9a3vRemsUbxFuRSbEoSC3s=450">
<span>
<strong>The US Government Just Banned Consumer Routers Made Outside the US (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FCC announced a ban on all consumer routers manufactured in foreign countries, citing national security concerns. Router makers will need to secure a βconditional approvalβ to continue importing routers or to stop selling in the US. This new restriction applies only to future routers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F03%2Fafter-hack-some-ignition-interlock-users-couldnt-start-their-own-cars%2F%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/gl-O6Cm8kNW2_Uect1Mek9KGI_2C0V5tBbYm6lDGLi0=450">
<span>
<strong>After hackers hit an Iowa company, cars around the country failed to start (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A cyberattack hit Intoxalock on March 14, taking down the backend systems that DUI-convicted drivers depend on to calibrate their court-mandated ignition interlock devices. Without calibration, car lock systems stayed down through March 22, affecting 7β10% of users in some states. Intoxalock offered 10-day extensions and promised to cover tow fees, but the fix didn't work on all versions of the device.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/-UP0_nBb0pq5MPNqjK0LKze9Js2xsyilwNZ6PrBfS_w=450">
<span>
<strong>Agentic AppSec that autonomously fixes vulnerabilities in AI code (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Black Duck Signalβ’ combines LLMβpowered code analysis with 20+ years of humanβvetted security intelligence to autonomously identify, prioritize, and fix vulnerabilities in AIβgenerated code <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/oMK925sYXXjVSlYxHDFfEOJ8L4NMzZsrp2ixAdckbJc=450" rel="noopener noreferrer nofollow" target="_blank"><span>Build securely with Black Duck Signal</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F24zz8h/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/-cXROcHfCSBmunQtOE7wv_LnWNEE58CwtF21ckSGXCk=450">
<span>
<strong>Crunchyroll probes breach after hacker claims to steal 6.8M users' data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A threat actor compromised an Okta SSO account belonging to a Telus International BPO support agent on March 12 to exfiltrate 8 million Crunchyroll Zendesk support tickets containing names, email addresses, IP addresses, and limited payment data, then demanded a $5 million ransom.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FyAtUe2/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/Xi-LtYn0pnsLrbja1pgK0oHtS1PKDLb9PBWtCaqEPqo=450">
<span>
<strong>3.1 Million Impacted by QualDerm Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
QualDerm Partners disclosed a breach in December 2025 in which attackers had unauthorized network access for two days.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techradar.com%2Fpro%2Fsecurity%2Ftraces-of-unauthorized-access-mazda-confirms-data-breach-that-exposed-employee-and-partner-data%3Futm_source=tldrinfosec/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/Mqg_J-ppLGKwS0dHQLDDaixbQsvTzneUyKNCTTf_TB8=450">
<span>
<strong>'Traces of unauthorized access': Mazda confirms data breach exposing employee and partner data β here's what we know (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mazda confirmed that a breach of a warehouse management system used to handle parts sourced from Thailand occurred in December 2025.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/YJbhSYNmB7Y4t27alHIja2dpCsKdJxJMllzlDTW9ihI=450" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/FidN1yqQ3qpu55wJy_XfWYxX6reiTw6Q9IKtbzSh1Ww=450" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/JrP8wYm_KTOMXQWqL9x4oBL9JoE2VAObcFpjC7sP-pM=450"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/xwqsG0Tbp39i4o0oe-TTp3U6xX5CoaE0yNQLsxKQJmY=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/zwPJMrDA2qQvB_cRGPpHKRdtrZ4E6ks6BGGoQeyFL3s=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/fBRXLGNJYicQX7Wr73tdEFxN5KlSdukxkYF9PmxbIAE=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/fTnY72B6MfUcFQVUp_eMMSCWGG1fi3QaUL4NI5QiCjA=450"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/lksY0F3F8dzSX1B_p4KjrdtXfZUzhpGBVZmxRIP_9ns=450"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/ipcAMvRH1-0-29MkhL6avNqCL2Qd0EhybM4J--MhMug=450"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/07VbIG2gSL24IHc3y5j67MqYluiA1FkYpOpYNUgXD_w=450">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=41915e0c-27f3-11f1-9643-1926ae0fc3d8%26pt=campaign%26pv=4%26spa=1774443701%26t=1774444024%26s=395b8436ba4323db1405ba3995c531184a588e50296d09e506d2658c0e6a89ee/1/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/zxxOM5HLxlInmCuuINTOvJeoeZyosHi2N_FZWov3Pqo=450">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d251b12f8-6990d9da-5bad-400e-8977-044ce5e89424-000000/11Uc9aPe5K25qL-5NNb_skTiyezG9LT8-6AnwqEZVu0=450" style="display: none; width: 1px; height: 1px;">
</body></html>