<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A novel Magecart-style skimmer deployed via PolyShell, an unauthenticated RCE vulnerability in Magento Open Source and Adobe Commerce β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/oft4rVoTDh5vl8nkDS9_IKuBWzlU0vLLBb55MbdmqK0=450" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/mVAkPCGVzsmH00U9nPub8tq77Q1kk5NpAk_kcU2vSyg=450" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3fac5ee0-299a-11f1-b5df-95fbcecb8dbb%26pt=campaign%26t=1774616852%26s=ce9236e080573347193a4c054fdaaf8d609b9ae5ea4c2f7e7c8b561b50c614f9/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/o8puu4gl0TAbITiteNdQtHcOHJ4tlxkBsem74xxvRK8=450"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary03112026%26utm_source=tldrai%26utm_medium=primaryplacement/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/GS3-nhuuowC4FlfBz4IOO8hNyqGy5L244o4aPhAAENA=450"><img src="https://images.tldr.tech/sysdig.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Sysdig"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-27</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary03112026%26utm_source=tldrai%26utm_medium=primaryplacement/2/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/Kbgg7DYNPdHKKwlCC4EX5FnGq_1c-BZChXGFF9Jhx1o=450">
<span>
<strong>Forrester's evaluated 14 CNAPP providers - see why Sysdig was named a Leader (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloud attacks can unfold in under 10 minutes, and posture-only security tools weren't built for that pace. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/FfazFikcqpJSDV1oeIdPOAXvMNo0K6kYtQ5ifok6Qjo=450" rel="noopener noreferrer nofollow" target="_blank"><span>Forrester's latest CNAPP evaluation</span></a> is proof that leading solutions have adapted.
<p></p>
<p>In The Forrester Waveβ’: Cloud Native Application Protection Solutions, Q1 2026, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026/2/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/LCshtq4NYZwReWIxlPZFZ_rbiAdDDvC3lCKN_MmC_tE=450" rel="noopener noreferrer nofollow" target="_blank"><span>Sysdig earned Leader status</span></a> out of 14 vendors evaluated. </p>
<p>π The report noted Sysdig's runtime-powered foundation, its approach to connecting posture with vulnerability and runtime telemetry, and "state-of-the-art AI copilots for staff augmentation."</p>
<p>Choosing (or consolidating) your CNAPP? See how the 14 vendors stack up.</p>
<p>π <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026/3/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/FozAuPCMGu5bO5xfKEzOeloGvNIQzRq9cXEmHUp9io4=450" rel="noopener noreferrer nofollow" target="_blank"><span>Get a copy of the Forrester Wave CNAPP report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FTt8UOa/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/gn1HQMn1XDJ8xHssGIDnpYE6TDWtgSNl0nNO0PDTk2I=450">
<span>
<strong>WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A novel Magecart-style skimmer deployed via PolyShell, an unauthenticated RCE vulnerability in Magento Open Source and Adobe Commerce (patched in 2.4.9-beta1 on March 10 but not yet in production), established WebRTC peer connections to 202.181.177[.]177 over DTLS-encrypted UDP port 3479 to retrieve and inject payment-harvesting JavaScript. WebRTC DataChannels operate outside HTTP, so strict CSP directives and HTTP-layer network inspection tools are blind to both payload delivery and exfiltration. PolyShell has been under mass exploitation since March 19 across 56.7% of vulnerable stores. Defenders should immediately block access to pub/media/custom_options/, scan for web shells, and prioritize upgrading to the patched release when it reaches production.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FH39eQv/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/vey4CxhU2UsLABcrS9GfeL_-FGQs_y7LUIDu14eOEuM=450">
<span>
<strong>Hightower Holding Data Breach Impacts 130,000 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hightower Holding, the parent of financial advisory firm Hightower Advisors, disclosed that hackers accessed its systems on January 8β9, and exfiltrated names, Social Security numbers, and driver's license numbers for 131,483 people. The breach stemmed from compromised user credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzJ4GsT/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/DN9RnNu198gjAMKvpz7Ze3k_jgHxy8J1w0uIQ6V10Ac=450">
<span>
<strong>Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijacking (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch football club Ajax Amsterdam revealed that a hacker exploited system vulnerabilities to access data of a few hundred individuals. The hacker alerted the club about journalists' access. These journalists independently verified the vulnerabilities, confirming they could transfer season tickets, modify stadium ban records, and access extensive fan data through the API.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2026%2F03%2F25%2Ftoast-notifications%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/xzS9ehi6kn6nxSDOdVGlfE1bY8_wzZXGiZ2VB938IbY=450">
<span>
<strong>Toast Notifications (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers with an established foothold can abuse Windows Toast Notifications (MITRE T1204.001) by enumerating registered AUMIDs via PowerShell or registry queries, then crafting spoofed notifications under trusted app identities like Microsoft Edge or Teams to deliver malicious links, trigger credential prompts, or simulate fake incoming calls with deepfake-ready impersonation. The .NET assembly ToastNotify supports in-memory execution from C2 frameworks, and version 1.82.8-style `.pth` escalation patterns highlight how notification abuse pairs naturally with post-exploitation persistence. Defenders should alert on unexpected processes loading `wpnapps.dll` or `msxml6.dll` via Sysmon Event ID 7, monitor ETW PushNotifications-Platform event IDs 2416, 2418, 3052, and 3153, and enforce group policy to disable toast notifications on endpoints where they are not operationally required.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.corelan.be%2Findex.php%2F2026%2F03%2F23%2Fdebugging-windbg-windbgx-fundamentals%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/-Guz7eMlMLjqlA9n92_tJ8HoLjPaR7vKohS9aVCmp3g=450">
<span>
<strong>Debugging - WinDBG & WinDBGX Fundamentals (30 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Corelan's corelanc0d3r published a comprehensive WinDBG and WinDBGX fundamentals guide covering installation, process attachment, breakpoint mechanics, memory inspection, and mona.py integration. Attaching to a running process rather than launching through the debugger avoids changes to NtGlobalFlag heap validation (0x70 in Classic, 0x10 in WinDBGX) that shift allocation layouts and invalidate exploit calculations. Defenders and researchers should anchor breakpoints to symbol names or module-relative offsets rather than absolute addresses to stay ASLR-resilient, and leverage breakpoint command chains with `gc` to build silent dynamic loggers without halting execution.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FoJ9Szs/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/dIXxNKv1W8AH6S9XxUXfpA0ieaFFQyiTPZugfPyf8Kc=450">
<span>
<strong>Stop Enabling Every AWS Security Service (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS offers a myriad of managed security services, which can be overwhelming for new users. Security teams should begin by threat modeling their environment, addressing specific threats with solutions, and keeping in mind existing security tools and costs. However, teams should always embrace automation and enable IAM Center.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/Wc1e4H2h0yw8GfXdXhgydHjw5tIuWO-q3NrRAbFGM2U=450">
<span>
<strong>Black Duck Signal: Agentic AppSec built for AI-native development (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AIβnative development demands a new approach to application security. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/XZzmwNv6IBVCTtQRs1Hx9lNVf2VkCI4OLUaZJVgFOyY=450" rel="noopener noreferrer nofollow" target="_blank"><span>Signal</span></a> combines LLM-powered code analysis with 20+ years of humanβvetted security intelligence to autonomously identify, prioritize, and fix vulnerabilities in AIβgenerated code. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/2/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/YFc4wtdc7kLU8bioN92M8kDnr_rGV4utJGN19BZQQmo=450" rel="noopener noreferrer nofollow" target="_blank"><span>See it in action and request a demo</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Felastic%2Fagent-skills%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/_ycGkScO-XcqtuiHc1MZdfgsoEtsnEHWdNFwfIrm0Hc=450">
<span>
<strong>elastic/agent-skills (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Elastic's official Agent Skills library delivers 33 curated, self-contained skill packages for Elasticsearch, Kibana, Elastic Observability, and Elastic Security β each a SKILL.md file with instructions and context that drops into agentic IDEs, including Claude Code, Cursor, Copilot, Windsurf, and Gemini CLI. Security-relevant skills cover alert triage, SOC case management, detection rule tuning, and audit log configuration, while the install script handles per-agent directory placement with lock-file tracking for drift detection on updates.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fonit.security%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/ZZA8KWk1cZU0wXPR8mWUfWL3dG-vWJGiqPYB8fpC24I=450">
<span>
<strong>Onit Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Onit Security is an exposure management platform that uses agents to analyze business context, link vulnerabilities to specific decisions, identify asset owners from fragmented data, and apply remediation policies across similar issues to cut remediation time.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fintuitem%2Fciso-assistant-community%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/Q2IiIrwouhlt5A8EY0JgJ-5ZnZKKuHQ20pBuATYkiws=450">
<span>
<strong>CISO Assistant Community (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 100+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecdim.com%2Fblog%2Fpost%2Fdangerous-by-default-what-openclaw-cve-record-tells-us-about-agentic-ai-18022%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/w5HG8tRwn7p4E6mDfAySJ9fRk5EEqZsGgarl0HhfYoc=450">
<span>
<strong>Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenClaw, an autonomous local AI agent with default shell execution, file system access, and runtime code generation, accumulated 104 CVEs in 18 days spanning CWE-78 OS command injection, CWE-22 path traversal, CWE-918 SSRF, prompt injection, and auth bypass, a rate 200x higher than LangChain or Ollama across their entire lifetimes. CVE-2026-27001 illustrates the root cause: the working directory path was embedded as a plain string in the LLM system prompt, enabling prompt injection via Unicode bidirectional markers and newlines. The patch strips control characters but leaves untrusted data in the instruction context. Defenders building agentic systems should enforce least-privilege capability scoping, treat all untrusted inputs as structured data kept outside the prompt context, and sandbox runtime-generated code with no host-credential or network-egress access by default.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F25%2Fai_agents_supply_chain_attack_context_hub%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/R9pZvCfStrpOXesCiz66OoZbrz15-TohfvyI8--euRU=450">
<span>
<strong>AI supply chain attacks don't even require malwareβ¦just post poisoned documentation (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Andrew Ng's Context Hub is a service that feeds API docs to coding agents via an MCP server. Researcher Mickey Shmueli found that the pipeline has zero content sanitization, anyone can submit a pull request with malicious instructions, and 58 of 97 closed PRs were merged. His PoC planted fake PyPI package names in Plaid and Stripe docs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F03%2F26%2Fapple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/BCe3XV4lx2dMKjoMXUUaU6_zpBuoSruX_q5LQfquKNQ=450">
<span>
<strong>Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Two hacking tools, Coruna and DarkSword, documented by Google, iVerify, and Lookout, have been widely targeting iPhones that do not have the latest iOS updates. Both exploit memory corruption bugs. iOS 26 on iPhone 17 models prevents these exploits through Memory Integrity Enforcement, but older iPhones are still vulnerable. These tools have now become publicly available, making it easier for attackers to use them.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F26%2Findia_pakistan_cctv%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/o3ddB9Lcj7M2e5WQz1XVVtWTGVtSnleic-1gGU4APGI=450">
<span>
<strong>Indian government probes CCTV espionage operation linked to Pakistan (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Indian police arrested suspects in Ghaziabad after discovering solar-powered CCTV cameras aimed at railway stations and critical infrastructure that streamed footage over cellular networks to recipients in Pakistan, prompting the Ministry of Home Affairs to order a nationwide audit of all CCTV installations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fgadgets%2F2026%2F03%2Freddit-will-require-fishy-accounts-to-verify-they-are-run-by-a-human%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/WVl0CklknaNWPwCuvYOzw6sNqZ7UxuA3BRonGhTHmY8=450">
<span>
<strong>Reddit will require "fishy" accounts to verify they are run by a human (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Reddit announced that accounts showing "automated or otherwise fishy behavior" must prove a human runs them or face restrictions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fcritical-nvidia-vulnerabilities%2F%3Futm_source=tldrinfosec/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/P99UrCxzRBqhCzUldrqRBQStBamgBhRIU7aZEhcHO-M=450">
<span>
<strong>Critical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NVIDIA has patched vulnerabilities across its AI/ML stack, including CVE-2025-33244 (Critical, bulletin 5782) in NVIDIA Apex, and high-severity CVEs in Triton Inference Server, Model Optimizer, NeMo Framework, and Megatron LM.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/X8eD8BxEPtTY7yK1XDHhGn13-KUCRHjSkuCZPO55kxA=450" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/XGsHQoodwZxorPobEAWz7YUVD-ciwZCcts888A85tMg=450" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/vBD1gGGJyUa1yAkPOQkel0Op4HWfM-a5bqwNjdpJ5Pc=450"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/cywa7VkvbkHTXegPD8R89fzUJySUR_0GIDTf2gFY860=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/Lb4Q8FFLQGR2kFspjX9CtW5Q-Xn75C0e6hhKEFHu4N4=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/tfVnbZfPouln9rGdF4fvAqtUjiN6dGM9X6vgYoZ3hyE=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/dMogsedENKHHLLuSTv28rU57McTAPWjm3y_-w_D2Cag=450"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/Y9kz91MllOm4wKmpYlRL_v-D1puXFuT5vNmbwvmBvWQ=450"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/PyTxSST8IDZOvKl2Z0Z9cAP2V9hZE-bUWFmCb_c2kUw=450"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/xancyOtT3tI6l50G1vAxL1SozNrHbbM87yAUKFZBN6M=450">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3fac5ee0-299a-11f1-b5df-95fbcecb8dbb%26pt=campaign%26pv=4%26spa=1774616535%26t=1774616852%26s=9864d95ce9c410cf6a93c494618fb7685f434a53804c5ca1ce915f07a2f4f1be/1/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/iheim4RN0XaYblYu1CVgIqmN_l9rjqPSg_3bKZjfHq8=450">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d2f6839ee-3ae3b058-c0d4-4a59-93d2-6ddb00d97a5c-000000/0tMp7-E8c1hQcnj3OXXyfahTx5L2o9tQu-wRIJQEGTI=450" style="display: none; width: 1px; height: 1px;">
</body></html>