<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Researchers performing static analysis on the official White House iOS app uncovered eight critical security findings within β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/x9pWqLUxMg2XBJb4YY6-JkUK9ExcjHWnK4UcJrh1NDM=450" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ShxnjB3s_mmq0-WHoFHlwsDMXr-o_qfIdjWUR6tVy1o=450" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ca5ae41c-2cba-11f1-acfa-c39840a07406%26pt=campaign%26t=1774962528%26s=f91eb52917e5a41ad9aeb8f87a9737437c5955544e9d5e79a1d72d6461b30ed2/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/dLK0hGWc-Eabpj_eo0N7eezrrmIe8lIQ2jRm1fl2nho=450"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/YT2DFIFC8ZpmUKANMmwRC1jkIZHn3rc8PXHoYdYaBzM=450"><img src="https://images.tldr.tech/blackduck.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="blackduck"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-03-31</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/2/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/PyDNBC8fmm_PhI-Ev83-jXwgQjpQh9-D40GQUFp5YCM=450">
<span>
<strong>Black Duck Signal: Agentic AppSec built for AI-native development (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/3/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/HCf4Prp-KVIse6oT5CcwoKvpGckQEf_klDKFXbi7M5U=450" rel="noopener noreferrer nofollow" target="_blank"><span>Black Duck Signal</span></a> combines LLM-powered code analysis with 20+ years of humanβvetted security intelligence to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/4/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/j5kNQAZ2RsD3zx84sGnxIwFrNPdsWHVvOLw8Z8MH8kY=450" rel="noopener noreferrer nofollow" target="_blank"><span>autonomously identify, prioritize, and fix vulnerabilities</span></a> in AIβgenerated code:
<p></p>
<p>>> Analyze new code instantly and fix issues before they're committed.</p>
<p>>> Run security scans with natural language prompts in coding assistants and IDEs.</p>
<p>>> Get fast, accurate results for any programming language - new or old.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.blackduck.com%2Fsignal-ai-appsec.html/5/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ByXZ4IF5PuQrBfISUnOrLgZdsLbyKdLD1YR3hnHrk1c=450" rel="noopener noreferrer nofollow" target="_blank"><span>See it in action and request a demo</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.atomic.computer%2Fblog%2Fwhite-house-app-security-analysis%2F%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/TgOwHimyP6o8qvPCN7cTlJ1Mpoe2ItrFPOdSorb-h_U=450">
<span>
<strong>Security Analysis of the Official White House iOS App (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers performing static analysis on the official White House iOS app uncovered eight critical security findings: six WebViews execute live, unverified JavaScript from Elfsight, a widget company founded in Russia, via a two-stage loader that allows Elfsight's servers to inject arbitrary scripts at runtime with no Subresource Integrity checks and a ReactNativeWebView.postMessage() bridge to the native layer. The app ships OneSignalLocation.framework with always-on background GPS collection, a provably false privacy manifest declaring zero data collection despite ten analytics frameworks in the binary, OneSignal remote parameters that can silently toggle location tracking without an app update, JavaScript that programmatically strips GDPR and cookie consent banners across all WebViews, and a dormant Expo OTA pipeline that, if enabled, would allow arbitrary JavaScript pushes to all devices bypassing App Store review entirely. The app implements no certificate pinning, jailbreak detection, anti-tampering, or runtime integrity checks, leaving API traffic trivially interceptable via MITM on any shared network.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.itweb.co.za%2Farticle%2Fstats-sa-confirms-data-breach-as-hackers-demand-r17m-ransom%2FJBwErvn3wpo76Db2%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/revP43K50sOQPgEb-g9xgl8hQWlzKWCwkCBi7mnvJTc=450">
<span>
<strong>Stats SA Confirms Data Breach as Hackers Demand R1.7M Ransom (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Stats SA, a South African governmental organization that plays a central role in producing reliable data, confirmed that it suffered a data breach. The XP95 hacking group claimed responsibility and is demanding a R1.7M ($100K) ransom for the 154GB of data it stole. Stats SA stated that the system that was breached was an HR system for job-seekers to apply online, and it will not be paying the ransom.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJIycRT/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/jEhLE5Pndj6chokCMx3TGRWG9dxwFiKTNJbMt-nqmhI=450">
<span>
<strong>Hackers Now Exploit F5 BIG-IP Flaw in Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
F5 Networks has reclassified a 2025 DoS vulnerability in its BIG-IP APM (Access Policy Manager) as a remote code execution vulnerability. F5 warned that the vulnerability can be exploited by unauthenticated attackers and that they have observed it being exploited in the wild. CISA has also added it to its Known Exploited Vulnerabilities (KEV) catalog.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fprojectzero.google%2F2026%2F03%2Fmutational-grammar-fuzzing.html%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/uTqzq53vlPPWjm-tc2UbeCH6YUG0gxh87mna2pTjYTA=450">
<span>
<strong>On the Effectiveness of Mutational Grammar Fuzzing (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Project Zero's Ivan Fratric identifies two core weaknesses in coverage-guided grammar fuzzing: coverage metrics fail to reward chained function call sequences needed to trigger complex bugs, and greedy corpus saving produces low-diversity sample sets that converge toward similar inputs. Fratric counters both issues with a periodic worker-restart strategy, in which each worker builds an independent corpus for T seconds before syncing with a shared server, alternating between generative and mutational phases. Experiments against libxslt showed that this approach uncovered up to 9 unique crashes, compared with 2-5 in continuous single-worker sessions, with T=3600 seconds proving optimal for that target.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fholtwick.de%2Fen%2Fblog%2Fbx-sandbox%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/M7cgEvgSM03maobPFBiuvcwk8fIysMKyoMeAENZ_CMs=450">
<span>
<strong>AI Coding Tools in a Sandbox: Why Your File System Needs Protection (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI coding tools like Claude Code, Copilot, and Cursor run with full user-level filesystem permissions, meaning a hallucinated path or misinterpreted command can expose SSH keys, credentials, and sensitive files outside the project directory. bx wraps any AI coding tool using macOS's kernel-level sandbox-exec to restrict filesystem visibility to the target project directory only, with a .bxignore file allowing per-project exclusion of .env files, certificates, and secrets even within the allowed path. Enforcement occurs at the OS kernel before any process can act, so the protection covers not just direct file operations but also MCP server calls, shell commands, and automated hooks that would otherwise execute with the user's full permissions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEXodxw/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/Qjc1CsaMpPU8aPlt1eC6ZytJyIzVjItsD8gL7J_4_2M=450">
<span>
<strong>Designing AI Agents to Resist Prompt Injection (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prompt injection attacks have evolved to more closely resemble social engineering attempts, which makes them harder to distinguish. Some organizations are deploying AI firewalls that attempt to scan inputs to the agents and classify the input as benign or malicious. OpenAI developed a mitigation system for when agents are convinced to act maliciously by a prompt injection attack called Safe URL, which attempts to detect when information would be transmitted to a third-party and prompts the user in those cases.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fguides%2Fgrc-engineering-101%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=low-intent/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/lmubrdPAYCpO2WlUNS1RxddRxdRYbPklGHpcF-Nk4jA=450">
<span>
<strong>GRC Engineering 101: Program as Code (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Real engineering work doesn't happen in spreadsheets. GRC engineers declare controls in Terraform, version them in Git, and route every update through pull requests and CI/CD pipelines. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fguides%2Fgrc-engineering-101%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=low-intent/2/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ZjZNGgyYktC2h17nA1ERM1Wcg4xdqk31bf5vq1N6Z88=450" rel="noopener noreferrer nofollow" target="_blank"><span>Download GRC Engineering 101</span></a> to learn how to get started, or lean more about <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anecdotes.ai%2Fgrc-engineering%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=tldr%26utm_content=newsletter%26utm_term=awareness/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/4L2QLrwgHnU3GobOSC4ISgvL4TCWzF70FTeu3qwJczM=450" rel="noopener noreferrer nofollow" target="_blank"><span>managing GRC as code with Anecdotes AI</span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FChiChou%2Fvscode-frida%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/1oIxkjFWWmRvPSObNnL59gXhedDcCpP5cvmUU5bB3fc=450">
<span>
<strong>vscode-frida (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A VSCode extension that brings a full Frida instrumentation workbench into the editor, featuring a sidebar process/app browser for local, USB, and remote devices, runtime panels for browsing native modules, ObjC classes, and Java methods with one-click hook generation, and an LSP server that provides context-aware autocomplete for Frida scripts against a live target process. It also includes Android tooling for automatic frida-server deployment and APK extraction, iOS SSH shell support, project scaffolding for TypeScript agents and C modules, and GitHub Copilot integration for AI-assisted native hook generation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Fsecurity%2Finside-aws-security-agent-a-multi-agent-architecture-for-automated-penetration-testing%2F%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/e9vzoT_eXmuYQ_xtj6y7WU44kM-5BUjuk_BdMbKU9fY=450">
<span>
<strong>Inside AWS Security Agent: A multi-agent architecture for automated penetration testing (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS Security Agent, now in public preview, is a multi-agent penetration testing system that chains specialized agents across authentication, baseline scanning, managed execution, guided exploration, and assertion-based validation phases to autonomously discover and confirm vulnerabilities. Swarm worker agents are equipped with web fuzzers, code executors, and access to the NVD/CVE databases, while a guided exploration agent dynamically generates context-aware test plans that chain multi-step attacks, such as IDOR combined with authentication bypass. On the CVE Bench v2.0 benchmark, the system achieved 80% attack success rate under real-world conditions without CTF instructions or grader feedback.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdazzyddos%2FPrivHound%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/Bg3juA_jIWz1kXLvFU9gbuY0rpzUyIgfhb-rxHVQTys=450">
<span>
<strong>PrivHound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Privhound is a BloodHound collector for OpenGraph that models Windows local privilege escalation as interconnected attack paths. Unlike WinPEAS or PowerUp, PrivHound automatically chains multi-hop escalation paths, such as PSReadLine history containing credentials for a user with write access to a SYSTEM service binary, and overlays local privesc paths onto existing Active Directory attack graphs. Cross-user escalation analysis uses LogonUser and GetTokenInformation to evaluate what discovered credential targets can access without requiring SeImpersonatePrivilege.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fespionage-campaigns-target-se-asian-government-org%2F%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/jGsxfx9YLX3mu5oRxH5s4UMOfYxlDz-nd80809cwUdU=450">
<span>
<strong>Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 42 uncovered three simultaneous, China-aligned threat clusters targeting a Southeast Asian government between June and August 2025: Stately Taurus deployed the USBFect worm (aka HIUPAN) to propagate the PUBLOAD backdoor via removable media, CL-STA-1048 rotated through a noisy multi-RAT toolkit spanning EggStremeFuel, Masol RAT, EggStreme Loader, Gorem RAT, and the TrackBak infostealer in an apparent attempt to evade XDR detection, and CL-STA-1049 used a novel DLL sideloading chain called Hypnosis loader to quietly deliver FluffyGh0st RAT. TTP overlaps tie the clusters to Earth Estries, Unfading Sea Haze, and the Crimson Palace campaign, suggesting that distinct but aligned operators are coordinating to target the same high-value network. Defenders should monitor for DLL sideloading against legitimate security vendor binaries, USB-propagated payloads masquerading under ProgramData\Intel paths, and C2 traffic to the listed IOCs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4150512%2Fdatabricks-pitches-lakewatch-as-a-cheaper-siem-but-is-it-really-2.html%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/nRQftuUpdkWxS3dCFsChY_XCMEpD6kDGXNwUK7OILec=450">
<span>
<strong>Databricks pitches Lakewatch as a cheaper SIEM β but is it really? (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Databricks' Lakewatch is an open agentic SIEM built on its lakehouse architecture that charges on compute rather than ingestion, promising up to 80% TCO reduction and years of hot, queryable data for threat hunting and compliance. The platform integrates Unity Catalog, Lakeflow Connect, and OCSF normalization to centralize security operations and is backed by the acquisitions of Antimatter and SiftD.ai. Analysts caution that costs shift to compute rather than disappear, and near-term adoption will likely be limited to large enterprises already invested in the Databricks ecosystem.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FlC17KE/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/Kb0i6JzzlC2dx28vpco1YKhWkpEcX2Axx9q8_OuTthA=450">
<span>
<strong>OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Check Point found a flaw in ChatGPT that let a malicious prompt silently exfiltrate user messages and uploaded files via a hidden DNS channel in the Linux runtime, with Custom GPTs being able to bake it in, no user interaction required. Separately, BeyondTrust found a command injection bug in OpenAI Codex: injecting commands via a crafted GitHub branch name could steal GitHub tokens and grant read/write access to the victim's full codebase. Both have now been fixed.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F03%2F30%2Feuropean_commission_breach%2F%3Futm_source=tldrinfosec/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/i2aj3SThI8vtVbdSX-Ha8fcZO4f6ZDSLvIRGGkSjaA8=450">
<span>
<strong>European Commission admits attackers broke into public web systems, but says little else (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers breached the EC's public-facing Europa web infrastructure on March 24, hitting cloud systems that host its public websites.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FqpZmAe/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ik3w0LiCsUV9UHIGxS5RrxobbMR5cWreExtqmFkKRD0=450">
<span>
<strong>Healthcare IT Platform CareCloud Probing Potential Data Breach (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CareCloud, a New Jersey-based Nasdaq-listed healthcare IT provider, disclosed a March 16 cyberattack that disrupted one of its six EHR environments for about 8 hours.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEhBajm/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ol0s3Zo2VD7scLYwrueSFOE3K5G0brupfe-kPhFXTYA=450">
<span>
<strong>That top Google result for Homebrew could infect your Mac (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are buying Google ads to serve a fake Homebrew site above the real one, tricking Mac users into pasting a Base64-encoded Terminal command that installs AMOS (Atomic macOS Stealer), which targets browser credentials and crypto wallets.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/GiiYRssnEr23lmMf7rcGcGh8Iyd-T-VTRSTw0eLj-3Y=450" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/LOCIxJ0r2qWvHI1VaZz1NMVsaEw62np_ywR6AxdIAG8=450" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/fUkjw5ORpnWUhjjKhJ_EBAmTBdY-NRF2zr7qx06AlTo=450"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/XPofuVaOoU_cgEPQObfWw9ZK0hd604LKztvOOdAww4Y=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/Ur4ZPSn7x9QiQ29xrT8p__VNsZ1p5XpDdVvpy3-JxUk=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/kJAGgR5u3qA2Agqnx926myW7Ml2hbQRJVWLdUZ1OYKA=450" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/qLlblxVWwls81ndfVzozB9BJtHGEvZLlWQOdjc5Z1xI=450"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/qnIITQwrl2fQzfsxqDZg4dL72JC7r2NLW2pfQvM1tmk=450"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/SvN_gJud-hl2oy7rDE669wfDtCLRZXPIpeLVc3eCOOc=450"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/YverM-efx7Mz9ec69j598Hlhw3sysFH3k4VAE0rwaQE=450">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ca5ae41c-2cba-11f1-acfa-c39840a07406%26pt=campaign%26pv=4%26spa=1774962206%26t=1774962528%26s=80801fdca8ec8704bf991ce657e8c6e73e12f42372a27df648ead64af879acad/1/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/uXn47UionmDXPDz_jL_d1j66R__fb-4-yrAYbUcoJWw=450">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d4402d054-a9ac98a1-8807-43e8-ab3d-09958c7079b8-000000/ZTiGcyklPiuXSYsSLfX6qYIMMwKCtzwgUds7U4fxuSE=450" style="display: none; width: 1px; height: 1px;">
</body></html>