<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Hackers linked to the World Leaks extortion gang stole and published LAPD-related files from a Los Angeles City Attorney digital storage system β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/lwn9eppRyGVqLnGeenVx2pRYdwLEqhtSGAZZq1gw1eU=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/CKt_hO8udUMZDp4hqzOAW-5NsWKb5NIBu-rGLFuSjUk=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a5fd912c-33cd-11f1-9691-ff1777144410%26pt=campaign%26t=1775740096%26s=a26d10d122c7424362223df12d7cf628e5baf3742a4239590c5471c1fc5ff9c4/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/FYd7lB-P_GcVlBikLQ2O3g7DXn1T1dpBG9eMVTYUkPk=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-09</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fclickfix-attack-node-js-malware-tor-steal-crypto%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/B-F41ZIyRrdezFFlg7UPpF6oSSXHFokFBC6iNbPC9A8=452">
<span>
<strong>New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Netskope Threat Labs identified a MaaS-supported ClickFix campaign that has been active since early 2025. It targets Windows users with a fake CAPTCHA, prompting them to execute a PowerShell command that silently downloads NodeServerSetup-Full.msi. This RAT includes its own Node.js runtime, installs in a "LogicOptimizer" folder, maintains Registry persistence, and reroutes all C2 communications through Tor. The malware scans the host against over 30 security solutions before dynamically loading infostealer modules into memory at runtime, avoiding disk-based detection. An OPSEC oversight exposing its admin panel uncovered a gRPC-based C2 infrastructure, with affiliate groups receiving real-time Telegram alerts about successful crypto wallet thefts. It is recommended that defenders block outbound Tor traffic, monitor msiexec processes initiated by PowerShell, and treat any browser prompt instructing to "fix" via clipboard as an immediate IOC.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F08%2Fchipsoft_ransomware%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/6syg1agZfNEtuL8yQ_oH7JohzQeyAjbyPL5HwWP2zqc=452">
<span>
<strong>Dutch healthcare software vendor goes dark after ransomware attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ChipSoft, a Dutch software vendor that supplies patient record software to around 80% of Dutch hospitals, was hit by ransomware on April 7. Its website is still down. Z-CERT confirmed the attack and is assessing the damage. Most hospitals can still access patient portals, but 11 pulled their systems offline, nine of them heavy users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F08%2Fhackers-steal-and-leak-sensitive-lapd-police-documents%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/90OkLlqj028BhDjBU6iS0KJ2COvkwpnPp4m-GKqgrcY=452">
<span>
<strong>Hackers steal and leak sensitive LAPD police documents (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers linked to the World Leaks extortion gang stole and published LAPD-related files from a Los Angeles City Attorney digital storage system, not the core LAPD networks. The leak reportedly includes personnel files, internal affairs cases, discovery materials containing unredacted complaints, witness identities, medical data, and approximately 7.7 TB across 337,000 files.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FtMBFHa/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/LneyAFCvC-dR_htw4zs-pApuXgclxjhVfbWP7WWieDk=452">
<span>
<strong>Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Orchid Security's analysis found that 46% of enterprise identity activity occurs outside centralized IAM visibility β a blind spot amplified by unmanaged applications, orphaned accounts (40% across observed environments), over-permissioned non-human identities, and autonomous AI agents operating entirely outside traditional governance models. Gartner's IVIP framework addresses this by positioning a continuous discovery and observability layer above access management, using binary analysis, dynamic instrumentation, and LLM-driven intent analysis to surface identity dark matter without requiring API integrations or source code changes. IAM teams should prioritize machine identity gap analysis, enforce JIT access over persistent privileged credentials, and instrument IVIP telemetry ahead of M&A events to audit the identity posture of acquired assets before network integration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F04%2F06%2Fai-enabled-device-code-phishing-campaign-april-2026%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/Vvdtcs0U9-fZKPRhyDp6IweQjAO_FnHwexKvpU9XrRw=452">
<span>
<strong>Inside an AIβenabled device code phishing campaign (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Defender researchers tracked a large-scale device code phishing campaign powered by the EvilToken Phishing-as-a-Service toolkit. Attackers used Railway.com to spin up short-lived Node.js polling nodes and generated device codes dynamically at the time of click, which resolved the 15-minute expiration issue. Emails were tailored to each target role, such as invoices, RFPs, and manufacturing workflows, to boost interaction rates. After capturing tokens, attackers used Microsoft Graph to map organizational structures and then focused on financial and executive accounts for email exfiltration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdevansh.bearblog.dev%2Fon-llms-and-vuln-research%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/1g4Vay1JDLP1ShnuBQNDCsaMnFKvmytjZngjRP37WWE=452">
<span>
<strong>On LLMs and Vulnerability Research (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Frontier LLMs have crossed a threshold in vulnerability research, combining implicit AST-like structural understanding, emergent neural taint analysis, and test-time reasoning (chain-of-thought scratchpads) to trace multi-file data flows, self-verify hypotheses, and decompose "novel" bug classes into known primitives such as spec ambiguities, type confusions, and trust boundary violations. Million-token context windows eliminate the lossy RAG chunking that previously destroyed cross-module relationships, while MoE architectures and RL-shaped reasoning chains make deep, self-correcting code analysis tractable at scale. Defenders should internalize the key practitioner insight: the quality of scaffolding (threat models, stack-specific vulnerability patterns, and constrained search paths) determines whether a model's reasoning budget finds real bugs or wastes cycles, and that orchestration complexity is no longer a moat against well-prompted API access.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anthropic.com%2Fglasswing%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/7XothzcRkq_d3TRsx1ZSx2wcP28UxQ4FHh4tqQ0cddc=452">
<span>
<strong>Project Glasswing: Securing critical software for the AI era (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic launched Project Glasswing, enlisting AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, Palo Alto Networks, NVIDIA, JPMorganChase, Broadcom, and the Linux Foundation to deploy Claude Mythos Preview, an unreleased frontier model that autonomously found thousands of zero-days across every major OS and browser, including a 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug that survived five million automated test hits. Mythos Preview scored 83.1% on CyberGym vulnerability reproduction, compared with Opus 4.6's 66.6%. Opus 4.6 will not be released broadly until new safeguards being piloted on an upcoming Opus model are sufficiently mature. Anthropic is committing $100 million in usage credits to project partners and $4 million in direct donations to open-source security organizations, including Alpha-Omega, OpenSSF, and the Apache Software Foundation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pluralsight.com%2Fsolutions%2Fsecureready%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/Au1mW3d3mTg1SOZ1xL1rPZ2jcccXYfsWn-UIYC-GnIs=452">
<span>
<strong>Pluralsight SecureReady (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pluralsight SecureReady is a security training program for CISOs and IT leaders that ties on-demand courses, labs, and seminars to NIST, NICE, and DCWF roles, updates content within 48 hours of major CVEs, and offers over 350 advanced adversary-emulation labs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fvxcontrol%2Fpentagi%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/28nLUETos7kWSunBRGjboMg1SUHMZD0jB_dXMat0SDc=452">
<span>
<strong>PentAGI (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PentAGI is a self-hosted, autonomous penetration testing platform that orchestrates a multi-agent AI system across 20+ sandboxed security tools, including nmap, Metasploit, and sqlmap, with support for 10+ LLM providers. A Graphiti-powered knowledge graph via Neo4j handles semantic memory and context persistence across testing sessions, while REST/GraphQL APIs and Grafana/Prometheus integration round out the stack. MIT licensed for the core, but cloud-tier features like threat intelligence and AI support via VXControl require a separate license key and ToS compliance.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Frussian-forest-blizzard-hackers-hijack-home-routers%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/E3AgIeWevnBLr7qH0Y_mTEQLWO1zTa3DThsVHL1tA88=452">
<span>
<strong>Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Threat Intelligence has linked Forest Blizzard (Fancy Bear) and sub-group Storm-2754 to a SOHO router hijacking campaign active since August 2025, compromising 5,000+ devices across 200 organizations to conduct DNS hijacking and AiTM attacks at scale using dnsmasq for persistent traffic redirection. Targeted sectors include energy, IT, and telecom, with confirmed data interception from three African government organizations and a specific focus on Microsoft Outlook web users. Microsoft recommends enforcing MFA, adopting passwordless authentication, and prohibiting the use of basic home routers for corporate access to reduce remote workforce exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fgrafanaghost-vulnerability-data-theft-via-ai-injection%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/UomfdMQ0bcFKVpYmnCIQYy851UR2Zk_pY67ycNVFJNs=452">
<span>
<strong>GrafanaGhost Vulnerability Allows Data Theft via AI Injection (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Noma Security revealed GrafanaGhost, an attack exploiting three weaknesses in Grafana's AI components: crafted query parameters for unauthorized access, protocol-relative URLs to bypass image-loading policies, and jailbreak keywords to disable AI safety measures. The attack is orchestrated silently during routine image requests to attacker-controlled servers, requiring no user interaction and evading active security policies by targeting AI processing layers not covered by client-side validation. Defenders should focus on monitoring AI behavior in real time rather than just following instructions, as exploitability varies with deployment security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurelist.com%2Ffinancial-threat-report-2025%2F119304%2F%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/pVvH-XunLkpmLTlQxqQr9QdbrKOvtk6eVMaXPSgfLb4=452">
<span>
<strong>Financial cyberthreats in 2025 and the outlook for 2026 (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kaspersky's 2025 financial threat report found that while traditional PC banking malware continued its decline, infostealers surged 59% globally on PCs, with over one million online banking accounts from the world's 100 largest banks freely circulating on dark web markets β 74% of compromised payment cards remained valid as of March 2026. Phishing shifted away from bank impersonation toward digital services (16.15%) and e-commerce (14.17%), with Netflix, Apple, and Spotify now the most impersonated brands, while Mastercard displaced PayPal as the top payment system lure. Mobile banking malware grew 1.5x year-over-year. For 2026, Kaspersky projects a more data-driven, automated threat landscape, with organizations urged to prioritize identity protection and real-time cross-channel threat intelligence as infostealer-fueled credential markets continue to scale.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F190485%2Fapt%2Fu-s-agencies-alert-iran-linked-actors-target-critical-infrastructure-plcs.html%3Futm_source=tldrinfosec/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/WkeiNoZBSNy1wA19npz_drjDqlUiaoUTTzjpdpAAYvE=452">
<span>
<strong>US agencies alert: Iran-linked actors target critical infrastructure PLCs (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FBI and CISA issued a joint advisory warning that Iran-linked APT actors, including IRGC-affiliated CyberAv3ngers, are targeting internet-exposed Rockwell/Allen-Bradley CompactLogix and Micro850 PLCs via overseas leased infrastructure and Studio 5000 Logix Designer, manipulating HMI and SCADA displays across government, water, and energy sectors, with activity suggesting possible expansion to Siemens devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FLEczMA/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/MGRt2aqon7GeKjvV5E7rPtorGjS9_2HhWC9ZZUwT8Nc=452">
<span>
<strong>Data Leakage Vulnerability Patched in OpenSSL (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenSSL shipped fixes for seven flaws, including CVE-2026-31790, a moderate data leakage bug in RSASVE key encapsulation that can expose uninitialized memory and previous process data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/Or1ONz3bQJiA08Vhw9qRneEwp7hXNwHA_CXSChcMIUE=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/yNB15TU5951mZZcKHXLebClNB-Neb8BKZlB0izmDCjA=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/9iqy8ywIDVfzj8BhO9-KVcAxi3eXx7lef7Nu-VbH3KY=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/GLc3KsJQ7KvBIxKbe6NzS6dkkhhDwAuPsjNALJd1KI4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/X_D0PLjJql4OnDhqki0vL2tN0vkZrBeE_E_PHOOotNQ=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/PpJVj5mfb_gV90vRmijOVBs7YKQfYmjFy5Kku_FAbhI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/jyTwHVxwOPc3S9fPFhS0W0Cpm_bGkTNwXylgBO02InQ=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/K4g03Ex7QXt0TRp8WdB9aCxMHNv7RbhurUIx1trQRNQ=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/c2Ot6PQua0M9HrMJhpkvqw2ieu9oJoS61K6VjR02s6c=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/26B03euho8BwJjqTrPuDOWKhPJQq-1F_RrCM8SDGKdY=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a5fd912c-33cd-11f1-9691-ff1777144410%26pt=campaign%26pv=4%26spa=1775739735%26t=1775740096%26s=54b8a62feac9e0b896ea4c22cc5d9eb58984d163037e6f9cbec4c7883cddde6c/1/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/Y7mQTRe8R7X2sLqICC1dxBWX7H9Qv3o8F-12_3aHKQ0=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d725b8e83-04662f5c-18ff-476c-a5e0-3e8159a889a2-000000/R2la17I75A8sZ3ywZRBo9Gtv5bfzxE_euweTE6lUJJ4=452" style="display: none; width: 1px; height: 1px;">
</body></html>