Back to templates

JunOS Pre-Auth RCE 🌐, Coruna iOS Exploits πŸ“±, Chat Transcripts Extractors πŸ€–

This template is displayed for design inspiration and research purposes only. All trademarks, logos, and content belong to their respective owners. Not affiliated with or endorsed by the original sender. Copyright policy

About this template

Cybersecurity newsletter covering critical vulnerabilities, threat intelligence, and offensive security tools.
  • Juniper RCE, iOS exploits, data breaches
  • APT41, AI governance, secrets scanning
  • Audience: security professionals

Tags

#professional#none#learn_more#sign_up#multi_column#newsletter#saas#media#light#en#us

Preview

Sign Up |Advertise|View Online
TLDR

Together With Action1

TLDR Information Security 2026-03-05

Patching is annoying. Action1 handles your first 200 endpoints for $0, forever (Sponsor)

Patching is slow, tedious, and always the first thing pushed to next week. What if patching just worked β€“ automatically, and for free? 

Get the cloud-native patch management solution trusted by eBay, Coca-Cola, and the State of California at zero cost. Action1 provides fully functional patch management for OS and third-party apps β€“ free for the first 200 endpoints.  

βœ… Supports Windows, macOS, Linux, and third-party apps. 

⚑️ Up and running in 5 minutes, zero infrastructure required. 

🀨 Sounds too good to be true? Just give it a try! Use the full product with no credit card, no expiration date, no hidden tricks. See for yourself at https://on.action1.com/tldr 

πŸ”“

Attacks & Vulnerabilities

Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) (7 minute read)

CVE-2026-21902 (CVSS 9.8) is a pre-authentication RCE in Juniper Junos OS Evolved on PTX Series routers caused by the On-Box Anomaly Detection Framework's Python REST API binding to 0.0.0.0:8160 instead of an internal-only interface, exposing unauthenticated shell command execution running as root. Exploitation requires four unauthenticated HTTP POST requests: register a RE-SHELL command, wrap it in a DAG, schedule a DAG instance, then commit, after which the schedule enforcer passes the attacker-controlled syntax field directly into subprocess.run(). Affected versions are Junos OS Evolved 25.4 before 25.4R1-S1-EVO and 25.4R2-EVO. Operators should patch immediately and audit exposure of port 8160/TCP at network boundaries.
Exploiting Integer Overflow in the Nginx Web Server: A Deep Dive into the Vulnerability (11 minute read)

CVE-2017-7529, a now-patched integer overflow in nginx's Range header parser, affected versions 0.5.6 through 1.13.2 and allowed attackers to read out-of-bounds memory from nginx's cache files by crafting two negative byte ranges that caused a signed 64-bit integer overflow in the size accumulator, bypassing the content-length bounds check. When nginx operated as a caching proxy, the exploit leaked the raw cache file contents, including internal request headers, backend server identity, and potentially backend IP addresses. The vulnerability carried limited direct impact but demonstrated how information disclosure primitives can serve as links in a broader attack chain.
New LexisNexis Data Breach Confirmed After Hackers Leak Files (2 minute read)

LexisNexis confirmed that attackers accessed legacy servers, exposing customer identifiers, business contact data, survey respondents' IPs, and support tickets, while denying any impact on current products and services. Hackers claim React2Shell and misconfigured AWS led to theft of over 2 GB of data, including 400,000 personal records and sensitive enterprise, employee, and development information.
🧠

Strategies & Tactics

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit (15 minute read)

Coruna is a sophisticated iOS exploit kit containing five full exploit chains and 23 total exploits targeting iOS 13.0 through 17.2.1. It proliferated from a commercial surveillance vendor customer to a Russian espionage group, UNC6353, which conducted watering hole attacks against Ukrainian users, and ultimately to a Chinese financially motivated actor, UNC6691, that deployed it via fake crypto exchange sites to steal cryptocurrency wallet credentials. The kit's final payload, PLASMAGRID, hooks into 18 crypto wallet apps, scans for BIP39 seed phrases, and uses a DGA seeded with "lazarus" to generate fallback C2 domains. iPhone users should update to the latest iOS immediately. Where updates aren't possible, enabling Lockdown Mode is recommended, and defenders should review the published YARA rules and IOCs for hunting activity.
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation (5 minute read)

DNS-01 is a standard for validating ACME certificate issuance by publishing a DNS record to verify the domain ownership. The mechanism can lead to operational complexity because it requires a new TXT record for each issuance, which may need DNS API credentials to be embedded in automation scripts. It also makes the renewal process vulnerable to DMS propagation delays. Let's Encrypt has proposed a new standard called DNS-PERSIST-01, which enables a persistent DNS record to pin an ACME request and specific CA that can issue records.
Rare Not Random: Using Token Efficiency for Secrets Scanning (6 minute read)

Gitleaks has traditionally built its secrets scanner using a combination of regexes, entropy, and rule-based filters. This post details how the team adapted the scanner to use token efficiency, which tests how frequently a piece of text appears in a model's training data by dividing it into tokens, instead of entropy, to boost performance. Using this method and a few other tweaks, the author created a tool called BetterLeaks, which outperforms other scanners, such as CredSweeper, on secret detection in the CredData dataset.
πŸ§‘β€πŸ’»

Launches & Tools

Claude Code Security is here. But don't throw out your AppSec just yet (Sponsor)

The launch of Claude Code Security validates what you already know: AI coding risks require AI-native, agentic app security. But enterprise security isn't redundant. Real risk extends beyond AI-generated code. Agentic AppSec delivers end-to-end coverage across development, build, and runtime. Read the Checmarx blog to see why.
CStrike v2 (GitHub Repo)

CStrike v2 is an autonomous offensive security platform built on a containerized Docker stack with a real-time web dashboard and AI-driven scan orchestration across 35+ integrated tools.
JetStream Security (Product Launch)

JetStream provides an AI governance platform that builds dynamic "AI Blueprints" to map AI agents, models, data, tools, and identities, giving enterprises real-time visibility, risk control, and cost tracking for production AI deployments.
TrustTunnel (GitHub Repo)

TrustTunnel is an open-source VPN protocol originally developed by AdGuard VPN that delivers fast, secure, and reliable VPN connections that are indistinguishable from regular HTTPS traffic.
🎁

Miscellaneous

Avira: Deserialize, Delete, and Escalate - The Proper Way to Use an AV (13 minute read)

Quarkslab disclosed three vulnerabilities in Avira Internet Security (versions 1.1.109.1990 and below, fixed in 1.1.114.3113): CVE-2026-27748, a symlink-following arbitrary file delete in the Software Updater running as SYSTEM; CVE-2026-27749, an unfiltered .NET BinaryFormatter deserialization in System Speedup's RealTimeOptimizer that reads an attacker-controlled file from the user-writable ProgramData directory; and CVE-2026-27750, a TOCTOU folder delete in the Optimizer that enables the Config.msi junction trick for a SYSTEM shell. The file delete primitive chains into the deserialization bug when temp_rto.dat already exists and can't be overwritten, while the TOCTOU path plants HID.DLL via MSI rollback. The writeup also documents a contentious disclosure process in which Gen Digital refused to accept vulnerability reports outside its NDA-bound bug bounty platform.
China's Silver Dragon Razes Governments in EU, SE Asia (4 minute read)

Chinese threat actor Silver Dragon, linked to APT41, has targeted government networks in Southeast Asia and Europe since mid‑2024 using phishing and exploits against Internet‑facing servers to conduct espionage. It relies on Cobalt Strike, DNS tunneling, and other methods, so security teams should harden public‑facing services and monitor for any suspicious movements.
Chat at your own risk! Data brokers are selling deeply personal bot transcripts (2 minute read)

Browser extensions posing as free VPNs or ad blockers are intercepting AI chats and feeding verbatim prompts and responses into commercial datasets, exposing names, health data, immigration issues, legal problems, and corporate secrets. Data brokers resell these searchable transcripts, undermining anonymization claims and creating major risks around re‑identification, patient privacy violations, abuse disclosures, and sensitive corporate leakage.
⚑

Quick Links

TikTok won't add end-to-end encryption to direct messages, report says (1 minute read)

TikTok has decided against rolling out end-to-end encryption for direct messages, arguing that it would hinder law enforcement and internal safety teams' ability to access harmful content involving users, especially minors.
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware (2 minute read)

A February 2026 phishing campaign documented by Microsoft Defender researchers uses fake Zoom, Teams, and Adobe Reader update pages signed with a stolen EV certificate from TrustConnect Software PTY LTD to deliver RMM tools and establish persistent backdoor access for credential theft and ransomware deployment.
Fake LastPass support email threads try to steal vault passwords (2 minute read)

There is an active phishing campaign that uses spoofed support email threads and fake unauthorized access alerts to direct victims to a credential-harvesting page at verify-lastpass[.]com.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/853e0493/8
Track your referrals here.

Want to advertise in TLDR? πŸ“°

If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.

Want to work at TLDR? πŸ’Ό

Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Prasanna Gautam, Eric Fernandez & Sammy Tbeile


Manage your subscriptions to our other newsletters on tech, startups, and programming.

More templates

Did you miss these? New jewelry just dropped

Did you miss these? New jewelry just dropped

π—§π—›π—œπ—¦ π—œπ—¦ π—œπ—§ ⚠️ MOTHER'S DAY SALE

π—§π—›π—œπ—¦ π—œπ—¦ π—œπ—§ ⚠️ MOTHER'S DAY SALE

Summer in the city πŸŒ†

Summer in the city πŸŒ†

The best deals from Staub, Le Creuset & more.

The best deals from Staub, Le Creuset & more.

Templ8Templ8

Professional email template builder for modern teams. Design beautiful, responsive emails in minutes.

support@templ8.email

Product

  • Features
  • Templates
  • Integrations
  • Pricing
  • Explore

Use Cases

  • Marketing
  • Newsletters
  • Transactional
  • Onboarding
  • Events

Company

  • Contact Us
  • Privacy Policy
  • Terms of Service
  • DMCA Policy
  • Brand Removal
  • Refund Policy

Resources

  • System Status

Β© 2026 Templ8. All rights reserved.

TwitterAll systems operational
Made with care in Netherlands
Templ8Templ8