<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Straiker found a NomShub attack chain in Cursor that abuses indirect prompt injection and a sandbox escape to overwrite .zshenv β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/jWjTQ-rdVqo0vhD8l5ef7uv_U-F4vZGN8P2tVGKrQ4w=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/MS6iV2duv8A2aO5DhmlBLcR6cdrUdZ7mIqtUT2O_LVg=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4991691a-3cae-11f1-947f-8bb8fffbf7a8%26pt=campaign%26t=1776690434%26s=8c5fedbacfa0e6bc6ad93b5e22d0d7884a08aaa8058c8465cab4bdd0cb004de5/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/lhMrncpSPQsLIeYyhofaQO_tbER49u0TRK6a7u-J_Vg=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/IF2-UAtQtNFarAbAfin8PqhusFKshgaVPqrEVXCd3uQ=452"><img src="https://images.tldr.tech/drata50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Drata"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-20</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/2/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/Kucty1UqLiv9AFYtXrxppzFo_5ldOD2AyedLzKl1Gvw=452">
<span>
<strong>Manual GRC doesn't scale -- move to Agentic Trust Management with Drata (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Compliance doesn't end when you get your SOC 2 certificate. Security reviews, audits, and vendor questionnaires demand constant attention -- and leave GRC teams too overwhelmed to actually think about security strategy.<p></p><p>Drata's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/3/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/hGEH40UutZHdw3XdWjhm6Yj7JawjCgmd2IWcvUV9TRo=452" rel="noopener noreferrer nofollow" target="_blank"><span>Agentic Trust Management Platform</span></a> automates the most time-consuming tasks, from security questionnaires to continuous evidence collection, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/4/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/j0CJglB386yGpb5-4gOEc9-2Z2fKwoPe4ZJrTL__bGM=452" rel="noopener noreferrer nofollow" target="_blank"><span>saving teams hundreds of hours</span></a> each year. Drata's AI chases down documents, so you can focus on outcomes.</p>
<p>With Drata's built-in Trust Center, you can streamline security reviews, share your security posture, and build trust faster throughout the deal process.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/5/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/bmQ4DPfbz2C7q9-993Al8lVd_zfhaBe6zVqSI-1WyTI=452" rel="noopener noreferrer nofollow" target="_blank"><span>β‘οΈ Automate and accelerate trust with Drata β‘οΈ</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fn7mcMw/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/bidPShQAWbTtwQYPc-bcOkwEbm-19VbydKE94p7KnP4=452">
<span>
<strong>Cursor AI Vulnerability Exposed Developer Devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Straiker found a NomShub attack chain in Cursor that abuses indirect prompt injection and a sandbox escape to overwrite .zshenv and run attacker-controlled code on macOS. Malicious prompts in a repository README prompt the AI agent to open a remote tunnel, register a device code, and authorize the attacker's GitHub account for shell access, which persists until the process stops and the tunnel registration is removed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FZmxSbx/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/jQHagi1SeLZhtapnML8LQ-w02IMfjbqfhr-6RkmHnus=452">
<span>
<strong>Vercel Confirms Breach as Hackers Claim to be Selling Stolen Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloud development platform Vercel has disclosed a security incident after attackers claiming to be affiliated with ShinyHunters are attempting to sell stolen data. The attacker claims to be selling access keys, source code, and database data, as well as access to internal deployments and API keys. Vercel has stated that they are in contact with a limited number of affected customers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FtzYe1V/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/2UfVn-nj1-c8xF8t4sYrXKZtRkrEN3ya2sYPpFv4Ang=452">
<span>
<strong>$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Grinex, a Russia-based cryptocurrency exchange, is shutting down operations after a $13.74M hack. Grinex and its predecessor, Garantex, have been sanctioned by the US and UK for processing funds for ransomware and Darknet organizations. The exchange claims that foreign intelligence agencies orchestrated the attack to undermine Russian financial sovereignty.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.calif.io%2Fp%2Fmad-bugs-even-cat-readmetxt-is-not%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/OZuyYTqf0QBTRDWG84tqRoLNVVSZ4LkKeVpYd-w04PU=452">
<span>
<strong>MAD Bugs: "cat readme.txt" is not safe in iTerm2 (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
iTerm2's SSH integration uses a βconductorβ script and escapeβsequence protocol over PTY, but it will accept that protocol from any terminal output, not just a trusted remote session. A crafted readme file can print fake DCS 2000p and OSC 135 sequences, impersonate the conductor, walk the state machine, and push iTerm2 into sending a base64βencoded run command back into the local shell. An attacker bundles a helper binary named to match the final base64 chunk, so simply running cat readme.txt in that directory triggers arbitrary command execution until users install the stillβunstable patch.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FsXeUtp/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/ccRcSoI9To5Rq_qUidHFQ6bRZdPgnLbQo4inaKk0GT0=452">
<span>
<strong>Hackers Dodging Security Tools by Dropping Secret QEMU Virtual Machines Inside Windows (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sophos is warning users about two active campaigns abusing QEMU to launch Linux VMs within Windows to evade detection. The threat actors bundle their malware inside Alpine Linux VMs, which Windows Defender and other tools cannot analyze.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fsix-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/d0e8v4DqlV1oeKXZvaZRZwDUSbeFJvWr0jUEJC6rAP8=452">
<span>
<strong>Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wiz Research linked a prt-scan campaign to March 11, three weeks before disclosure, involving six GitHub accounts and over 500 malicious PRs exploiting pull_request_target with AI payloads targeting Python, Node.js, Rust, and Go. The five-phase payload had a sub-10% success rate but compromised 106 versions in @codfish/eslint-config and @codfish/actions, stealing AWS, Cloudflare, and Netlify credentials via a /proc/*/environ scanner that exfiltrated secrets through PR comments. Search for prt-scan-[12-hex] branch, PR title "ci: update build configuration," user agent python-requests/2.32.5, and log markers PRT_EXFIL/RECON/DELAYED; enforce first-time contributor approval and actor-restricted workflows on repos using pull_request_target.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fwardgate%2Fwardgate%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/uQhWErIIaiUsta8d_OTkvcm8ZlPUXTgNcy5_JCiHmMA=452">
<span>
<strong>Wardgate (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wardgate is a security gateway that sits between AI agents and the outside world, manages API credentials, isolates SSH keys for remote command execution, and enforces access controls for command execution in remote enclaves. This is a relatively new tool with an AGPL license and was first released in February.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FiAnonymous3000%2FiOS-Hardening-Guide%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/2ju6RGMiaEFWgOXkqkaf4rQkK3JhiPRk56VuBG4l-yk=452">
<span>
<strong>The Ultimate iOS Hardening Guide (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A comprehensive hardening guide for enhancing security and privacy on iOS and iPadOS devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftrailofbits%2Fclaude-code-devcontainer%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/TzFt1IWvk0TrS_RPbY32-aFcUine4mW5YmX9tj7DW4k=452">
<span>
<strong>Claude Code in a devcontainer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A sandboxed development environment for running Claude Code with bypassPermissions safely. This devcontainer provides filesystem isolation, so you get the productivity benefits of unrestricted Claude without risking your host system. This tool was built by TrailOfBits for Security Audit workflows.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F17%2Fclaude_opus_wrote_chrome_exploit%2F%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/tIElkyOroPDobziWLo4h-drnNHjjOAyojx6lQD90ZOc=452">
<span>
<strong>Claude Opus wrote a Chrome exploit for $2,283 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude Opus 4.6 can be used to build a working exploit chain for Chrome's V8 engine, targeting Discord's outdated Chrome 138 base and spending about $2,283 in API calls plus 20 hours of guidance. Patch notes and public commits now act as exploit roadmaps. Any patient attacker with an API key can weaponize these bugs. Developers should use earlier-in-life-lifecycle security, faster dependency updates, automatic patching, and tighter handling of public vulnerability details in projects like V8.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F04%2Fman-with-ihackedthegovernment-instagram-account-tells-judge-i-made-a-mistake%2F%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/EMGtQ6vKNroorFRJ8Q1K0hoaHoDcUKdf54Q0-mxJxEE=452">
<span>
<strong>Man with @ihackedthegovernment Instagram account tells judge, βI made a mistakeβ (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nicholas Moore, 25, used stolen credentials to access accounts in the US Supreme Court filing system, AmeriCorps, and VA My HealtheVet, then posted victims' personal and some medical details via @ihackedthegovernment on Instagram. He pled guilty, expressed remorse, and received 12 months' probation with tight computer and Internet monitoring conditions instead of prison.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F17%2Fhackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations%2F%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/WAkk4YuMepbHFqGIQIISvb67kiNKFe6NDFdV7seriwo=452">
<span>
<strong>Hackers are abusing unpatched Windows security flaws to hack into organizations (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers are using three Windows Defender vulnerabilities, BlueHammer, UnDefend, and RedSun, to gain admin access in real attacks. A researcher called Chaotic Eclipse published working exploit code on a blog and GitHub after a dispute with Microsoft. Only BlueHammer is patched so far, so defenders need to move fast to find and lock down exposed Windows Defender deployments.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnltimes.nl%2F2026%2F04%2F17%2Feu5-gadget-tracks-dutch-navys-stealth-warship-mission%3Futm_source=tldrinfosec/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/nHep1dIHcQNVigqB5Yj8FlfrlyhLlqKlWy82d_-h-RU=452">
<span>
<strong>β¬5 gadget tracks down Dutch Navy's stealth warship while on mission (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch broadcaster Omroep Gelderland located the Dutch Navy stealth frigate Zr. Ms. Evertsen during an active mission by mailing a cheap Bluetooth tracker through the military postal system, which passed security checks unnoticed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FtvvfjB/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/HLeKeonwE9VDF88oZ_uWF8TjtBFE1mgFJm7hCqS2XxY=452">
<span>
<strong>Apple account change alerts abused to send phishing emails (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors are exploiting Apple ID name fields to bypass email security protections and embed callback-phishing lures in legitimate Apple notifications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0TpTXu/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/UQpW_m2s-FH6TkekKnOmTm2IT4bLy77WAix0TBXUIRg=452">
<span>
<strong>4 new Android malware families target 800+ apps (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zimperium zLabs discovered four new Android malware families (RecruitRat, SaferRat, Astrinox, and Massiv) that are distributed via phishing/smishing APKs and abuse Accessibility Services to perform overlay attacks, keylogging, and data exfiltration against over 800 banking and crypto apps.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/dfhSc9bqbnU_brFH2SVaEN76Yb88sefvmJMVnYj_FM8=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/VtYkjbWABpPCYS29vnCp64BpKTxOEUg3s-Oyrnc8hm4=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/AmII0qIgli3iUzcCtapBGGLjBPeOGF9l0ndE3KQSoDU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/hJ53CpHvyNEKwDS1Aeb3jIsXHcol3l5mGkzuNpAAapw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/OWZ1cxzhEXnbeEUowrUyoT4OzTkMecG6AIMzszOg5YM=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/WQpCMDor3igqWR_4g4NxGRkzIOdB3IxBDtWTEKESplY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/Wi_KOcWcnpa1WQJIcAa_uAc4-c8jvXW0FiWJoBc2f_k=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/iwnOtLhcf0z9b6INOAofWXPBkNXK21dSad8JTZbpSZw=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/Yz9BS-uFv9jxc1i-3EMS-pK7FlhdynHjaHevad10BnA=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/PoW-kve7w9FUuPiD3J51GUKXXJuEYqzQRch-NQLHG3A=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4991691a-3cae-11f1-947f-8bb8fffbf7a8%26pt=campaign%26pv=4%26spa=1776690097%26t=1776690434%26s=c87742834c37bed75d71816f5a33464371c5bbf6f8f76f4441a7f88ac340c0d0/1/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/IOmpA6vdxCEmsl6rXzpZDdKDnJqSTSlys8t2ZvS1omI=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dab0093ef-afe4a7e9-8e2b-4d68-94ec-632a126e1179-000000/fgRP7kebKdd2gbbU3f-yhCx_pK5HIeR4CT92JiRekxA=452" style="display: none; width: 1px; height: 1px;">
</body></html>