<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CISA added CVE-2009-0238, a 2009 Microsoft Excel RCE triggered by a malformed-object document and originally used to drop the Trojan.Mdropper.AC </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/KTBNjPOnJhpDK-NCHSJH_b4KBlboMsRx7SkknQsg6xQ=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/NfkatfQpLJXaNnVddJD7Ks-9SOKBquEL7xPAEdUloPE=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a930a818-3d4e-11f1-918d-eb31e4e09e5f%26pt=campaign%26t=1776776852%26s=8ab464a49a1e5fabb839c54c26cd15ba5e7243ad75f22717fbc7fd902a20ece9/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/nUl7or48mnd_Lo0E9ENRWtfApoHBO2qUzFuFGOTx028=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-21</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pcgamer.com%2Fsoftware%2Fsecurity%2Fa-17-year-old-excel-vulnerability-is-currently-being-exploited-by-threat-actors-and-its-been-flagged-by-the-us-cyber-defence-agency%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/aS9DLa3zAi1cTFu5zA0a_CrDWjwF8vK0d2TIo0EW7BY=452">
<span>
<strong>A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CISA added CVE-2009-0238 (CVSS 9.3), a 2009 Microsoft Excel RCE triggered by a malformed-object document and originally used to drop the Trojan.Mdropper.AC, to its Known Exploited Vulnerabilities catalog on April 14 after confirming fresh in-the-wild abuse against legacy Office 2000/2002/2003/2007 and Office 2004/2008 for Mac installs. CISA also cataloged CVE-2026-32201 (CVSS 6.5), a SharePoint Server spoofing zero-day patched in this week's Patch Tuesday that Microsoft flagged as automatable. FCEB agencies have a two-week remediation deadline. Defenders should audit for end-of-life Office deployments, apply MS09-009 where any vulnerable binaries remain, and block inbound Excel attachments at the gateway for hosts that cannot be upgraded.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F20%2Fmastodon-says-its-flagship-server-was-hit-by-a-ddos-attack%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/_BOesEBwneURIINW1DcRXG7Gg0qDKIMrGj2GMNs1zX4=452">
<span>
<strong>Mastodon says its flagship server was hit by a DDoS attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mastodon's main mastodon.social server was hit by a DDoS attack that made the instance intermittently unusable and threw outage warnings. The team deployed countermeasures and restored general access, though the attack continued. Only mastodon.social was targeted, leaving other Fediverse instances unaffected.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FfAn4VC/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/oTg9uw6bqV6RM2Bbxks97c_H95Er6Aj7sqi8An6yFNk=452">
<span>
<strong>Brussels Launched an Age Checking App. Hackers Say it Takes 2 Minutes to Break it (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The EU has unveiled its age-verification app and released the code as open source. Security researchers immediately examined it and found numerous vulnerabilities, including authentication bypasses and the storage of sensitive data in plaintext.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrustedsec.com%2Fblog%2Fbenchmarking-self-hosted-llms-for-offensive-security%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/8bXFGhU7oEZIiagXpNRIW1nNt54Anhclmyg21Gne5RI=452">
<span>
<strong>Benchmarking Self-Hosted LLMs for Offensive Security (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TrustedSec researchers evaluated six self-hosted models (gemma4:31b, qwen3.5:27b, devstral-small-2:24b, nemotron-3-super, qwen3-coder, qwen3:32b) across 4,800 test runs targeting eight vulnerability classes in Juice Shop, finding that local models achieve 85-98% success rates on single-step exploits like SQL injection, authentication bypass, JWT algorithm confusion, and IDOR attacks. The study revealed a critical capability gap where models consistently failed at zero percent success rates on multi-step exploitation chains requiring UNION-based data extraction, blind boolean SQL injection, and algorithm confusion attacks that demand maintaining a coherent strategy across 10+ sequential tool calls. Results demonstrate that while local models can reliably validate straightforward vulnerabilities and perform basic penetration testing tasks, organizations deploying self-hosted offensive security agents should expect them to excel at reconnaissance and initial access, but require human intervention or frontier model capabilities for complex post-exploitation workflows
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fapas.tel%2Fblog%2Ftpm-is-cool%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/VhFaDwU22wjzIKKENcevhkiGExUh3oaZRqFaWQm6iHI=452">
<span>
<strong>TPM 2.0 is cool, actually (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bare-metal runners power CodSpeed's benchmarks, so each machine must prove it is the originally enrolled hardware, not a swapped or tampered server. Disk-stored private keys cannot guarantee this, because anyone with sufficient access can copy them. TPM 2.0 fixes that by holding private keys inside a dedicated chip on the motherboard and exposing only narrow commands through TSS. The Endorsement Key, provisioned by the manufacturer, identifies the TPM and only decrypts data. An Attestation Key, created under the EK hierarchy, signs challenges and measurements. Through ActivateCredential, the system verifies that the AK resides on the same genuine TPM as the EK, then uses AK-signed challenges at boot to confirm hardware identity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.flyingpenguin.com%2Fthe-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/01im_0iYgo4agnFVkxR9yW5I8NNhzJt6HleF5QRrBN8=452">
<span>
<strong>The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Davi Ottenheimer strongly criticizes the security claims Anthropic has made in its marketing of Mythos. Ottenheimer notes that the sections discussing security make up only 7/254 pages of the model card, which does not align with marketing claims about the number of vulnerabilities discovered and provides no vulnerability information. Furthermore, the Firefox exploit chain that Mythos advertised involves vulnerabilities seeded in Opus 4.6 and reproducible by open-weight models.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Ffibr-fraud-industry-benchmarking-resource%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=wc-page-fibr-benchmark-report%26utm_content=tldr-infosec-secondary-04-21-26/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/rNpVpk5SjBRPPLdVXsMJS3C176y6UAivGihOJ_a4vrQ=452">
<span>
<strong>See how your fraud metrics stack up with the first-ever Fraud Industry Benchmarking Resource (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The payment fraud benchmark is 2.8%. Where do you stand? Sift's <a class="LinkThemeablePresentation LinkPrimaryPresentation LinkPrimaryPresentation--sentimentSelected PrimaryLink HighlightSol HighlightSol--core HighlightSol--buildingBlock" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Ffibr-fraud-industry-benchmarking-resource%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=wc-page-fibr-benchmark-report%26utm_content=tldr-infosec-secondary-04-21-26/2/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/3-P6zf2qo7vjf-oA4pR_-LY8IPQZdY5SMf5X-vsz_7M=452" rel="noreferrer noopener" target="_blank"><span>Fraud Industry Benchmarking Resource</span></a> (FIBR) provides real data on payment fraud, chargebacks, and account takeovers. Find out how your org stacks up against the competition. Search by industry and geography to <a class="LinkThemeablePresentation LinkPrimaryPresentation LinkPrimaryPresentation--sentimentSelected PrimaryLink HighlightSol HighlightSol--core HighlightSol--buildingBlock" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Ffibr-fraud-industry-benchmarking-resource%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=wc-page-fibr-benchmark-report%26utm_content=tldr-infosec-secondary-04-21-26/3/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/w9Na-DNHloFG9cHOsXBazY1a9te4FcvpFjwssYilvmE=452" rel="noreferrer noopener" target="_blank"><span>review your digital risk with FIBR</span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.boostsecurity.io%2Farticles%2Fintroducing-smokedmeat%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/I_E0qTpROjQMyiingEUvNZOieBkrzPTbnDmHjrHYWBo=452">
<span>
<strong>SmokedMeat: A Red Team Tool to Hack Your Pipelines First (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SmokedMeat is an open-source (AGPLv3) red team and post-exploitation framework built specifically for CI/CD pipelines, positioned as a Metasploit equivalent for build infrastructure, and released in the wake of TeamPCP's March 2026 compromises of Trivy, LiteLLM, KICS, Telnyx, and dozens of npm packages. A cross-platform TUI walks operators through reconnaissance of GitHub Actions workflows for injection and pwn request vulnerabilities, stager delivery via PR/issue/comment/workflow dispatch, a domain-specific implant (Brisket) that sweeps runner memory for secrets and enumerates token permissions, and pivots that exchange OIDC tokens for AWS/GCP/Azure access while mapping blast radius in a live attack graph. Run it only against infrastructure you own or have explicit written authorization to test, using the included whooli, a deliberately vulnerable GitHub org they created as a safe playground before pointing it at production pipelines.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Fpups-grow-fangs%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/CCcrmRaFbpPG7BUn5E5XpA11C4PTB1W7tuGP3_BtWCs=452">
<span>
<strong>When PUPs Grow Fangs: Dragon Boss Solutions' $10 Supply Chain Risk (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Adware signed by Dragon Boss Solutions LLC deployed a multi-stage attack chain using an off-the-shelf update mechanism to silently fetch payloads capable of terminating antivirus products with SYSTEM privileges. The malware establishes WMI persistence via MbRemovalMbSetupKillConsumer, modifies hosts files to block vendor updates, and queries an unregistered primary update domain, chromsterabrowser[.]com, which Huntress sinkholed to intercept traffic from 23,565 infected endpoints. Defenders must monitor for scheduled tasks referencing WMILoad directories, alert on executables signed by Dragon Boss Solutions LLC, and review Windows Defender exclusions for suspicious paths like DGoogle or DDapps.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgitar.ai%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/J-Dzyy8xmPBzHKnIyiJo33OS4Wp06gnvCyvr98h7Kss=452">
<span>
<strong>Gitar (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gitar is a platform that uses agents to run code reviews, manage CI workflows, and let teams create custom agents to handle security checks and maintenance tasks for AI-generated and human-written code.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infostealers.com%2Farticle%2Fbreaking-vercel-breach-linked-to-infostealer-infection-at-context-ai%2F%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/lYtwqXRM7xljCyCg34xD7bXQjsX8F-c0mN6N2UuGFX0=452">
<span>
<strong>Breaking: Vercel Breach Linked to Infostealer Infection at Context.ai (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The recent Vercel breach attributed to threat actor ShinyHunters originated from a February 2026 Lumma stealer infection at Context.ai, where an employee with privileged access downloaded malicious Roblox "auto-farm" scripts that compromised corporate credentials for Google Workspace, Supabase, Datadog, and Authkit, along with administrative access to Vercel's environment variables and production logs. The infection represents the only recorded infostealer compromise at Context.ai, creating a high-confidence correlation between the employee's malware exposure and subsequent unauthorized access to Vercel's infrastructure by attackers who escalated privileges through the compromised support@context.ai account. Organizations can audit their exposure by searching Google Workspace API controls for the malicious OAuth Client ID "110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com" and immediately revoke access if it is found, underscoring how rapid infostealer detection and credential remediation could have prevented this supply chain escalation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FS7kmUe/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/lSuBbZYT1n1CBo5OosgtgzuyHRFSCO3y4tHw1hQTvIc=452">
<span>
<strong>"Tell Them They Are a Responsible Entity, Not a Customer": Understanding Practitioner Challenges in Sector CSIRTs (25 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The paper presents the first empirical mixed-methods study of sector CSIRTs, drawing on 24 interviews across the Dutch IBD-CSIRT ecosystem (sector CSIRT staff, municipal constituents, national cybersecurity authority, and governance bodies), cross-sector interviews and a validation workshop with other Dutch sector CSIRTs, and a longitudinal analysis of 3,065 IBD-CSIRT vulnerability notification tickets from 2015 to 2024 matched against full Shadowserver reports for the Netherlands. The researchers found that only 6 of 67 Shadowserver report types with municipal-IP hits ever produced a ticket and only 27% of days with municipal-IP hits triggered any notification to constituents, a systemic delivery failure that went undetected for years because of undisclosed filtering logic at the national CSIRT, email-based tooling failures, offline queues, recipient-address toggles, and the absence of any feedback loop between sender and recipient. The authors frame sector-CSIRT practitioner challenges around three dynamics (resources, legitimacy, and dependency) and recommend focusing scarce capacity on the least-capable constituents, embedding feedback loops into notification pipelines, and pairing NIS2-driven top-down mandates with bottom-up trust-building to break the bootstrapping problem where constituents only invest in asset registration once they see notification value.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FPOfEJn/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/9GB-XTpThrtLhT7YkI0zWRlIDszG7TPk7-WdU7B2zoQ=452">
<span>
<strong>WhatsApp Leaks User Metadata to Attackers (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researcher Tal Be'ery shows how attackers can silently ping WhatsApp users to map their online activity and infer sleep or work schedules, and use device-fingerprinting from encryption keys to learn each target's platforms and selectively deliver exploits. Meta has added features like stricter account settings and reduced Android fingerprinting, but its open contact model still lets unknown numbers probe 3.5 billion users.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191008%2Fsecurity%2Fcyber-attacks-fuel-surge-in-cargo-theft-across-logistics-industry.html%3Futm_source=tldrinfosec/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/lkEkpit9bPgnlV5-GvmLvU5HTKh7IidtWbpyAyCZheE=452">
<span>
<strong>Cyber attacks fuel surge in cargo theft across logistics industry (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Proofpoint researchers documented cybercriminals targeting trucking and logistics companies with coordinated remote access campaigns using fake shipping job emails, malicious VBS files, and multiple RMM tools to steal cargo, divert payments, and harvest financial credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4Pio3z/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/2Vpv9oYbGprC5pR8ga638fKazBZyqf7QakcD_J5_nco=452">
<span>
<strong>Half of the 6 Million Internet-Facing FTP Servers Lack Encryption (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Censys scans found roughly 5.94 million internet-facing FTP services, with about 2.45 million showing no evidence of TLS encryption.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FpKbvit/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/909IX62NtCT98hMkQb-sjKTQrtcjIwRnUl8HkHQc-sI=452">
<span>
<strong>NSA using Anthropic's Mythos despite blacklist (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The National Security Agency is using Anthropic's Mythos Preview, the company's most powerful model, even though the Department of Defense has labeled Anthropic a supply chain risk due to demand for advanced AI support in cybersecurity missions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/rSAB_LeJyy_kP5HD_gv1M0pcu8_pfnTHMo8OvsvtXxQ=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/mL8wnr0m2IhAS9v2ZByBn1dm55FTunVdSdS1pKn1tIw=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/GLVPSh2hQB2nt0TPfs3RdUbBmNjvNjNZFvWKnTu9DlI=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/L627Iu1cZ-qWJE4C1Y_6biU2ja9FrbE-XHsg_58Xddw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/2U_XAx3UwStTb2JZYa_fI3nAszjnAnIuo3QzEEPcywE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/-ekrUhJPOrGMAhyBRd8edWZ99g47s-HG6UWSMvq5dlI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/zc0vQHgCOfPtOuSuQBLfAilyW5Ut3CgV_NwX92ZMKqI=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/KY2DxEv0D7B0-SkuZbdq4fEBTc-VR7rcn5ouSYkKlOM=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/dkgq0jr8tduWuOIzjy7iaH1cyUdzZUw141cw31MoOuk=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/JK_NNdOF6sUfchguPY424DAsjxMbcJR-dkZ4izK2xy0=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a930a818-3d4e-11f1-918d-eb31e4e09e5f%26pt=campaign%26pv=4%26spa=1776776533%26t=1776776852%26s=a179dd8f88538e0047b8f3f699f1c95cf9d4153658c56562097f76ad3b380a9f/1/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/h93DOlTIqME-GYfthpVr09jIcVNKaoJ9sw2I6U2lrow=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019db0273508-49540d47-2717-4b0d-b59d-3ff1202f51ba-000000/OUmSBUb4-FYiYqtcogr-q_ndIF9Fih0EDzqU2oJcE-A=452" style="display: none; width: 1px; height: 1px;">
</body></html>