<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Pillar Security discovered a now-patched remote code execution vulnerability in Google's Antigravity AI developer tool. β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/rUvLU4YrjwRSVvvAMS3KeMRiBiGcOzMiulTnVuWOOu8=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/rpZVIDx_0b7QyAV_SSa5xk7I1IJSagrwS_XwDaMRY2A=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=401cb440-3e2d-11f1-9199-11b3242d8ea3%26pt=campaign%26t=1776863203%26s=4ef28988e18573467a9a82f5a7d04ffb4a4061138715d860bad055cdb1905853/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/WLHx92OuXdc1OOn5HX2PewlspcNIMC5u9BQsTd1nvH4=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/w3pEIVMxBn2k1cBn5YKZ256PDrWZeF2ZWTHW2t9ghAE=452"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-22</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/2/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/D0at3wuYl4Ve7AFhimOFdFa--oEdRj5SzWHxTze-bEk=452">
<span>
<strong>Webinar: Access management for AI agents (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agents and automation are reshaping access management. They use API tokens and service accounts across IDEs, scripts, and CI pipelines. These credentials are created on developer machines and used by machine workflows.<p></p><p>As AI adoption increases, security teams face growing secret sprawl outside the visibility of traditional controls.</p><p>In this webinar, we'll explore how organizations can adopt AI and automation without expanding credential risk.<br><br>Key Takeaways: </p><ul><li>Why AI agents and machine identities expand access risk</li><li>Where non-human credential blind spots emerge</li><li>How to secure credentials at time of use</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/3/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/ppjMNN-d6dI07K3YMr6OmDXMBSk4qvZ6boRXZGVIGzs=452" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.endorlabs.com%2Flearn%2Fthe-dangers-of-reusing-protobuf-definitions-critical-code-execution-in-protobuf-js-ghsa-xq3m-2v4x-88gg%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/L66jf3XzY8XVw2j1pihIX8881nMymdI5rIBWTQ0I2HE=452">
<span>
<strong>The Dangers of Reusing Protobuf Definitions: Critical Code Execution in protobuf.js (GHSA-xq3m-2v4x-88gg) (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Endor Labs discovered a critical remote code execution vulnerability (GHSA-xq3m-2v4x-88gg, CVSS 9.4) in protobuf.js, a widely deployed serialization library often transitively included via @grpc/proto-loader, Firebase, and Google Cloud SDKs. The flaw exists because the library concatenates unvalidated schema type names directly into JavaScript source code and evaluates them via the Function constructor, allowing attackers who supply a malicious configuration file to achieve unauthenticated code execution when the target application processes its first message. Defenders must immediately upgrade to protobufjs 8.0.1 or 7.5.5, audit transitive dependencies, and treat dynamic schema-loading endpoints like Root.fromJSON as untrusted execution surfaces.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fgoogle-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution%2F%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/bnFc7FREc7cSTbjAZt6tpllVP2qkx9wkjhXWcU80YU0=452">
<span>
<strong>Vuln in Google's Antigravity AI agent manager could escape sandbox, give attackers remote code execution (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pillar Security discovered a now-patched remote code execution vulnerability in Google's Antigravity AI developer tool that allows attackers to entirely bypass the application's restrictive Secure Mode sandbox. The exploit uses direct or indirect prompt injections to abuse a native file-searching tool called "find_by_name", which the agent executes directly before Secure Mode can evaluate the underlying shell command. Organizations deploying agentic features must move beyond sanitization-based controls and rigorously audit every native tool parameter that reaches a shell command to prevent external content from hijacking internal systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDh013Z/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/MMyB-nx_WwA7Ejo6LfGKPgZalEBYrFbqRBuREl8nbnQ=452">
<span>
<strong>Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Three providers reported separate incidents: North Texas Behavioral Health Authority saw a 2025 network intrusion with possible data exfiltration, including SSNs, impacting 285,000 people. Southern Illinois Dermatology faced a November 2025 ransomware incident tied to Insomnia, resulting in the leak of patient data affecting 160,000. In 2025, Saint Anthony Hospital had two compromised email accounts that exposed the personal and health information of 146,000 patients.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F04%2F16%2Fdissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise%2F%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/ta0D-mNv7ukDeHwW3MU6B_fgCp8kr406iQO8UuSdOzg=452">
<span>
<strong>Dissecting Sapphire Sleet's macOS intrusion from lure to compromise (25 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Threat Intelligence detailed a North Korean Sapphire Sleet campaign that weaponizes a fake Zoom SDK Update.scpt, abusing trusted macOS Script Editor and a cascading curl-to-osascript chain (user agents mac-cur1 through mac-cur5) to deploy com.apple.cli, services, icloudz, and com.google.chromes.updaters backdoors while harvesting credentials via a spoofed systemupdate.app dialog. The actor directly manipulates the user-level TCC.db through Finder's Full Disk Access to silently grant osascript AppleEvents permission, then exfiltrates Telegram sessions, Chromium wallet extension data (Phantom, TronLink, Coinbase, OKX, Solflare, Rabby, Backpack, and Sui), Ledger and Exodus wallets, keychains, SSH keys, and Apple Notes to 104.145.210[.]107:8443. Defenders should block .scpt execution from the internet, monitor for curl piped into osascript/sh/bash with non-standard user-agent strings, and alert on writes to ~/Library/Application Support/com.apple.TCC/TCC.db, and audit /Library/LaunchDaemons for com.google.webkit.service.plist.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmorganrobertson.net%2Fp4wned%2F%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/wUpm7S86k6i2A06reCqKj4jWHGOOpJPK1KfgRmpw2V0=452">
<span>
<strong>P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Public scans of 6,121 Perforce servers found that 72% allowed unauthenticated read access, 21% exposed read-write paths, and 4% had passwordless superβuser accounts with potential for trigger-based RCE. The research walks through five default misconfigurations: auto account creation, unauthenticated user listing, passwordless accounts, selfβservice initial passwords, and a now-patched hidden βremoteβ user that enabled remoteβdepot sync without auth. It then shows real exposures across game studios, medical and financial vendors, government, and supplyβchain providers, and provides concrete p4 configure baselines (security=4, dm.user.noautocreate=2, dm.user.setinitialpasswd=0, and others) plus open-source tools (P4WNED, P4GHOST, Nuclei templates, and Metasploit modules) to let you audit and lock down any P4 footprint.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.lesswrong.com%2Fposts%2FNCDiAzGZmMfEKNb87%2Fllm-tier-personal-computer-security%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/uCfqho-JCrfuuYTcX-bWaayqzUQE46y9qFnG1gO99Go=452">
<span>
<strong>LLM-Tier Personal Computer Security (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
With the advancement of AI agents and LLMs, cybersecurity threats such as supply-chain attacks and convincing phishing are becoming commonplace and relevant for individuals. To combat this, the author is using a password manager, 2FA via mobile TOTP, a hardware cryptocurrency wallet, and redundant backups. They are also exploring the use of hardware security keys for critical services, isolating non-public network services, firewalling or sandboxing software, and hardening financial accounts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcispa%2Ftrevex%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/PyB0bT6czZpZQa9SSwo2ykt3-ZQ4h7XTbS9ONbpZkcs=452">
<span>
<strong>Trevex (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Trevex is a black-box detection framework developed by CISPA researchers for discovering data-flow transient execution vulnerabilities on x86 architectures. The fuzzer successfully reproduced known flaws like Downfall and Meltdown, and discovered novel vulnerabilities including Floating-Point Divider State Sampling (FP-DSS, CVE-2025-54505) on AMD Zen 1/Zen+ and a new variant of LVI-NULL. It includes tools for local fuzzing, multi-machine orchestration via SSH, and result classification, though defenders should note it currently assumes an Ubuntu environment with the apt package manager.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fchipsec%2Fchipsec%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/oHCIMZYnGYOSPlpAtfxymW4FwtjeyV0hrmSdYxdJKEQ=452">
<span>
<strong>CHIPSEC (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CHIPSEC is a framework for analyzing the security of PC platforms, including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fzencefilefendi%2Fsatguard%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/y9OJVVAfEbnqZT0pyaHDGHpo30Oa9EAbRwa1ylBpbzk=452">
<span>
<strong>SatGuard (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SatGuard is an open-source toolkit for analyzing satellite telemetry and detecting GPS spoofing/jamming attacks
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191052%2Fcyber-crime%2Fscattered-spider-member-tyler-buchanan-pleads-guilty-to-major-crypto-theft.html%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/64AF3T2U2PQOh-XVS1Alix5C0OrMiHfR8mFbU7Lcd4s=452">
<span>
<strong>Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tyler Buchanan, a 24-year-old Scottish national linked to the Scattered Spider cybercrime group (UNC3944), pleaded guilty in a US court to wire fraud conspiracy and aggravated identity theft. Buchanan and his co-conspirators deployed SMS phishing kits to harvest corporate credentials into a Telegram channel, then weaponized that stolen data to execute SIM swap attacks against individuals, bypassing two-factor authentication to drain cryptocurrency wallets. The scheme netted at least $8 million in stolen virtual currency, and Buchanan faces up to 22 years in federal prison at his August sentencing, following the recent 10-year sentence of fellow Scattered Spider member Noah Michael Urban.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F04%2Fcontrary-to-popular-superstition-aes-128-is-just-fine-in-a-post-quantum-world%2F%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/ycPA1wfX4pVmARDZ-5DN05MLl5EjLjZpQQVHrAhAXBQ=452">
<span>
<strong>Contrary to popular superstition, AES 128 is just fine in a post-quantum world (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AES-128 remains safe against quantum brute force, since Grover's algorithm cannot be parallelized like classical search, and realistic constraints push attack cost near 2^104 operations. Ultimately, NSA's AES-256 mandate targets uniform high security, and stresses that symmetric crypto can largely stay put while teams prioritize post-quantum replacements for vulnerable asymmetric schemes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Fpups-grow-fangs%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-04-camp-brand-global-prospect-all-x-x-self_fails-tldr_quick_link%26utm_content=oops%26hnt=fhz0oz5doycq/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/2rDQFh08VyHfGB2ONyqkH6XhvK1ul9ztIZk_DcUjy28=452">
<span>
<strong>When PUPs Grow Fangs: Dragon Boss Solutions Left an Open Door on 25,000+ Endpoints (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
What looked like routine adware exposed a bigger risk: an AV-killing updater, a hijackable domain, and 25k infected hosts waiting for instructions. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Fpups-grow-fangs%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-04-camp-brand-global-prospect-all-x-x-self_fails-tldr_quick_link%26utm_content=oops%26hnt=fhz0oz5doycq/2/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/px2-iFUERaNIfX801DnhWsMcOXPHCc7JqomC1k9J4P0=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the Blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F74YogB/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/JIxWwMuAoH9Iq94uROK7riykBM8N7OkxkaEECdO-a54=452">
<span>
<strong>NIST to stop rating non-priority flaws due to volume increase (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As of April 15, NIST's NVD will only enrich CVEs that appear in CISA's KEV catalog, affect US federal government software, or qualify as critical software under Executive Order 14028.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fqhy4BX/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/wbSWKS_P-Ucd7hqbM3IjheYV3nhZSkwLCRhAdJ4JCvA=452">
<span>
<strong>China's Apple App Store infiltrated by crypto-stealing wallet apps (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kaspersky discovered the SparkKitty operation deployed 26 malicious apps in the Chinese Apple App Store, masquerading as games to bypass restrictions before sideloading trojanized MetaMask, Coinbase, and Ledger wallet interfaces that silently exfiltrated seed phrases and drained victim assets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F21%2Fadaptavist_group_breach_spawns_impostor%2F%3Futm_source=tldrinfosec/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/0NVnPhXlU0l4KPRJahOG1jc6sdd9DgM_pcFOTncjtfA=452">
<span>
<strong>Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An attacker used stolen credentials to access Adaptavist Group systems, prompting a forensic investigation and claims from ransomware gang βThe Gentlemenβ of a complete infrastructure compromise with customer records and source code.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/HqFxwC95SqHp50oImp0R-Uw5Ljbg7Z6vNBaQMHb6VJE=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/oUUzNXrZKrdDflTsNoDyS4iCH9e1kUunxl_x3-D6Nak=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/hbL5EJael_E3w38o-0I2YXj_-k6EBCTLAIwTrWMSIhI=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/9ahGm3vUcmxQZ-Mied55UVPvEABc5z9y11uyFn4hLe8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/7r3AKeBVK6iaVtT7NHKBA9uE4QN2XFxZ7rk7U4z8y5Q=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/BrZiJ2VBoPuNr4cYDhZDQqApnUQZuBOxmifSyM6ECGU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/4pGKPkE0rl0Q0GBRAVUpekqGNREmm1QX9NodxKibmCc=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/TjknEEtFAXU5zWqwNsdrqpzXXLq2Cnfxh3hAuEsvza4=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/HNvovbHlYLWTBR-9HFpxxCSfMkYAh8dDwoR3-7PK9IQ=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/7kkMda4dwQ07bPL0xkNW-VqzBd69gBeP_zo2bfPIHb8=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=401cb440-3e2d-11f1-9199-11b3242d8ea3%26pt=campaign%26pv=4%26spa=1776862885%26t=1776863203%26s=fd358e344c21bc773b598696c0d80a75bb715fcd7194aa4247b570bc6fb74e6c/1/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/CiGXrgOMuWWu0tenZMOzmH9zLckDU9cvSw0sbChlNPg=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019db54cd046-8f055b39-bfa0-48b1-ae0b-97e6237729f9-000000/KgjT7eRTV0frFOEC7syG4qMpUgTy05Qlx7HiXbRr73E=452" style="display: none; width: 1px; height: 1px;">
</body></html>