<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Franceβs Interior Ministry confirmed a security incident at the ants.gouv.fr portal, which manages passports, ID cards, and licenses β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/rLvHCIdXacGtp5T0GPssxXWZQo3aZWZniy8Hp73bR44=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/pZZNE5VKUsIqaQF5jYwGmGAO3JPJ0kgDhAx1wzXgxKk=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=212a2e1e-3ecd-11f1-8684-3f1c25cf5135%26pt=campaign%26t=1776949547%26s=e67c867532814890eea1ef01f5e5b58c27a6125ab770b75e8f12be03d88671ee/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/FAWkHRQ0kinLG06f1RvDvvdJcOw3JHuaTX54H8rUajc=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-23</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fcritical-spring-authorization-server-issue%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/LOv6MMaWdywEgC3m-bMlR0y9bYAJOQxOLzImt8RZJTE=452">
<span>
<strong>Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-22752 in Spring Security Authorization Server allows attackers holding a valid Initial Access Token to register malicious OAuth clients through Dynamic Client Registration endpoints, triggering Stored XSS, privilege escalation, and SSRF against internal infrastructure. The flaw carries a network-exploitable, low-complexity CVSS vector and affects Spring Security 7.0.0β7.0.4, as well as Spring Authorization Server 1.3.0β1.3.10, 1.4.0β1.4.9, and 1.5.0β1.5.6. Administrators should immediately upgrade to 7.0.5, 1.3.11, 1.4.10, or 1.5.7, or disable Dynamic Client Registration as a temporary mitigation, given the cascading account-takeover risk in OAuth-fronted microservice environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F21%2Funauthorized-group-has-gained-access-to-anthropics-exclusive-cyber-tool-mythos-report-claims%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/RhsnCV2SFvpoP2Bw16QcBtf7KnBaqVd0hn_l1_dbjCM=452">
<span>
<strong>Unauthorized Group Has Gained Access to Anthropic's Exclusive Cyber Tool Mythos (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An unauthorized group gained access to Anthropic's Mythos model. The group in question gained access to the tool through a third party with the intention of playing around with the model as opposed to causing havoc. The group made an βeducated guessβ about the model's online location based on knowledge about the format Anthropic has used for other models.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F22%2Ffrances_secure_id_agency_probes%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/XGWu3UuYpkaJRlXAivQW4G-F5p0uXGIO5uCwg1aL7vQ=452">
<span>
<strong>France's 'Secure' ID agency probes breach as crooks claim 19M records (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
France's Interior Ministry confirmed a security incident at the ants.gouv.fr portal, which manages passports, ID cards, and licenses, that exposed user identifiers, contact details, and dates of birth, but not document attachments. A threat actor, known as breach3d/ExtaseHunters, claims to have access to 18β19 million records from the agency's internal systems and is selling the data on criminal forums. The government is still investigating with ANTS and other services, has not validated the volume, and has shared no details on the intrusion vector.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FSqA3Qe/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/iled4xVuWYoR6MJTx-Mva3hu2J4BxW-GaienUdFjOM0=452">
<span>
<strong>Exploits Turn Windows Defender into Attacker Tool (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researcher Nightmare-Eclipse publicly released three PoCs: BlueHammer (CVE-2026-33825), a Time of Check Time Of Use (TOCTOU) race in Defender's signature update workflow patched in April; RedSun, an unpatched flaw abusing EICAR-triggered remediation against TieringEngineService.exe to land attacker binaries as SYSTEM on fully patched Windows 10/11 and Server 2019+; and UnDefend, a post-SYSTEM tool that starves Defender of threat intelligence while falsifying health reporting. Huntress observed hands-on intrusions staging binaries in the Downloads and Pictures subfolders, renaming them with variants to suppress VirusTotal detections, with initial access consistently traced to SSL VPN accounts lacking MFA. Defenders should apply the April 2026 updates and verify Antimalware Platform v4.18.26050.3011 directly (UnDefend can spoof the dashboard), enforce MFA on all remote access, block execution from Downloads/Pictures/Temp, and baseline the TieringEngineService.exe hash from an out-of-band detection layer.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.defendersinitiative.com%2Fp%2Fi-watched-all-11-main-stage-keynotes%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/Ohwexy4GVomWX7YwDEfKjxTwBi3p8kymPJ9Cnx_tkPQ=452">
<span>
<strong>I watched all 11 main stage keynotes at RSAC 2026 (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Adrian Sanabria recapped RSAC 2026's main stage, finding broad consensus that AI agents require asset management, user-patterned data permissions, observability, output validation, and integrity checks against fabricated data. However, no speaker claimed a working solution, and an AI governance startup founder confirmed that customers remain in monitor-only mode without enforcement. Disagreements surfaced on human-in-the-loop versus fully autonomous detect-and-respond, ephemeral task-scoped agents versus persistent βdigital co-workers,β and the plausibility of thousands of agents per person, while speakers pushed a return to fundamentals, hardening, and attack surface reduction under the assumption that every system has an unpatched zero-day. Standout sessions included Tomer Weingarten (SentinelOne) warning of cognitive atrophy from outsourcing judgment to AI, Sandra Joyce (Google Security) detailing civil legal action and public attribution as working techniques to disrupt attacker infrastructure, and Jeetu Patel (Cisco) releasing OSS agent-defense tools, including AI BOM, MCP Scanner, A2A Scanner, CodeGuard, and DefenseClaw.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FmCCpVa/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/vwsWwFdRoH8kNWJXQyRTKFMXpRfBXDYtblkJR7lKZ1o=452">
<span>
<strong>Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Software Bill of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) were introduced to give buyers clear visibility into software components and exploitability. Still, supply chain attacks keep climbing, with recent Trivy and Axios compromises hitting tens of thousands of organizations. Datta argues that teams drown in inconsistent SBOMs, VEX, vulnerability intelligence, and legal inputs, then fall back on raw severity scores. She proposes a governance-driven decision layer that tracks SBOM changes over time, treats VEX as contextual, pulls in third-party disclosures, and produces auditable, defensible decisions, especially as regulations tighten and exploit time shrinks to hours.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-it-and-security-field-guide-to-ai-adoption%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-secondary-2304/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/j-DaEsfwfgc4cmGM0ifiz-vCV8k67KVCnHz-8-xeato=452">
<span>
<strong>New IT and security field guide to AI adoption (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is everywhere right now. But for many teams, reality hasn't matched the promise. What's <em>actually</em> working?<p></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-it-and-security-field-guide-to-ai-adoption%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-secondary-2304/2/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/ffzE5f0e0v9_II4Y-l7jDrrVTsa4Gi3id16j3ApWSmg=452" rel="noopener noreferrer nofollow" target="_blank"><span>Tines just released a guide</span></a> that takes a more practical look at AI adoption for security and IT teams. If you're thinking about AI beyond experimentation, this is a useful place to start.
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FJackson-pearce%2FPearcer%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/LAqNX95_xQTZWTUqDWcawYnRIWnptgcGNS8AQoXGrGY=452">
<span>
<strong>Pearcer (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pearcer is a GPLv3 Python packet analyzer pitched as a Wireshark alternative, bundling live multi-interface and Android/ADB capture, deep per-layer dissection, built-in detection for SQLi, XSS, C2 beaconing, and ARP/DNS spoofing, NVD CVE lookup, and an active attack suite covering packet edit-and-resend, monitor-mode toggling, and 802.11 deauth flooding. At 19 stars, 1 fork, 9 commits, no tagged releases, and a single contributor, the claimed feature surface substantially outpaces codebase maturity and the offensive tooling warrants scrutiny before any non-lab use.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fnearai%2Fironclaw%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/mgq6Dbyc4aLcUZSens5lOx14bzNjIMUIz5k4YpQCY2s=452">
<span>
<strong>IronClaw (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IronClaw is an OpenClaw-inspired AI assistant focused on privacy and security.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.outtake.ai%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/RejLUff1j03vMVSYknuQhWvgwoDx4yzN1TvnFvb68Qg=452">
<span>
<strong>Outtake (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Outtake builds software that scans the internet for fake company identities, flags impersonation accounts, malicious domains, rogue apps, and fraudulent ads, and automates takedown so security teams spend less time on manual investigations.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwords.filippo.io%2F128-bits%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/TDVtQp28U4g5fJq9LCCwLQoCTRzAyLPhWFJYvZ4GLFE=452">
<span>
<strong>Quantum Computers Are Not a Threat to 128-bit Symmetric Keys (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The widespread belief that Grover's algorithm halves symmetric key strength is wrong because parallelizing Grover dilutes the quadratic speedup (partitioning the search space only saves the square root of the reduction factor) and the attack cannot be meaningfully distributed. Using Liao and Luo's (2025) AES-128 Grover oracle of depth 232 T-gates and width 724 logical qubits, breaking AES-128 in a decade would require roughly 140 trillion parallel quantum circuits at a DW cost of ~2^104.5, about 2^78.5 times more expensive than Shor's attack on 256-bit elliptic curves. NIST, BSI TR-02102-1, and researcher Samuel Jaques all concur that AES-128 and SHA-256 remain safe post-quantum and that no symmetric key sizes need to change, so engineers should redirect migration effort toward the urgent asymmetric PQC transition instead of doubling symmetric keys.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fai%2F2026%2F04%2Fmozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150%2F%3Futm_source=tldrinfosec/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/BlNveIUdyMRDs3PNy8Nsvij4kkD8TtHZxcO0C2RxqQw=452">
<span>
<strong>Mozilla: Anthropic's Mythos Found 271 Security Vulnerabilities in Firefox 150 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mythos found 271 vulnerabilities in the pre-release code for Firefox 150, compared to the 22 vulnerabilities found by Opus 4.6 in Firefox 148. The model marks a turning point for defenders. Many of the vulnerabilities could have been found by fuzzing or human analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWwjJqu/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/8dwANjEAUef5WvnEYCYQkEeeDWIMIVLqTxITlqZeM5c=452">
<span>
<strong>Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unknown attackers pushed modified images to the official checkmarx/kics Docker Hub repo, overwriting tags like v2.1.20 and alpine and adding a fake v2.1.21 release. The trojanized KICS binary can create uncensored IaC scan reports, encrypt them, and exfiltrate them to an external endpoint, exposing credentials in Terraform, CloudFormation, or Kubernetes configs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FLEO5Px/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/jMlFPShPsbFu1j-enLkRQtWFXLVibk2TtujM8vXMPqU=452">
<span>
<strong>Anthropic Self-Pwned (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prolific model jailbreaker, Pliny the Liberator, utilized an agent running Claude Opus 4.7 to develop a universal jailbreak against Claude Opus 4.7 in less than 20 minutes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIEJtl8/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/YWsB5U8BhgvN2sHwPh1iKv68Vje-_YZHHBFXJZebfik=452">
<span>
<strong>UK intelligence: 100 nations have spyware that can hack Britain (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UK intelligence estimates that around 100 countries have bought cyber intrusion tools that could target British infrastructure, companies, and private networks.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/tD4mVcMT_aGBeMghNXLPKPzjstc9uLSM50I6Wmdf1Lc=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/xL1uXy4tZqynUZSsyRomcR8m9y3imZT4IniaV6MyHiE=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/CMlnKjbp8FjaLAu2XiPb1NvWgb_t6Dyt69J90f_8xiM=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/PZ-97IFqMarSuLtXIXcE90Y1VA8KveX00j3b7uQHb20=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/P2QuogwuaCb_kqLOqx9E521xQUPyZsQfiYj8tmBKpl0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/6myQ85aT6XG5qqpUuj52Gux96jGcyjuPDa3SiUS0xOA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/r4SmgaziGIB3C4BpTATuTvcXprGEjgf2McquB3vzOYU=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/06fEMk6VAzefyd5ZIzkKNCTpFqO3-iUe9s8Dra8ztck=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/N9mQZ7EQuO8aPb-vsmXx7wI_EGDtQdpkSjs6Uz8jJSk=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/RAPTWHy9YUXsFsZlNNIXp5q2pSfV8eu_BbP5kAP_02w=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=212a2e1e-3ecd-11f1-8684-3f1c25cf5135%26pt=campaign%26pv=4%26spa=1776949224%26t=1776949547%26s=ca55e25598fbf6198a2aa8504db92e7dabf76ba909e2c387b1d65b93ce7a61dd/1/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/Ywjn5XztmSXP5ooiNFBW40B_MJZ1yuaEy_S3GkMpl64=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dba725158-5c8eb699-6f88-4dd5-a078-39605de3feb7-000000/0otlhYv-D4CfaAXHGhGl9FjC03A6Js5XwaTJMAeXPCI=452" style="display: none; width: 1px; height: 1px;">
</body></html>