<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Have I Been Pwned flagged 7.5 million email addresses from Holland America Line's Mariner Society loyalty program. Carnival says a phishing attack β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/AdZw_lwdl5Y_lLNp9guXCutN59Lg97MPTr9c-33mRb4=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/Kd_9d9bGG4iv-PUvc0zNdsk8GQntERqKnmPVuMxntuA=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f2b2edc-41f6-11f1-95eb-e50a5e6d2850%26pt=campaign%26t=1777295269%26s=9aee0cd198063e8047b80876abf2ef234bf40406b45e665640fd6153ab789425/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/eTtEyfMMz82UvcgG-fkh_NU5P6Vgy0fNOQJMIfm-DwM=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn.prod.website-files.com%2F686c11d5bee0151a3f8021d6%2F69b12d5acd305c3cfb53a6e9_XBOW-Brief-AI-Has-Broken-the-Security-Model.pdf/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/LTK1CF8f2SEyI3lX-BsUYskxZwiUL0gBOVrey8DWKo4=452"><img src="https://images.tldr.tech/xbow.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Xbow"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-27</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn.prod.website-files.com%2F686c11d5bee0151a3f8021d6%2F69b12d5acd305c3cfb53a6e9_XBOW-Brief-AI-Has-Broken-the-Security-Model.pdf/2/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/N3NhwYa6SicHC-9ptWw0XdJUqrQmgfjzzVGkCnnghI4=452">
<span>
<strong>You can go to your dentist twice a year. Pentests don't work that way anymore (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-driven attackers don't wait between appointments. Automated recon, exploitation, and lateral movement run continuously, in parallel, and they don't need to rest.<p></p><p>Yet most security programs still rely on scheduled testing and manual validation. That's why Xbow says cybersecurity has entered <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn.prod.website-files.com%2F686c11d5bee0151a3f8021d6%2F69b12d5acd305c3cfb53a6e9_XBOW-Brief-AI-Has-Broken-the-Security-Model.pdf/3/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/ERYrEdiT3HzgpzNr68reLslkD4lT4vjC3l_ybwvX2tw=452" rel="noopener noreferrer nofollow" target="_blank"><span>The Chaos Phase</span></a>. </p>
<p>In their <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn.prod.website-files.com%2F686c11d5bee0151a3f8021d6%2F69b12d5acd305c3cfb53a6e9_XBOW-Brief-AI-Has-Broken-the-Security-Model.pdf/4/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/5fJ13AJWAorI3jbcnUglqNBzjnLSXgAMSm3sedunQ_8=452" rel="noopener noreferrer nofollow" target="_blank"><span>ungated brief</span></a>, they explain what changed, what breaks first, and how leading teams are adapting. AI-powered hackers aren't waiting for your next scheduled pentest. They're acting now. </p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcdn.prod.website-files.com%2F686c11d5bee0151a3f8021d6%2F69b12d5acd305c3cfb53a6e9_XBOW-Brief-AI-Has-Broken-the-Security-Model.pdf/5/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/_pOGG56G33ozwAOBOGquCMrpwEuPlcQKuPNrTui2Tz8=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the brief (PDF, ungated)</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F24%2Fshinyhunters_claim_cruise_giant_carnivals%2F%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/D6SDJ0T29S6SFibgXPSyjAFrSYNEiZ04chZdCW1jv6M=452">
<span>
<strong>ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Have I Been Pwned flagged 7.5 million email addresses from Holland America Line's Mariner Society loyalty program. ShinyHunters published the data after ransom talks failed, claiming to hold terabytes of corporate data. Carnival says a phishing attack affected a single user account, but the scope of the breach remains unclear. Exposed data includes names, birth dates, and membership details.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcitizenlab.ca%2Fresearch%2Funcovering-global-telecom-exploitation-by-covert-surveillance-actors%2F%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/Jen66ELcbxwDAa53cR07MacqiZE-G2l4Geg1t06u0Jw=452">
<span>
<strong>Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors (30 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Citizen Lab mapped live SS7 and Diameter attack telemetry to specific operator identifiers for the first time, exposing two long-running covert surveillance campaigns (STA1 and STA2) that exploited the global telecom interconnect ecosystem to track high-value targets across borders. STA1 rotated between 3G and 4G protocols using legitimate signaling identities from Tango Networks UK, 019Mobile Israel, and infrastructure spanning nine countries to evade firewalls, while STA2 deployed a SIMjacker zero-click binary SMS exploit linked to Swiss commercial surveillance vendor Fink Telecom Services, with over 15,700 tracking attempts dating back to October 2022. The findings expose systemic governance failures across the interconnect ecosystem, in which legacy peer-to-peer trust models, weak IPX screening, and unregulated Global Title leasing enable CSVs to operate as "ghost operators" within mobile networks for years without detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191343%2Fhacking%2Fcritical-bug-in-crowdstrike-logscale-let-attackers-access-files.html%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/pcB9YMDfYq32VioOgy2oYtxixIsSjEE44df2L2s5lJ4=452">
<span>
<strong>Critical bug in CrowdStrike LogScale let attackers access files (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CrowdStrike has patched CVE-2026-40050, a critical unauthenticated path-traversal flaw in a LogScale self-hosted cluster API endpoint that allows remote attackers to read arbitrary files from the server's filesystem, potentially exposing configuration files, credentials, and internal data. Discovered through internal product testing with no observed exploitation, the bug spares Next-Gen SIEM customers and was mitigated for SaaS users on April 7, via network-layer controls applied across all clusters. Self-hosted LogScale operators must upgrade to the patched version immediately, since a compromise of a log management platform at the heart of SOC operations could allow attackers to disable alerts, suppress logs, and pivot laterally undetected.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Func6692-social-engineering-custom-malware%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/X4AvwbwA6uvOp5AU_2LFv8kjoERcn-YegbyGMal64V0=452">
<span>
<strong>Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite (21 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UNC6692 ran a staged intrusion starting with heavy email spam and Microsoft Teams phishing, luring victims into installing a fake βMailbox Repair Utilityβ delivered via a malicious Edge-only landing page that harvests credentials and drops AutoHotKey-based loaders. The operation installed the SNOWBELT browser extension plus SNOWGLAZE and SNOWBASIN Python components to maintain a WebSocket tunnel, run a local bindshell, move laterally with PsExec and RDP, and exfiltrate data through S3- and Heroku-hosted C2 infrastructure, all mapped to concrete IOCs and ATT&CK techniques for defenders.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityscanner.dev%2Freports%2F2026-q2%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/WAjt44pstqtHB94nVhRThn8JosVgEmp86g_1znRBqos=452">
<span>
<strong>State of Vibe-Coded Security (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
4,783 AI-assisted apps were scanned, turning up 727 critical and over 5,000 high-severity issues, with 7% of Lovable and Bolt apps exposing Supabase databases publicly, while a YC control group had none. Several production systems leaked real data: therapy billing and schedules, full booking histories with chat logs, patient records via simple ID changes, CRM tables via public anon keys, and college enrollment data. Most criticals came from Supabase RLS left disabled, followed by client-exposed API keys, IDOR, unauthenticated OpenAPI endpoints, and AI-written code that referenced nonexistent security checks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.noxhunt.me%2Finside-the-computers-of-dprk-it-workers%2F%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/fWuK14-BcvpbU4x5zISanYKMhgwliSvRMnZIE6Tuyzw=452">
<span>
<strong>Inside the computers of DPRK IT workers (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NoxHunt shifted from ZachXBT's April 8 investigation into the luckyguys[.]site payment hub to retrieve infostealer logs from two DPRK IT worker devices via STEALINT, revealing the tradecraft behind the fraudulent freelance ecosystem. Both operators ("SuperDev" and "DevWisdom") used Korean Windows installs behind Astrill VPN with US/Japan exit nodes, used DeskIn and AnyDesk for remote work, maintained multiple fake GitHub portfolios with many repos across languages, and used AI interview copilots like jobright.ai and ntro.io while targeting Middle East clients, including fake Saudi gym brands linked to the Memvera/Shijazi88 persona. Defenders should look for Astrill VPN ranges, DeskIn/AnyDesk pairings, recent fake GitHub accounts with diverse languages and recycled repos, and virtual number providers on freelance platform signups.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Finfo.knowbe4.com%2Fsecure-ai-adoption-kit%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/berWvhMwn98OObbfggCD0iQjxIQZPU2Qd4lRCNT3XIk=452">
<span>
<strong>33% of enterprise employees use AI assistants daily. Most organizations have no idea what they're doing (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
83% of orgs don't have visibility into what their agents are doing. Find out how to close the gap with the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Finfo.knowbe4.com%2Fsecure-ai-adoption-kit%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr/2/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/1fByWpSsTy0UlgXHUzshbFDE-5VwRjOYSKnjIJlqN8c=452" rel="noopener noreferrer nofollow" target="_blank"><span>Secure AI Adoption Kit by Knowbe4</span></a> - a collection of practical whitepapers, webinars, frameworks and playbooks covering AI defense agents (AIDA), AI training programs, AI-powered risk management, and more. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Finfo.knowbe4.com%2Fsecure-ai-adoption-kit%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr%3Futm_source=hs_email%26utm_medium=email%26utm_campaign=dg-sat-campaign-26%26utm_content=ai_kit_tldr/3/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/sbsmFoiwpCCjBzvDs8kOG7fCajbYDgQ7lkiB2eGUvDo=452" rel="noopener noreferrer nofollow" target="_blank"><span>Download the full kit, free βοΈ</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkpolley%2Fredai%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/2RKs-3VR5J1H0IqoZcRhpH4VhnLmJkJZyWqYWw3IC8k=452">
<span>
<strong>RedAI (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RedAI is a terminal workbench for AI-driven vulnerability discovery and live validation, surpassing static scanning by spinning up validator agents inside the target to confirm or disprove findings. Scanner agents (Claude Code or Codex) triage source code into candidates, then validator agents execute PoC scripts, hit endpoints, click UI, and capture evidence like screenshots, transcripts, and logs. Built on Bun, it includes Chrome and iOS Simulator environments. RedAI treats validation targets as plugins, allowing extension to Linux VMs, Android emulators, Kubernetes, or embedded devices, with verdicts and full artifacts in Markdown, HTML, and JSON reports.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ftrailofbits%2Ftrailmark%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/2Dz1nIaQLxJGBqpbxvWMj177UK8S8J5EhonsOeol-Nw=452">
<span>
<strong>Trailmark (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Trail of Bits' Trailmark parses source code into queryable graphs of functions, classes, calls, and semantic annotations, using tree-sitter for AST parsing and rustworkx for graph traversal. It supports 21 languages, including Python, Rust, Go, Solidity, Cairo, and Circom, and exposes a QueryEngine API with security-focused operations. Trailmark also augments graphs with SARIF and weAudit findings, and supports structural diffing between git refs to surface attack-surface changes across PRs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcopperhelm.com%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/Tyvak8AfdyOvBIPde-sffz5ZxwQ95WWn7PhgJYlaHeY=452">
<span>
<strong>Copperhelm (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Copperhelm is a cloud security platform that enables autonomous agents to monitor cloud workloads, investigate suspicious behavior, and apply targeted controls, such as WAF rules, in real time for large enterprises.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F04%2Fresearchers-uncover-pre-stuxnet-fast16.html%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/tCMU2CArtf9NICpolDGoyjN5oQ8Kew8IJj39x_eL7Gs=452">
<span>
<strong>Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting Engineering Software (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fast16 is a Lua-based malware from 2005 that predates Stuxnet by five years. It targets high-precision calculation software like LS-DYNA, PKPM, and MOHID to inject systematic errors into engineering and physics simulations. The malware spreads through weak credentials and avoids systems with antivirus software installed. Forensic links tie it to NSA tools leaked by The Shadow Brokers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcommunity.bitwarden.com%2Ft%2Fbitwarden-statement-on-checkmarx-supply-chain-incident%2F96127%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/laGwBWB4P09FsDKfOWrvTGpXkk0EiB-LO_uXJSm_Eo0=452">
<span>
<strong>Bitwarden Statement on Checkmarx Supply Chain Incident (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A malicious @bitwarden/cli@2026.4.0 npm package, downloaded by 334 users between 5:57 and 7:30 PM ET on April 22, was contained within 93 minutes of the broader Checkmarx supply chain compromise, which propagated through a malicious Checkmarx VSCode extension on a Bitwarden engineer's workstation rather than a CI/CD dependency. The package's preinstall script triggered credential theft during installation alone, lifting tokens, SSH keys, and environment secrets, though analyses confirmed that vault data remained out of scope. Bitwarden issued a CVE, deprecated the package, shipped 2026.4.1, and directed impacted users to rotate exposed secrets, audit GitHub workflows and CI credentials, and clear npm caches with install scripts disabled during cleanup.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fgpt-5-5-bio-bug-bounty%2F%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/9gYeTJu4k2cv5OidkJG1n-sQuz7S1bo6jfJf-sNLHsg=452">
<span>
<strong>GPT-5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI has announced a new Bio bug bounty program for its GPT-5.5 model. The program is specifically a challenge to find a universal jailbreak that can lead the model to answer the 5 challenge problems that OpenAI prepared. The challenge is by invitation or application only and only applies to the model running in Codex Desktop.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Fresources%2Findex-reports%2Fq1-2026-digital-trust-index%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=wc-page-q1-2026-index-report%26utm_content=tldr-infosec-quicklink-04-27-26/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/I_LTaLYDmezsen2Owh0b2LNnHddKPsgDnCBjkKTTmdA=452">
<span>
<strong>73% of consumers have abandoned checkout due to payment security concerns: Sift Report (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As fraud shifts upstream, confidence at checkout weakens and conversion drops. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Fresources%2Findex-reports%2Fq1-2026-digital-trust-index%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=wc-page-q1-2026-index-report%26utm_content=tldr-infosec-quicklink-04-27-26/2/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/pZcoqmHNLIUDfIOFJK0Y7xV2TXueJvudxsbk9MaItfo=452" rel="noopener noreferrer nofollow" target="_blank"><span>See what's driving it.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FgjtZie/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/ax8ZXCyGTn4IDOPzYBO_zDtyx5JQdItFLKk3tXGGjWA=452">
<span>
<strong>White House Accuses China of Industrial-Scale Theft of AI Technology (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The White House released a memo accusing βforeign entities, principally based in Chinaβ of stealing AI models via distillation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberinsider.com%2Fxchat-launches-standalone-ios-app-as-security-concerns-remain%2F%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/AgWlOKvk1ipG9KJLcS3HxnEy_RL7xYVIHwyw6u6CywY=452">
<span>
<strong>XChat launches standalone iOS app as security concerns remain (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
X shipped a dedicated XChat iOS app marketed as end-to-end encrypted, but Mysk's traffic analysis found that all Juicebox protocol "realms" hosted under x.com domains lacked certificate pinning, allowing X to reconstruct private keys protected only by a four-digit PIN.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.fcc.gov%2Ffaqs-recent-updates-fcc-covered-list-regarding-routers-produced-foreign-countries%3Futm_source=tldrinfosec/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/8FJsVnxFRl-sdfOrVuDRHoQ9VCjp9XhmmkkJws-Te3E=452">
<span>
<strong>FAQs on Recent Updates to FCC Covered List Regarding Routers Produced in Foreign Countries (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FCC added all foreign-produced consumer routers (including ISP residential gateways and LTE/5G CPE) to its Covered List on March 23 following a White House interagency National Security Determination, blocking new equipment authorizations and US import or sale unless DoW or DHS grants a Conditional Approval while leaving previously authorized devices and consumer use untouched.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/sOdvDJSHSX_96m0gmTzT07qzJt0FN9C7mKs0-v3QTe4=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/zRmKyqNHgiiEJyOlxzVFGP1PZaeOOLtJ01aQCG9oR2A=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/VCE6fpbQWG9oWeo6-S7LhONV82-r4Fb_NqC-OnysXgY=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/YVnRGM43rLaMTiXh6YkGmrceIldeNSItbQmXJi6Zgek=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/njezGKkQEkXP8uqf28jTmLtL9QGxL8ybOAgidFiAJug=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/b399CHQlL23Cj16FcBu22d8-15aecntOBTFiYveay8k=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/Aeu986laWNjMExEDHJZPtrwOiTdMN9fGoHF1DpM75tI=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/INmsw_tFtIOZc_FfLrlWP6eVg39uoaDpsR69hj4yYbc=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/_3o5_Cx1xL0A4NGGrkRixLtdfhFC9KUSc1WMK4NgrI0=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/c_8OkmkgA7szCZVxrMQjexTJ4E3YBVmaWV6oTQ5Mo-U=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3f2b2edc-41f6-11f1-95eb-e50a5e6d2850%26pt=campaign%26pv=4%26spa=1777294918%26t=1777295269%26s=8b06f85f1f14529f4c11b6336f727b8cd2651223334c37cf165b55cd5c426ddd/1/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/YflIRJlcSmZAeO1TsQrhzQaxz6jVqnFd8GSbDPorqP8=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dcf0da01e-2a97bf51-6d3d-4a24-ba3c-6292b58148e7-000000/cvZfsxMvZU42B8f9OaYf5uuHZeq34-e6l6U4jX8OnFU=452" style="display: none; width: 1px; height: 1px;">
</body></html>