<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-35414 affects OpenSSH versions from the past 15 years. A code reuse error allows commas in SSH certificate principals </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/mVrtjsBRPJvp8IZHtcWI1wfAXvFsZlmSliODqNLG23A=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/wROWVwbIhyICMKmdPqLcUAjDddbsw8nD1VNAtd6fKn4=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f341da12-42c1-11f1-8277-9d65e0900500%26pt=campaign%26t=1777381721%26s=0b9f2d78c2ba8cd459a5bd798ca024dde25077c380926ba401f52dbaa20ee3ed/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/4113qgvKyXPsDijx0QhircWPtsygdWlrzCCVsFD9gkk=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25202%26utm_term=Primary/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/nLg7SJqTWzbLmgnGqnoRaj07-2doTI8lwynEDWAbPh4=452"><img src="https://images.tldr.tech/delinea.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Delinea"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-28</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25202%26utm_term=Primary/2/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/BxQXXRURP8erWBV8fJtsdvVUsFTOXjqgcnI-Teh_jT4=452">
<span>
<strong>IT folks are confident about AI security readiness. The evidence suggests they shouldn't be (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IT decision makers think security systems are ready for AI, but huge blind spots remain. In this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25202%26utm_term=Primary/3/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/FAKC-52DLQExNzSFhm_Bd9B-srVJlK3ioLjQCcMUmtw=452" rel="noopener noreferrer nofollow" target="_blank"><span>survey of 2,000 leaders</span></a>, <strong>Delinea</strong> found a surprising mismatch between perceptions and verifiable information.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25202%26utm_term=Primary/4/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/XMrmIQOD1GgHm4TKzcVt4g7TsIZgcKFNYLqkvXUQv00=452" rel="noopener noreferrer nofollow" target="_blank"><span>Inside the report</span></a>:</p>
<ul>
<li>The AI security confidence paradox and what's driving it</li>
<li>Why non-human identity visibility remains a critical blind spot</li>
<li>The governance gaps most commonly left outside traditional controls</li>
</ul>
<p>Download the report and learn practical steps for hardening your identity security in light of AI innovation.</p>
<p>⬇️ <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25202%26utm_term=Primary/5/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/qToQu6mC2Yjf8Oa1lEY5AOWDgUwVno2PkiuGMOhhfJg=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get your free copy</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.coindesk.com%2Fmarkets%2F2026%2F04%2F26%2Flitecoin-says-its-13-block-reorg-was-not-a-zero-day-but-github-commit-history-shows-otherwise%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/qEjQH4d1z-jfKsNuuQ6kq9vpnzQQkj07Evp6Od8WTI8=452">
<span>
<strong>Litecoin hit by denial-of-service attack, rewrites 13 blocks to reverse effect (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers exploited a Mimblewimble Extension Block (MWEB) consensus flaw on Litecoin late Friday and Saturday to slip invalid peg-out transactions past unpatched nodes, while a denial-of-service attack knocked patched mining pools offline. This allowed the unpatched fork to extend for roughly 32 minutes before the network reorganized 13 blocks back to the valid chain. Despite the Litecoin Foundation labeling the incident a zero-day, SEAL911 researcher bbsz pulled the public litecoin-project commit log, showing the consensus bug was privately patched between March 19 and 26 — over four weeks before the attack — with both fixes bundled only into release 0.21.5.4 on April 25, after exploitation had begun. Aurora CTO Alex Shevchenko noted that the attacker pre-funded a wallet via Binance 38 hours ahead, with a DEX swap path from LTC to ETH already configured. The episode highlights a structural risk for older proof-of-work chains where independent mining pools choose their own upgrade timing: silently merging consensus fixes into public repos creates an exploitable window for adversaries who can diff commits and identify which pools have not yet rolled out the patch.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FHTFXOF/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/vL7SenAe0vHQUEh8pGSfjzL9yWNv8PBQwp4dbc_bGro=452">
<span>
<strong>ADT Confirms Data Breach After ShinyHunters Leak Threat (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Home security company ADT confirmed that it suffered a data breach after ShinyHunters claimed to have stolen 10M records and threatened to release them. ADT stated that the leaked data mostly included names, phone numbers, and addresses. However, in a limited number of cases, dates of birth and SSNs or tax IDs were also included. ShinyHunters stated that they breached ADT by vishing an employee to gain access to their Okta account, which they used to access Salesforce.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F27%2Fcritical-infrastructure-giant-itron-says-it-was-hacked%2F%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/qFoMv3lPX5WctYAYYkqus-5JBit78wtZ6b1jf2xkKPI=452">
<span>
<strong>Critical infrastructure giant Itron says it was hacked (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Itron reported a mid-April network intrusion in an SEC filing after being notified that attackers had accessed some internal systems, then said it removed them and saw no further activity. The company states customer-hosted environments were not affected, though it warns future regulatory filings may follow if a data breach is confirmed. Itron has informed law enforcement and activated contingency plans and backups.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.miguelgrinberg.com%2Fpost%2Fhow-bitwarden-encrypts-and-decrypts-secrets%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/DmF77v9MGkgvqdy_VVKGiwIlS1letBrFIs8XcmUnAtg=452">
<span>
<strong>How Bitwarden Encrypts and Decrypts Secrets (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Grinberg reverse-engineered Bitwarden's vault cryptography from the Bitwarden and Vaultwarden source, documenting the format 2.{iv}|{ciphertext}|{mac} where ciphertext uses AES-256-CBC with PKCS#7 padding and the MAC is HMAC-SHA256 over iv || ciphertext. The 64-byte master key splits into a 32-byte AES key and a 32-byte MAC key, while the wrapping key derives from PBKDF2-HMAC-SHA256 over the passphrase salted with the email at 600,000 iterations, then expanded into encryption and MAC subkeys via HKDF-Expand using the literal context strings enc and mac. Defenders should treat this as a roadmap for offline vault decryption from a stolen Vaultwarden SQLite file: passphrase strength and PBKDF2 iteration count are the only barriers once the encrypted master key is exfiltrated, so audit KDF iterations, consider migrating to Argon2id, and monitor Vaultwarden DB access paths.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.magonia.io%2Fresearch%2Fwhy-a-decade-of-writing-detection-logic-makes-the-mythos-exploit-numbers-less-scary%2F%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/fGijmHaSaloYK9XXWjb-ITIPQGOdOX8LAfCsvJ5DCow=452">
<span>
<strong>Why a Decade of Writing Detection Logic Makes the Mythos Exploit Numbers Less Scary (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's Mythos model is finding thousands of vulnerabilities, and Mozilla confirms they're real. However, behavioral detection has never matched exploits 1:1. Defenders focus on behaviors, not individual CVEs, Microsoft Office has over 1,000 RCE vulnerabilities, but detecting Office documents spawning child processes catches them all. Machine learning-based anomaly detection won't help: it's bad at identifying novel attacks, suffers from drift as environments change, and false positives spike when benign traffic shifts. A false positive rate of 0.001 results in 1,000 false alerts per day in a million-event environment, drowning out analysts. Behavioral rules targeting actions without a legitimate purpose remain stable over the years and don't drift. The real threat isn't exploit volume, it's AI agents getting access to sensitive systems and prompt injection attacks that use legitimate credentials to execute malicious actions users never see.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fai-code-review%2F%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/Y5jbo56mXcwOlj_Fv-clqsgYiTc3DEao2pWrI27379I=452">
<span>
<strong>Orchestrating AI Code Review at Scale (19 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare uses a multi-agent code review system that allows them to perform automated code review in a matter of minutes, as opposed to previous human bottlenecks. An orchestration agent uses a series of user-defined plugins to launch subagents for: code quality, security, performance, documentation review, release review, and AGENTS.md review as necessary. In the first 30 days, the system completed 131k reviews with an average cost of $1.19/review and time to completion of 3 minutes and 39 seconds, and found nearly 160k findings, 5% of which were critical.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F3Qzz7Ga%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/N7ugmkt1ILa-FYRcnfXjvOPtlYaCwxqF83V5_dffDME=452">
<span>
<strong>Join us for Windows Server Summit 2026, May 11-13. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Real-world architecture guidance. Scenario-based deep dives. Actionable insights. Learn from product leaders as they share the latest Windows Server 2025 innovations plus Azure Arc enabled hybrid and multicloud scenarios. Get the insights you need to run your cloud-to-edge infrastructure. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F3Qzz7Ga/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/--AN39V9ZlUu5ThzNFei_Zj5x5daktO45CeL8xY7pwU=452" rel="noopener noreferrer nofollow" target="_blank"><span>Learn more & save the date.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKarib0u%2Frustinel%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/qWILdJy31DPAuUHWcc8CEeBmM1H1-QFxW-7E_Qe4Iyg=452">
<span>
<strong>Rustinel (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Karib0u's Rust-based user-mode EDR uses ETW for Windows kernel telemetry, normalizing data into Sysmon schemas for Sigma, YARA, and atomic IOC matching. It features active response, hot-reloadable rules, and extensive enrichment like PE metadata and parent-process correlation. Note: While the README claims a v1.0 release with Linux eBPF support, the repository remains an Alpha Windows-only tool (v0.3.1) lacking eBPF code.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwitness.ai%2F%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/_cRptoIzYlEz4mAv1tXPepxFkNDe8rQ6VnPyWsIPdgo=452">
<span>
<strong>WitnessAI (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WitnessAI provides a security and governance platform that monitors AI use by employees and autonomous agents, applies behavior-based policies, blocks prompt injection and multi-turn attacks, and traces agent decisions and data access for large enterprises across multiple sectors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fthomaspreece%2FGitHub-Token-Tester%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/EZ8nY-2Xds1ZrY_1kH9JX6WTG7NvxYDdG_zqpTLa99w=452">
<span>
<strong>GitHub Token Tester (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitHub Token Tester is a tool designed to enumerate what permissions a GitHub token has.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zetter-zeroday.com%2Fhwiper-targeting-venezuelas-state-oil-company-discovered%2F%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/HZb50kdWatKx7Q-PasDWIgHoBh3XB7d26qB7crL2XwI=452">
<span>
<strong>Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lotus Wiper is a destructive malware family with PDVSA.com hardcoded into its OhSyncNow.bat trigger script that overwrites drives, deletes backups, and scrubs system logs to render machines unrecoverable, with a compilation timestamp from late September 2025 suggesting months of attacker preparation. Researcher Ben Read flagged the embedded domain as evidence of a precision weapon aimed at Venezuela's state oil company, and a Venezuelan submitter uploaded the binaries to VirusTotal on December 14, one day after the December 13 PDVSA breach that Bloomberg later reported had crippled administrative systems, SCADA at refineries and pipelines, and payroll for over a month. The wiper specifically suppresses the Windows Interactive Services Detection service removed after Windows 10 v1803, indicating prior reconnaissance of PDVSA's sanctions-frozen legacy stack and raising fresh questions about US involvement given the proximity to January's military operation that seized Maduro.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FqDafma/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/DjUx_dYnD-DtvwPbdP0ivdupa-QxT7EIImOBoM5BMlk=452">
<span>
<strong>An AI Agent Just Destroyed Our Production Data. It Confessed in Writing (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PocketOS founder Jer Crane recounted how Cursor running Claude Opus 4.6 deleted his production database and all volume backups in a 9-second volumeDelete GraphQL mutation against Railway, after the agent unilaterally scavenged a CLI token from an unrelated file to "fix" a credential mismatch in staging. Three architectural failures cascaded: Railway's CLI tokens carry blanket root authority across the GraphQL API with no operation, environment, or resource scoping; the destructive endpoint ships without confirmation, environment checks, or cooldowns; and Railway's volume "backups" sit inside the same volume they back up, so wiping the volume erased both, leaving a three-month-old copy as the only restore point. The agent's written postmortem enumerated every system rule it violated, underscoring that LLM system prompts are advisory rather than enforcing — defenders integrating AI agents must push guardrails into API gateways, scoped tokens, out-of-band approvals for destructive ops, and out-of-blast-radius backups, and should audit Railway token scopes before connecting mcp.railway.com to anything production.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fj2Qv4o/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/tFFPYPTKiqFSMmYQajVkDQF5wyj0GR8925iX_R-h-VE=452">
<span>
<strong>OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-35414 affects OpenSSH versions from the past 15 years. A code reuse error allows commas in SSH certificate principals to be parsed as list separators. If a certificate contains "deploy,root" as a principal, OpenSSH splits on the comma and grants root access. The attack leaves no authentication failure in logs and researchers created a working exploit in twenty minutes. OpenSSH 10.3 patches the flaw.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgrahamhelton.com%2Fblog%2Fsorry-dave%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/Ulem-XGG8Xaq-h6aqG_v0kdG5RWckQqhOzipXxEujyM=452">
<span>
<strong>I'm Sorry Dave, This Request Triggered Restrictions On Violative Cyber Content (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following Vercel's April breach via Context.ai, attributed to attackers "significantly accelerated by AI," Anthropic launched a KYC-style Cyber Verification Program with Opus 4.7, Mythos, and Project Glasswing, mirroring banking's CIP/CDD/EDD pillars to gate security efforts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F04%2Fcheckmarx-confirms-github-repository.html%3Futm_source=tldrinfosec/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/jf2KPmEIQwLCql5LIu3-kiPdPiLwZinSV2h9saNdR9I=452">
<span>
<strong>Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Checkmarx confirmed data from its GitHub repository appeared on the dark web following a March 23 supply chain attack.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/UkW1n4u-TUUG-V5o3WkQOPVNjgN_g9ltxitUPMtzpSk=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/S0ZdzK9QmercWd7A3mhq6LaNB7NdTZUZztppMCP_GXo=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/Qr1Mo6SJtxh35EMlJ9AdnFDipzgrOkMjD34w8sgY5Sc=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/LbdBhE0tGzI0xDFwoC4JpkF8GFMsJDvRkbN4SRsZASc=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/kVVr2WOI7vi7OP0D6OzcSxGqULcyQU6k4MCxqUERuho=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/Y50o2LcTITKhA_cfFJpSKCjwndrxjseunVsXJC9MhaQ=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/WFS5zM1PXoY_xzqL95DTD3Ss5aUF70RB3zebX1HIvwA=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/LRQEYlwMXpLCN4SMbshNbRmYYgfjbKfIaiBzv-k9t_4=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/1ysroda-G5QQJQui4A6qnJs2cli0Bgn6CPnTDnplvaQ=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/n1m5PhE91Zd8g0-CJefimptDhkiI3omBUxuHyK_HCJw=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f341da12-42c1-11f1-8277-9d65e0900500%26pt=campaign%26pv=4%26spa=1777381407%26t=1777381721%26s=4d94d38fac6798bdc33cf608abda8637b869393485e4d91b26e8812a2ad85d7c/1/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/k4zunhnq18DQC2sSZXrRhPT3pOUXJFYHq2JkDZEiuuA=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dd434c731-2c55a53d-461e-4dd6-9d61-f7784f5d261f-000000/VhcCo4f7wtphKBHPxNeFCfEBg3Kkwy9WEKYbtFqHkHQ=452" style="display: none; width: 1px; height: 1px;">
</body></html>