<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Medtronic has confirmed a hack by ShinyHunters, who claimed to steal 9 million personal records and terabytes of corporate data β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/757NoICH21Ekr9nozRW6QP0khbCgvaJ_obe5VjfNTWc=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/efUp2kKbzdvROPNdKeqwLdc0klL-cW3ao2ftI7asZus=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3978c87e-43c6-11f1-a798-af89a1123bc2%26pt=campaign%26t=1777468642%26s=b3bc3be28572262b5b8e850e6d2edc69965824ddab594294fe88fa1ba268c1bd/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/wT4DVsd98KRUbj2JYoCHL53NLaTWdiph1E-UBdJW1Bo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/j7ehGzqYN0Q83d41KA32QIZdqYUle2jtw-DXCPDf9Og=452"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-29</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/2/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/SDK4jiVaeQfVTNYeheGX6TTF9YqqD77CAgFQJTtFVao=452">
<span>
<strong>The 1,500% surge in AI-related threats was just the beginning (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered cybercrime is scaling, but not in the way you think. Ransomware is up 53% and it's mostly identity-based extortion, not technical file encryption, that's to blame.<br><br>Flashpoint's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/3/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/9gU5Vo4p3L5-eq886_qfMTNAgIg0sexD9VfA0Q8zCN4=452" rel="noopener noreferrer nofollow" target="_blank"><span>2026 Global Threat Intelligence Report</span></a> provides a data-driven view of the 2026 threat landscape. Readers will learn:
<p></p>
<ul>
<li>Why threat actors are <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/4/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/EJm2L-em6_hB5JbKLq1VpdzLVRGdJVP0IyE1oGGlLKU=452" rel="noopener noreferrer nofollow" target="_blank"><span>transitioning from GenAI to autonomous agents</span></a> that execute end-to-end attacks without human intervention.</li>
<li>How the professionalization of groups like RansomHub and Clop is scaling the cybercrime economy.</li>
<li>How 3.3 billion compromised credentials and cloud tokens are making identity the primary exploit vector.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/5/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/MtMhpdlS6Wy6Js9A5OFKz9_KGtrzHdWNQU7cMLiuBAQ=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsamizdat.dev%2Fphantom-patch%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/HEolae6cp0gg0-TLU8IQVDhbU7h3WJ8iezqdqgXn_8Q=452">
<span>
<strong>Phantom Patch (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researcher Egor Kovetskiy demonstrated that GitHub's .patch URL export embeds the full commit message inline with the real diff, so when an unsuspecting user runs the common wget patch workflow, GNU patch parses diff-shaped text smuggled into the commit message and applies it as if it were part of the legitimate change β in his public reproducer, creating an out-of-scope SHOULD_NOT_BE_HERE.md that GitHub's UI never shows. Local testing escalated the impact: GNU patch accepted writes to .git/hooks/post-applypatch (silent code execution on the next git am), while git apply and git am rejected the .git/... traversal but still applied injected diffs to ordinary working-tree files. Only git cherry-pick, which operates on Git objects, was unaffected. Defenders should stop piping .patch URLs straight into patch -p1, prefer git am or git cherry-pick from a trusted local clone, inspect commit messages for embedded diff --git markers before applying, and audit CI and bot pipelines that auto-fetch GitHub .patch files for this injection vector.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FxNxcFc/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/DyXOBJt5Zc4cT4gZZVUDGVxWJyiPLVSt4UNA1CFjvEg=452">
<span>
<strong>PyPI Package With 1.1M Monthly Downloads Hacked to Push Infostealer (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Python `elementary-data` package was compromised to steal developer data and cryptocurrency wallets. `elementary-data` is a popular data observability tool used by data engineers working with data pipelines. Researchers at StepSecurity state that the package was compromised via a malicious commit that exploited a GitHub Actions script-injection flaw.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBpbk5k/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/I27xQTp7qNHjrfmL-0CMYnbw3QifNSUxrTNeJuQWgRI=452">
<span>
<strong>Video Service Vimeo Confirms Anodot Breach Exposed User Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Vimeo has disclosed that data belonging to some of its customers and users was compromised following a breach at anomaly detection company Anodot. The company stated that its initial investigation suggests the data mostly contained technical details such as video titles and metadata, though, in some cases, customer email addresses were also exposed.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fblog%2Fglobal-campaign-discovered-with-modbus-plcs-targeted%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/qR0VBkoyFw0jhzIjchXOkoXZZdlJrwpDn3m9_1BYBao=452">
<span>
<strong>Global Campaign Discovered with Modbus PLCs Targeted and China-Geolocated Infrastructure Observed (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cato Networks documented a three-month global campaign (September to November 2025) hitting 14,426 internet-exposed Modbus/TCP PLCs across 70 countries, with manufacturing (18%) leading the sector breakdown and the US, France, and Japan accounting for 61% of targeted IPs. Activity progressed from automated Read Holding Register (0x03) reconnaissance (~235.5K requests from 233 IPs) through scripted fingerprint-then-read playbooks (0x2B/0x0E paired with reads at 0xB414) to higher-impact behaviors including DoS-style bulk reads of 124 registers (one source generated 158.1K reads against a single target), 3,240 Write Multiple Registers (0x10) attempts from one IP starting at 0x0BB8, and rare expanded device-identification (0200) probes from six China-geolocated sources flagged as higher-intent infrastructure. Defenders should keep Modbus off the public internet entirely, enforce OT/IT segmentation with strict source allowlisting for any required reachability, and block unsolicited inbound 0x10 writes by default to prevent register-level manipulation of physical processes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.reg.rip%2Fexploiting-the-ladybird-browser.html%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/PWbaFdli5NbTWs9kwIVfvlOKtRE6KYoeT_ynje70d_M=452">
<span>
<strong>Nightmare of the JavaScript Optimization (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A researcher has discovered a patched use-after-free (GHSA-w89h-j2xg-c457) in the Ladybird browser, where WebAssembly SharedArrayBuffer growth caused dangling pointers in its JavaScript engine. The assembly interpreter's fast path bypassed validation, allowing an exploit chain that leveraged FixedArray overlap and fake TypedArrays to achieve RCE via vtable falsification and libc system() calls. Defenders should monitor rapid TypedArray allocations, enforce bounds checking on interpreter fast paths, and ensure that cached pointers are invalidated during memory reallocations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fautonomous-ai-cloud-attacks%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/9b0TOTW3x-z8mWTTlQcr4MItxjKXWxAHgJDylfEIsA0=452">
<span>
<strong>Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Palo Alto Networks' Unit 42 built a multi-agent offensive security system and tasked it with attempting to exploit a webapp and export data from a BigQuery table with the privileges it obtains. The system consisted of an orchestrator that managed the test, an infrastructure agent responsible for tasks such as port scanning, an application security agent responsible for testing the discovered application, and a cloud security agent responsible for cloud-related tasks. In the test, the orchestrator began by requesting that the infrastructure agent perform a network scan, then tasked the application security agent with finding and exploiting an SSRF vulnerability in a discovered web application, and finally tasked the cloud security agent with using the credentials stolen in the previous step to exfiltrate BigQuery data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q2-0520-web-brand-na-broad-all-x-x-x-premiere-declassified%26hnt=yrdabgevrtra/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/hvt_TuX-r7gDnwks_OMVqhIq_N3sa6VSMPHJCCoVGiw=452">
<span>
<strong>Unfriendly Followers: The Black Market For Your Identity (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybercriminals crawl your posts, LinkedIn, and websites to build a target profile on you. Caitlin Sarian (aka Cybersecurity Girl), former Global Lead of Cybersecurity Advocacy at TikTok, joins Huntress _declassified to expose how OSINT fuels attacks β and how to protect yourself. π <a class="_1ibi0s3e6 markdown-link _1ibi0s376" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fdeclassified%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q2-0520-web-brand-na-broad-all-x-x-x-premiere-declassified%26hnt=yrdabgevrtra/2/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/r-KwYHpyNbVLpj95Rlj6Xb58qdvByIc-H_OjAjt3TvY=452" rel="noreferrer" target="_blank"><span><strong>Register now</strong></span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Frepowise-dev%2Frepowise%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/OAvoOZOJuMUph5B_BQJXJbAxjp_wt_IGoi51UquiMAc=452">
<span>
<strong>Repowise (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Repowise indexes codebases into four intelligence layers (dependency graph, git history, auto-generated documentation, and architectural decisions) and exposes them to Claude Code and other MCP-compatible agents through seven task-oriented tools, claiming 27Γ fewer tokens per query and 36% lower cost on a 48-task SWE-QA benchmark against pallets/flask. Built in Python 3.11+ under AGPL-3.0, it covers 14 languages with full AST support for Python, TypeScript/JavaScript, Java, Go, Rust, C++, and C#, and ships hotspot and co-change detection, dead code analysis, bus factor warnings, and architectural decision records, plus PreToolUse/PostToolUse hooks that inject graph context into agent searches without LLM calls. Self-hosted with BYOK for Anthropic, OpenAI, or Ollama and zero telemetry, though benchmarks are first-party and security-relevant features like CVE-aware vulnerability scanning and dependency risk surfacing are gated to the paid hosted tier rather than the open-source release.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.spectrum.security%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/n4Sz9p1VDcC-4o3ajfT1tUgwB56QSZRUE3ywhy06HIQ=452">
<span>
<strong>Spectrum Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spectrum automates threat detection by identifying coverage gaps in existing SIEM, EDR, and data lake tools. It generates production-ready detection logic tailored to each environment, reducing engineering hours and enabling continuous monitoring.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fprowler-cloud%2Fprowler%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/2nSlfOSbcaohpFADqNqOvOBva7paNV7XoAK--J6d69s=452">
<span>
<strong>Prowler (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prowler is the Open Cloud Security Platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.lukaszolejnik.com%2Fthe-european-commission-is-turning-google-search-into-a-privacy-and-national-security-risk%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/_mk06n4bI0GVPl023Dk7UDHdPLETwI6TflQ1NHu9xlA=452">
<span>
<strong>The European Commission is turning Google Search into a privacy and national-security risk (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The European Commission's draft DMA implementation would force Google to stream EU users' individual search queries, timestamps, location buckets, device classes, and click sequences to qualifying third parties via a daily API feed. The proposed sanitization collapses under trivial attack: the 50-signed-in-user threshold over 13 months allowlists query components for five years, so adversaries can mint persistent selectors by issuing target searches from 50 accounts, while 3 kmΒ² location buckets joined against destination logs expose named individuals, clinics, embassies, and government quarters, including the European Parliament and the EDPS. Hostile states could buy in cheaply by funding a formally compliant AI search wrapper or front company, turning the feed into one of Europe's largest mandated privacy and national-security risks of 2026.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQCtkSA/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/S21HqeKhkxvPc3k3URJzh7JbPqu3EGQq6bWwJUFOVtk=452">
<span>
<strong>Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Medtronic has confirmed a hack by ShinyHunters, who claimed to steal 9 million personal records and terabytes of corporate data. The attackers listed the medical device company on their leak site on April 17 with a ransom deadline of April 21. Medtronic was removed from the leak site, suggesting possible payment. The company says manufacturing, products, and patient safety remain unaffected, but hasn't confirmed data theft.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F04%2Fopen-source-package-with-1-million-monthly-downloads-stole-user-credentials%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/Lh_c-Xe0Ia8OUgt9iM6lzwzo1YITxTlcgdpSAfSX6-Q=452">
<span>
<strong>Open source package with 1 million monthly downloads stole user credentials (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers abused a GitHub Actions flaw in the element-data project to steal signing keys, then shipped a malicious 0.23.3 release that exfiltrated warehouse credentials, cloud keys, API tokens, SSH keys, and env contents before it was removed about 12 hours later. Affected users should install 0.23.4, check for the trinny marker file, purge caches, and rotate exposed secrets.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F28%2Fpitney_bowes_is_the_latest%2F%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/6qoUB5oeUNXBxNeMdxVBamRrSW6j4OxGIBqA76mTWqY=452">
<span>
<strong>Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters claims to have stolen Pitney Bowes data, including 8.2 million unique email addresses plus names, phone numbers, and physical addresses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7BmNJj/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/Lnoh7TVZOblM4dCl4x-DtHhIDYyIT47o2GqxIOFZ7Dg=452">
<span>
<strong>US reportedly charges Scattered Spider hacker arrested in Finland (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 19-year-old US-Estonian citizen linked to the Scattered Spider group was arrested in Helsinki and is facing charges for wire fraud and computer intrusion.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191425%2Fintelligence%2Fsignal-phishing-campaign-targets-german-officials-in-suspected-russian-operation.html%3Futm_source=tldrinfosec/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/-DF8ZRCd9hHO5OkC5Rmo6q_mG9DGLwLJS2kLOltn9eM=452">
<span>
<strong>Signal Phishing Campaign Targets German Officials in Suspected Russian Operation (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
German prosecutors are investigating a suspected Russian phishing campaign on Signal that compromised hundreds of accounts, including those of military personnel, diplomats, and Bundestag President Julia KlΓΆckner, by exploiting linked-device QR codes and impersonation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/rNj4P0GXGc0Oy1wL2uXr_ppTG7vn7dBaOEEblOiz98I=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/iC4vZza9v1JlGUDMqU8q0LK0bYCM79a6jVvKNQ03RlM=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/6aF2U3uEwxOCLOVRbaLJdVIM_dmX0mqzBPRJE6WlMo4=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/rZYsqN0HjG9BwW9Rf0xjWP7vIq0T52DdOQkN5z-U1tY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/BM8F9vjExsx764KsrAqJuJYw7zxVznd5KW10xkRqjNU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/bGkYbzmnAYG24lDApgY5vEw1pbiUb1h_GF122eVwRPE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/Fw6S-NssL6LF8BMHqQ1_5mu63yGILusF6iDePDKCi7c=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/hl-EQcGCxYNqY-CkonWhvn-D7AgcLdpoE4oYsAYFsGk=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/LkdNCa1EmV-vAQV9nmTuAr_t1M6O5oebUP1IQ11qMJ8=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/5mUHYpXNge-hB8cFAxVSuMOxPGabVG13pHGod4Vn4Ww=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3978c87e-43c6-11f1-a798-af89a1123bc2%26pt=campaign%26pv=4%26spa=1777467670%26t=1777468642%26s=a0f8730c15cfb90607fba5982d62364df53f3346b9b992321310fd2cd91a3247/1/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/fwQxU5qzXlXmX0hgNhbS4hllFRchYNiDpZVGDZGOZKg=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dd96314aa-3bdf4404-a79f-43a2-9ce8-144525b830b9-000000/6wEBEu0DPWNIe4P6z2fANcNQ4ISlQeqnZ-Cvl3H2SqQ=452" style="display: none; width: 1px; height: 1px;">
</body></html>