<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-3854 (CVSS 8.7) is an X-Stat header injection flaw in GitHub's internal git pipeline, where babeld embedded git push option values β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/m2fgiTHRIXpZMTE3ItRuT7LmzUV23T814Qm2eHzsbB0=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/C_1XzXn61tjkXBV5AqKH-bsaD11pBG7G9HUHniFPhM8=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=11bdaa9c-4449-11f1-9645-8f3b5ee75c08%26pt=campaign%26t=1777554332%26s=1eef1841b16787bc96d20fb2653df586fd271fb1662551896ab6daad32de902c/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/QugyjEzb3lQKCZzfqUQLEpA4dn6iFfn8eWaBV_hpqjg=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-30</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fgithub-rce-vulnerability-cve-2026-3854%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/eQ4Sbtaqa6wYwuabzF2GL1HH-fY72WX698qmNVj7Zqk=452">
<span>
<strong>Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-3854 (CVSS 8.7) is an X-Stat header injection flaw in GitHub's internal git pipeline, where babeld embedded git push option values without sanitizing semicolons, letting any authenticated user override security fields via last-write-wins parsing on a single git push. Chaining injections of rails_env, custom_hooks_dir, and repo_pre_receive_hooks bypassed the sandboxed pre-receive path and triggered path traversal, allowing execution of arbitrary binaries as the git service user, resulting in RCE on shared GitHub.com storage nodes hosting millions of cross-tenant repositories and full compromise of GHES <=3.19.1. GitHub patched GitHub.com within 6 hours. GHES admins must upgrade to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, or 3.19.3 immediately, since 88% of instances remain vulnerable.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techradar.com%2Fpro%2Fsecurity%2Fthis-firefox-vulnerability-may-have-been-tracking-all-your-private-tor-identities-even-in-private-mode%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/XeScftlxbO4MP5bFhX7HgXVoefggXTUtLz72OW0IlHU=452">
<span>
<strong>This Firefox Vulnerability May Have Been Tracking All Your Private Tor Identities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers have identified a new vulnerability in Firefox and Tor browsers that could allow websites to track users. The vulnerability stems from IndexedDB returning entities in a fixed order, which could be used to construct a unique user identifier. This behavior persists even in Private Browsing mode until the Firefox process exits, and in the Tor browser, even through the New Identity feature.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cryptotimes.io%2F2026%2F04%2F29%2Fpolymarket-rejects-breach-claims-amid-300k-record-leak-reports%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/9CjagMKlUaL4chWGQv0i_bTKLp6NZkbjgsM4fVG0ofg=452">
<span>
<strong>Polymarket Rejects Breach Claims Amid 300K Record Leak Reports (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following a reported leak of 300K records from predictions market Polymarket, the company argued that the data was already publicly on-chain. The data includes platform data, along with around 10k user profiles and associated metadata. The attacker claimed to have stolen the data by exploiting vulnerabilities in Polymarket's API infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fexpel.com%2Fblog%2Finside-lazarus-how-north-korea-uses-ai-to-industrialize-attacks-on-developers%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/ackdrQhjshlanH71cCxdz0u1nkKOrN_6H2_3x_ZJXsc=452">
<span>
<strong>Inside Lazarus: How North Korea uses AI to industrialize attacks on developers (21 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Expel tracked HexagonalRodent (Expel-TA-0001), a DPRK subgroup assessed with medium-high confidence as a subset of Famous Chollima, that social-engineers Web3 developers via fake recruiter outreach and front-company job listings, then ships backdoored coding assessments that detonate BeaverTail and OtterCookie (NodeJS) plus InvisibleFerret (Python) through VSCode tasks.json runOn:"folderOpen" abuse or runtime execution, exfiltrating 26,584 wallets worth up to $12M from 2,726 developer systems in Q1 2026. The toolkit blends into legitimate developer activity via obfuscator.io and Node/Python interpreters that EDRs poorly inspect, with persistent WebSocket C2 to servers including 195.201.104[.]53 (tied to the fast-draft VSX extension supply-chain compromise) and heavy GenAI assistance from Cursor and ChatGPT for vibe-coded loaders, keylogger panels, and AI-generated front-company sites built on Anima. Defenders should hunt for Node or Python processes holding persistent TCP sessions to suspicious IPs (netstat -an | grep 195.201.104.53), open take-home assessments only in disposable VMs with VSCode workspace trust enforced and auto-tasks disabled, audit any shipped tasks.json, and require hardware security tokens for high-value crypto wallets to neutralize credential exfiltration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.synack.com%2Fexploits-explained%2Fmicroservices-attack-vectors-in-modern-web-applications%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/1yGxdna2yuwpwYoR0VuZXqFizxt3aps1AIGK05HCadQ=452">
<span>
<strong>Microservices Attack Vectors in Modern Web Applications (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Synack Red Team researcher Mustafa Bilgici walks through three real-world bug bounty findings against banking and fintech targets that exploit inter-service trust failures: an SSRF in a PDF download proxy that allowed path traversal across multiple internal extractinternal.*.corp subdomains to retrieve other users' statements (no ownership check on the document identifier), a JWT scope flaw where the e-commerce microservice in a banking super-app accepted any attacker-supplied authorization code value during token exchange because the downstream service trusted the upstream JWT without verifying its origin, and a proxytohost parameter on a GDPR consent endpoint that let external attackers pivot to live internal hosts (172.21.69.9/10/153) and pull internal intranet portal content. The recurring kill chain is implicit trust between services β internal APIs reachable through public proxies, tokens reused across boundaries without scope binding, and authorization codes accepted without subject validation. Defenders should enforce per-request authorization checks on every microservice (not just the gateway), bind tokens to user identity and audience claims with strict aud/sub validation downstream, allow-list internal proxy destinations rather than accepting host parameters from clients, and shift testing focus from the perimeter to east-west service communication paths and token exchange flows.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwebflow.sysdig.com%2Fblog%2Fcve-2026-33626-how-attackers-exploited-lmdeploy-llm-inference-engines-in-12-hours%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/ntGjstGvmfCEQBUSsiGXdsn4r0de5Bd7dwZ7h9lqzGU=452">
<span>
<strong>How Attackers Exploited LMDeploy LLM Inference Engines In 12 Hours (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sysdig observed exploitation attempts in its honeypot environment within 12 and a half hours of the publication of an SSRF vulnerability in the LMDeploy vision and text LLM serving toolkit. No public proof-of-concept exploit existed at the time, but the vulnerability disclosure was detailed enough that an LLM was capable of weaponizing it. Sysdig warns that this is becoming the standard and that defenders will need to assume that any vulnerability that is published with substantial information will be exploited nearly instantly.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsadreck%2FButler%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/HzF2euE0JkCMbPNC--oIopD3zSEpv8uTOiv4yYae9tM=452">
<span>
<strong>Butler (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A beta-stage GitHub Actions oversight tool that scans every repo across an organization for workflows, actions, secrets, variables, and third-party dependencies, persisting the inventory to a local SQLite database. It operates as a three-step pipeline (download β process β report) supporting multi-org ingestion, multiple PAT tokens for rate-limit pooling via GITHUB_TOKEN_* wildcards, and configurable thread counts, then emits HTML and CSV outputs for security reviews and third-party action audits. Sample reports for GitHub, OpenAI, Docker, and AWS Labs are published at sadreck.github.io/Butler, which can be useful for AppSec teams hunting for unpinned third-party actions and secret sprawl across CI/CD estates, though the desktop-only reports and active development status warrant caution before production use.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgenai.owasp.org%2F2026%2F04%2F28%2Ffinbot-ctf-is-live-a-hands-on-companion-to-the-owasp-genai-security-project%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/n8RwKj5BV40E0VlkbJi-rUEnTSnIARBqGP123h4Z_ZM=452">
<span>
<strong>FinBot CTF Is Live: A Hands-On Companion to the OWASP GenAI Security Project (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FinBot is an interactive Agentic Security CTF pitched as the "Juice Shop for Agentic AI," simulating a multi-agent vendor management platform with autonomous onboarding, fraud detection, invoice processing, and communications powered by LLMs with real tool access. Challenges span prompt injection, tool misuse, policy bypass, data exfiltration, privilege escalation, and RCE, with mappings to the OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, CWE, and MITRE ATLAS, and include MCP tool server configuration to demonstrate supply chain attacks via tampered tool descriptions and cross-tenant context bleed. Showcased at RSAC 2026 and AppSec Village, the platform is browser-based and community-built, giving builders and defenders a live environment to exercise the otherwise abstract Agentic Top 10 framework.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjason5ng32%2FMyIP%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/w0Xm9OVhcCDaF7vazvQKqoTTyjMHApd37dOr8lWUcE0=452">
<span>
<strong>MyIP (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Easy to check what your IPs are, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability, whois search, and more.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fq1-2026-internet-disruption-summary%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/49LmL3U62wCrFNA8dhTn9UJh0ErmgcpCySiQstmUNqI=452">
<span>
<strong>Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare Radar's Q1 2026 review documented prolonged government-directed blackouts in Uganda (January 13-26, around the Museveni election) and Iran (two nationwide shutdowns starting January 8 and February 28, the latter still largely in place via whitelisting and "white SIM" filtering rather than route withdrawals), alongside a Republic of Congo election shutdown on March 15. Drone strikes physically damaged AWS data centers in the me-central-1 (UAE) and me-south-1 (Bahrain) regions on March 1-2 and again on March 23, causing elevated origin connection failures and prompting Amazon to advise customers to migrate workloads or back up data, while Russian missile and drone attacks on Ukrainian energy infrastructure cut connectivity in Dnipropetrovsk and Kharkiv by ~50%. Cuba's national grid collapsed three times in March (March 4, 16, and between 21 and 22, with traffic dropping up to 77%), and additional disruptions hit Paraguay, the Dominican Republic, the US Virgin Islands, Portugal (Storm Kristin), the WACS submarine cable serving Congo, Verizon Wireless, Orange GuinΓ©e, and TalkTalk.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cbc.ca%2Fnews%2Fcanada%2Fmanitoba%2Fmanitoba-social-media-age-restrictions-9.7177470%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/Dr4avND1OVjmH0B44MKjgUQQu1P1VX_xCYqzme1Gesk=452">
<span>
<strong>Manitoba to Ban Social Media and AI Chatbots For Youth (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Manitoba has announced a proposed law to ban social media and AI chatbots for children under an unspecified age. The law is inspired by Australia's social media ban but also includes AI chatbots. If the new law takes effect, platforms will need to take steps to remove children's accounts and block their use of the services.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Finformation-technology%2F2026%2F04%2Fwhy-a-recent-supply-chain-attack-singled-out-security-firms-checkmarx-and-bitwarden%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/Afsd4CCntWvRclM11twF-YqypzmY_1CjHwHcoXkPxNg=452">
<span>
<strong>Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over six weeks, Checkmarx was hit first by the Trivy supply-chain compromise, then by repeated GitHub takeovers that pushed malware to its users and Docker images, and finally by a Lapsu$ ransomware leak of private repo data. Bitwarden's CLI npm package was briefly backdoored using the same TeamPCP infrastructure, showing attackers abusing security tools themselves as both target and distribution channel for credential theft.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FRoBDbK/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/9f9zriEKws_3aMbDk98IzqpDNRTdHkRW6KLqsiZ3tIU=452">
<span>
<strong>Microsoft to deprecate legacy TLS in Exchange Online starting July (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft will fully block TLS 1.0 and TLS 1.1 connections for POP3 and IMAP4 clients in Exchange Online starting in July, removing the prior opt-in path and requiring TLS 1.2+ for all legacy applications, embedded devices, and custom email integrations to avoid connection failures.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F29%2F30_clawhub_skills_mine_crypto%2F%3Futm_source=tldrinfosec/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/u-yXLV3vDYiaLjbOa-EUvW349V9iUgtv0POMro30bjE=452">
<span>
<strong>30 ClawHub skills secretly turn AI agents into a crypto swarm (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Thirty ClawHub skills from a single publisher quietly register AI agents with onlyflies.buzz, report installed capabilities, and create Hedera wallets tied to a thirdβparty server without user approval to turn agents into a coordinated cryptoβmining network.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fm8sbw5/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/mMu_mnWoWTNCJR0fDRlMX_Th3DmWDAmqJhN2NDQQcxo=452">
<span>
<strong>LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers abused CVE-2026-42208, a pre-auth SQL injection in LiteLLM's proxy API key check, less than 36 hours after public disclosure, to query credential and config tables holding OpenAI, Anthropic, and AWS Bedrock keys.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/I-HVxcZrroVyWdD3yKfh4jHDqwzzP6sAgufGGIjvVOE=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/B7UUdmZLJAuw6FjKxfzSuHKwDpyVmkyF9qEeZUVAZgI=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/6ITyZFdo_cnRM-GmqV1acFnZnXgLbKbMsr5x_u0xcEA=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/_nea8-v2tx_h1A7-kEavydfsA7vgEmiGDBppJghLR_M=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/_lblWYWhCRy7H2e38RfGkq99eon0yzeDSA0uohP3X0w=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/wzceV6jl8Qmzt4MUOE36P6FmAbuFQOcvwkQFR8cmkXw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/pD8y1l_16d-gzzkPNatjGO60WrZwKM1StQkYFM9dQhM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/wLYBhn2GtbQB727GF1GR45F49m_apupw6aBaW84jQwc=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/2FyK0h9sdfkObxHZ1lKowzlHUSVKBSS1hdSKQdZ05dg=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/gpgZX1s4tiTT7nrSBw4d8jzQEwhn1qW3YTpyWr7ess4=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=11bdaa9c-4449-11f1-9645-8f3b5ee75c08%26pt=campaign%26pv=4%26spa=1777554015%26t=1777554332%26s=b878ce5d30abf7fd13de79418085a7dfdbfae8b71136c1c9475acf6f896a9bd7/1/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/4MipQEzLfFE5pj3SYVrJHGBqbQC_38SzAJRNQlNVZWA=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dde7e9d66-2e6d512e-bd5c-4106-9bf8-8a8917656773-000000/UrX8au-HgANkQqPm29Zjzgo_Bp62tBQfCJvJxBTVioY=452" style="display: none; width: 1px; height: 1px;">
</body></html>