<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-31431 is a logic bug in the Linux kernel's authencesn cryptographic template. AF_ALG sockets with splice() can feed page cache pages β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/EM6hpnfY_UNTOFIn8c3U_dglZEn--CYtxMqWdP5Hpns=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/0LNF7ooYitkYETjhZurUALQQFi1kaGjEUBse6pU0A8g=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6d13671c-451e-11f1-939c-fdcf683714c0%26pt=campaign%26t=1777640784%26s=0ac81277ac0992dbd3d46574e5f6abd3e40dc84147398d408e20b45b2f324af9/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/GDZdfT2cVZt6s0MG0SubBhxIYlEpB82UGEJ6YVC4l9w=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fxint.io%2Fblog%2Fcopy-fail-linux-distributions%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/5lmhwEo0VTu4DNF_-j7nh_HumENztj5kt25D9geQmR0=452">
<span>
<strong>Copy Fail: 732 Bytes to Root on Every Major Linux Distribution (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-31431 is a logic bug in the Linux kernel's authencesn cryptographic template. AF_ALG sockets with splice() can feed page cache pages directly into writable scatterlists, and authencesn writes 4 bytes at dst[assoclen + cryptlen] as scratch space during ESN byte rearrangement, crossing from the output buffer into chained page cache pages of any readable file. A 732-byte Python exploit chains sendmsg() + splice() + recv() to trigger controlled 4-byte writes into /usr/bin/su's page cache, injecting shellcode that executes as root when the setuid binary runs. The same script works across Ubuntu, Amazon Linux, RHEL, and SUSE without modification because the corrupted pages never get marked dirty for writeback. The vulnerability emerged from the intersection of three changes: authencesn's 2011 scratch-write behavior, AF_ALG's 2015 splice() support, and algif_aead's 2017 in-place optimization that chained page cache pages into writable destination scatterlists via sg_chain(). It was fixed by reverting to out-of-place operation and separating req->src from req->dst.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F04%2Fgoogle-fixes-cvss-10-gemini-cli-ci-rce.html%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/66GDE5ao2vTuUq5cWc9tsy6ugDKPekoEXjU87MpfIgU=452">
<span>
<strong>Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google patched a CVSS 10 vulnerability in the Gemini CLI and its GitHub Action that allowed untrusted CI workspaces to load malicious .gemini configs and run arbitrary commands before sandboxing. It now requires explicit workspace trust and tighter tool allowlists in headless and --yolo modes. Cursor separately fixed a .git hookβbased sandbox escape but still has an unpatched issue that lets any extension read local API keys and tokens, so only trusted extensions should be installed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FjcOLxo/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/NeyVsOg_iMjOVNLtd1d8WDsSJmeEC2g1thhh1y-Wt4g=452">
<span>
<strong>cPanel, WHM Emergency Update Fixes Critical Auth Bypass Bug (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Linux-based web hosting control panels, cPanel and WebHost Manager (WHM) are urging users to update to the latest version after a critical (CVSS 9.8) authentication bypass vulnerability was discovered. While no technical details were published, NameCheap temporarily blocked access to ports that are used for these services. Admins can update their systems by running `/scripts/upcp βforce`.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FGdL7BN/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/Jn69iexvYoTbQZZPBZtEl2c-C_fR9UeXnYwohmzDWCQ=452">
<span>
<strong>Reverse-Engineering a North-Korean-Style Supply Chain Attack Delivered via Fake Web3 Job Interview (30 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A developer reverse-engineered a three-stage supply chain attack disguised as a fake 0G Labs Web3 interview. The cloned repo utilized an npm prepare hook to trigger a new Function("require", ...) RCE primitive, fetching stage-two payloads from a Vercel loader. Analysis in an isolated VM revealed the implant beaconed every 5 seconds to a Texas-based IP (216.250.249.176:1224), exfiltrating environment variables, hostnames, and MAC addresses under the campaign ID tid=Y3Jhc2ggdGhlIGJhZCBndXlz. This infrastructure mirrors the DPRK-attributed Contagious Interview playbook. Recommendations include setting ignore-scripts to true, auditing repos for sensitive Node.js functions, using disposable VMs, and verifying recruiters via official company sites.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcside.com%2Fblog%2Fhow-openclaw-agents-bypass-bot-detection%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/fW_6sz7aRFqGJViOoZNEhocLbGy7UpGRtsmU3-TWc1E=452">
<span>
<strong>How OpenClaw Agents Bypass Bot Detection (And How to Stop Them) (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers have weaponized the open-source OpenClaw agent alongside stealth headless-browser frameworks like Scrapling's "StealthyFetcher" mode to scrape protected content, test stolen cards, and create fake accounts at scale. They bypass IP reputation systems and CAPTCHA defenses by auto-solving Cloudflare Turnstile, blocking WebRTC IP leaks, spoofing TLS fingerprints, and adding randomized canvas noise on every request. To counter this, defenders should adopt passive browser fingerprinting that combines over 100 network, device, and behavioral signals to detect automation artifacts, then route trusted users through checkout while blocking malicious actors based on session intent.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.gitguardian.com%2Fthe-bot-fingerprint-detecting-llm-passwords%2F%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/c6e6QCKh4CRmQBmYGRhCqqaFtRkCGpWcI9fF3yF8yKE=452">
<span>
<strong>The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitGuardian researchers analyzed 8,000 passwords from 40 LLM models across 11 providers and identified patterns that let them determine which model generated each password. Claude Opus 4.6 generated only 35% unique passwords, while Llama-3.3-70b-instruct produced the substring Gx#8dL in 96% of its output. They built Markov chains to classify these passwords and scanned 34 million passwords from GitHub commits between November 2025 and March 2026, finding 28,000 LLM-generated passwords - mostly from Anthropic, Qwen, and Google. These weak passwords appeared in 1,800 .env files containing database credentials and API keys. While not yet widespread, the behavior exists: people ask LLMs to generate passwords, and AI agents autonomously hardcode them into Terraform and config files.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_wf_ds_wf-idv_tldr-wf-idv-solution/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/Olv1LvC3JgZqFc4GHXIpjdZatvuMmt4NbmOXbyIbH00=452">
<span>
<strong>Code is not your main vulnerability. People are (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
And <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_wf_ds_wf-idv_tldr-wf-idv-solution/2/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/516_bzimVctgCBG_OBxvxy6I7FhV8oE9Gv5EaQkBu24=452" rel="noopener noreferrer nofollow" target="_blank"><span>Workforce IDV</span></a> from Persona protects your organization at every stage of the employee life cycle from hiring through employment. It consolidates all user context into a single, easy-to-use case view for more efficient reviews. See the 7 essential features for verifying your workforce wherever they are >> <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwithpersona.com%2Fsolutions%2Fworkforce-idv%3Futm_source=tldr%26utm_medium=paid-email%26utm_audience=a%26utm_campaign=acq_wf_ds_wf-idv_tldr-wf-idv-solution/3/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/TzBlz-M3nHpAdaPc3goAxgf1fXmRtiIMPvxwjcdqYZ8=452" rel="noopener noreferrer nofollow" target="_blank"><span>Take a look</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fclaude.com%2Fblog%2Fclaude-security-public-beta%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/S3BZXxoWYXqFO00uVx_-pP7hBXhmmGmnCR0D7S_F-mE=452">
<span>
<strong>Claude Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude Security is a code scanning tool for Claude Enterprise customers that finds and explains software vulnerabilities across repositories, proposes concrete patches, supports scheduled and targeted scans, and integrates with tools like Slack, Jira, and major security platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fpandaadir05%2Fsnoop%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/YIpQ9YffG9Pv7-HFHuiNL9mzD2pc_Ee7IZWpgkZBPMI=452">
<span>
<strong>snoop (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
snoop is a syscall tracer for Linux, built on eBPF, that provides a live TUI, smart filters, and readable argument decoding.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FF2u0a0d3%2Fgoodboy-framework%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/UmAdCeBZ0Bgyitl1e7jt1naKJT5zA7zNUu6e3qrnByA=452">
<span>
<strong>GoodBoy Framework (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GoodBoy Framework is a 15-stage progressive Windows malware development and analysis course written in Rust. Every technique is taught from both a red and blue team perspective.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FS15nGc/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/0Bc5HcWocdaEEstJUFwSMsdzAPymPntEH7K8oLlKLVg=452">
<span>
<strong>Feuding Ransomware Groups Leak Each Other's Data (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
0APT tried to build credibility by faking a victim list, then pivoted to attacking rival crews Everest, RansomHouse, and especially KryBit, leaking admin panels, affiliate data, and negotiations. KryBit hit back, breaching 0APT, dumping its full operational stack, and proving earlier βvictimsβ were bogus. The Halcyon report shares IoCs and urges monitoring data staging, exfiltration, backup integrity, and treating KryBit and Everest as active threats.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FBzi8VS/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/fqzXDAtydNTOoBEaUlk7cpX6huy-4NmBD2LDzHjS49Q=452">
<span>
<strong>Are Detection-as-Code Pipelines Overrated? (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Detection-as-Code pipelines often require complex infrastructure to maintain. The author muses on whether agents can be used to automate much of this process, from linting and formatting to committing and opening a PR, and possibly even deploying the rule. This shift would represent a tradeoff between strict determinism and reliability and more flexibility and ease of maintenance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7Pmzd7/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/tvimhVw4q78faUYMQZFghmslApJ8y0Bk7WIVXtTAT48=452">
<span>
<strong>Midnight Thinking On Browser Extension Security (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In 2024, when Red Canary analyzed the compromise of the popular Cyberhaven browser extension, it flagged the newly created file as likely to have been written by a different author than other files, based on its entropy. However, the author wonders whether, in an era when both legitimate authors and malicious attackers may be using the same coding agents to generate code, these same techniques will still be relevant.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F30%2Fdental-practice-software-maker-fixes-bug-that-exposed-patients-medical-records%2F%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/WzywufaMk12ddcIXAU4i8lAKU0iny5joSUBmipkGppU=452">
<span>
<strong>Dental practice software maker fixes bug that exposed patients' medical records (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Practice by Numbers' dental patient portal lets any logged-in user view others' medical documents by changing a sequential document ID in the URL, exposing personal details and IDs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F30%2Falmost_half_of_uk_firms%2F%3Futm_source=tldrinfosec/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/vNW-XKx___d1pR3RSJ55M1Vf9LPugAYMuZGwYsUD0SI=452">
<span>
<strong>Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phishing drives around 85 percent of reported breaches, often via fake login pages, links, and attachments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0E04Qo/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/ZezhIqHZ0_vLcBwcovITbch_paAd7UD30Dk3xp_9l74=452">
<span>
<strong>Sandhills Medical Says Ransomware Breach Affects 170,000 (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nearly 170,000 patients had data exposed, including SSNs, IDs, financial details, and health information.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/cpgyJJzasaJn2kD8BOOo1h1kEBhRwPD8yBBhM064mio=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/NAKlVQQ7XcdiLsKW_YCQw9kNdRrLr62xqwAw9sPbeSc=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/z6SnmcXWbG0zgw_4fzCIauNTCvtteezi-gpUqrgzsAk=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/cwKhXfpv3s72n4dpvK-KGdnpsxLLvJcm6B9svbsm2qk=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/Bj_k69K_TvbqdV9mY05cbkxv_aOPKy_UIU28RV3iL7s=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/n5A3PTIi29sSMNX_yzRcVh2NhUvKXCFIrFdROjx9-zs=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/OMGyQt95ehTKFfcFqm6ZbFkQbqV3h4_i_dMNVTv5xyg=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/_eaOVOitZ8xCRYz2DTKceZ2Aq8OGa7xgJxscoxKAs-k=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/jG2CAPEbYABF9dTtyGk3xutzwIJOjcARgMVaPwuFNVA=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/E79GIlm2X9xKg30J__QRKQMvRk1Lpd4lILKLUSFfu80=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6d13671c-451e-11f1-939c-fdcf683714c0%26pt=campaign%26pv=4%26spa=1777640466%26t=1777640784%26s=cf14fadf8f7ef6c760cdb8eec337301f697bf29e93ca64bd79f7d337f5e1f8f7/1/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/_MdyAsyCgibKYw9pYkyo5R9nR1IZFYLAtvWAEBkBGzg=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019de3a5c2bd-81366eea-bec3-4bef-a11c-72a533358b67-000000/q1ynef-uPnVrBMhhodFFYi-fW3Z_Pv84SNjxQQ04_yQ=452" style="display: none; width: 1px; height: 1px;">
</body></html>