<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">TeamPCP compromised four SAP npm packages, receiving 572,000 weekly downloads, plus Intercom's SDK and Lightning deep learning framework β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/X9W1d14S7sydbOBtFDXArwQRwshDhVfkzw6x-XzIeRA=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/RPpOUntBmPQ5LaBLl4tCfaQYHH1q2gVlTg3xXNXF1oQ=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a5f6a904-476c-11f1-b4d4-97bcd90c99b6%26pt=campaign%26t=1777900093%26s=af12c672faacc2e1be6bbbc4778411f2a484e2f5b2513377fb23d2319a32a0c3/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/eYfIgESO93yquPPOrIs54_yhC_agmIlhIZ1z8iKVLAw=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/6UsfX_XkhNy_L9c5R-s8vnZB8hhTngi8NamfnKaG7DQ=452"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-04</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/2/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/aBqwW0PSlRoiDP_Nx2FoJJ4g4GfKkbBMz6P6Y23H1FQ=452">
<span>
<strong>Webinar: Access management for AI agents (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agents and automation are reshaping access management. They use API tokens and service accounts across IDEs, scripts, and CI pipelines. These credentials are created on developer machines and used by machine workflows.<p></p><p>As AI adoption increases, security teams face growing secret sprawl outside the visibility of traditional controls.</p><p>In this webinar, we'll explore how organizations can adopt AI and automation without expanding credential risk.<br><br>Key Takeaways: </p><ul><li>Why AI agents and machine identities expand access risk</li><li>Where non-human credential blind spots emerge</li><li>How to secure credentials at time of use</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/3/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/7q2TwcqtKcF0zUMIuk81MJOG050SLXBDvhhwyut3jlw=452" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F01%2Fubuntu-services-hit-by-outages-after-ddos-attack%2F%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/GGEVJ6UIhJMQqIoTB8E6kw5e0Gml4GRXc0jjxMEvXm8=452">
<span>
<strong>Ubuntu services hit by outages after DDoS attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Iraq's 313 Team executed a DDoS attack on Ubuntu and Canonical infrastructure. Outages lasted over 20 hours, blocking access to security APIs and update servers, preventing servers from installing or updating packages. Attackers used Beamed, a DDoS-for-hire service that generated 3.5 Tbps of traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Ftrellix-confirms-source-code-breach.html%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/PKttL-_gK4xmrK3zOl5-ya601w_AtbT67ONsTfyZSiM=452">
<span>
<strong>Trellix Confirms Source Code Breach With Unauthorized Repository Access (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybersecurity company Trellix disclosed unauthorized access to a portion of its source code repository. The company found no evidence that the code was exploited or that its release process was compromised. Trellix notified law enforcement and is working with forensic experts to investigate.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecuritylabs.datadoghq.com%2Farticles%2Fdependency-cooldowns%2F%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/zCGiBIo3UayuCJHLqQnBbxuY4J3cIHoHWWuCo7jCYzQ=452">
<span>
<strong>The case for dependency cooldowns in a post-axios world (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Recent npm supply chain compromises, including Axios (57M+ weekly downloads, 84,000 dependents), s1ngularity, and both Shai-Hulud waves, have weaponized semantic versioning ranges (^ and ~) into silent attacker delivery channels, with malicious versions propagating worldwide within minutes of publication. Dependency cooldowns enforce a delay before newly released versions become installable, and a 12-hour minimum would have blocked the Axios and s1ngularity attacks entirely since both were detected within 3 to 4 hours, though one week is the recommended window. Defenders should configure min-release-age in npm 11.10.0+, minimumReleaseAge in pnpm, npmMinimalAgeGate in Yarn, or Dependabot cooldown settings (which extend to GitHub Actions and Python), while pairing cooldowns with package scanners like GuardDog and install-time blockers like Supply-Chain Firewall since patient attackers will adapt by delaying payload execution past the window.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fctrlaltintel.com%2Fresearch%2FQilin%2F%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/5S3ycIAf532Q7E-tjI2dXA6AuK4Jc2bkku6kAeXR7uY=452">
<span>
<strong>Watch Guard! Qilin affiliate exploits network appliances for initial access (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ctrl-Alt-Intel tracked a Qilin RaaS affiliate across 5 exposed open-directories from August 2025 to March 2026, observing 1,929 exploit invocations against 918 unique WatchGuard Firebox IPs (71.5% Germany, 28.1% US) using watchTowr's CVE-2025-9242 POC, alongside POCs for CVE-2025-14733, CVE-2025-40554 (SolarWinds), CVE-2025-59718 (FortiOS), CVE-2025-60021 (Apache bRPC), CVE-2026-24061, and CVE-2026-24423. The kill chain ran IKE exploitation on port 500 to force callbacks on port 2007, dropped a renamed Chisel binary (fos) for reverse SOCKS pivoting, and deployed Sliver C2 from servers at 31.57.147.229, 31.57.38.155, 23.27.140.108, and 23.27.143.170, with victim-named Qilin binaries (kruss, qusar, tron, sssd) capable of encrypting Linux, ESXi, and Nutanix AHV hosts via ChaCha20. Defenders should hunt for Sliver/Chisel processes on edge appliances, monitor /etc/wg config.xml access on WatchGuard, block the listed C2 IPs, patch the seven CVEs immediately, and treat firewalls/VPNs as high-priority telemetry gaps since these appliances rarely run AV/EDR stacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fw1JBkp/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/glDiQ7obKceATVLGy1yQxrmclwjwUnmKHsnqc9xyXpQ=452">
<span>
<strong>Seven Queries to Audit the Sentinel Detections Your SOC May Have Missed (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rohitashokgowd published seven KQL queries that surface the failure modes Sentinel's built-in health checks miss: silent zombie rules running successfully against empty tables (using the underused QueryResultAmount column in _SentinelHealth), shadow detectors generating alerts that never become incidents, "everything is benign" rules where analyst Classification data shows over 90% non-actionable closures, broken feeds where rules query tables that stopped ingesting, forgotten-disabled rules flagged via SentinelAudit, untracked detections missing MITRE tactics or entity mappings, and coverage drift where a MITRE technique's alert volume drops 60%+ between rolling 30-day windows. Three of the checks depend on a rule inventory pattern in which a scheduled Logic App pulls ARM analytics rule definitions into a custom Log Analytics table (SentinelAnalyticalRules_CL), so query text and metadata can be joined in KQL. Detection engineers should run these quarterly to catch the dangerous middle ground where rules are green, and data flows, but the detection pattern has stopped matching, then retire, retune, or redirect rules accordingly, rather than letting disabled rules and silent feeds masquerade as coverage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fresources%2Fstate-of-devsecops-2026%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-devsecops-26-infosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/VYuCEDsUVlvqzIl83z2Nx1ROykGtyt57V9q_gwdb3xk=452">
<span>
<strong>87% of orgs have exploitable vulnerabilities in prod. Here's how DevSecOps changes that (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog's 2026 <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fresources%2Fstate-of-devsecops-2026%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-devsecops-26-infosec/2/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/x-lDaGYK2L-VkmcrChNNg9mNBDLuq4VO2g9GlXpNoxc=452" rel="noopener noreferrer nofollow" target="_blank"><span>State of DevSecOps Report</span></a> puts it bluntly: 80% of alerts are noise and almost 9 out of 10 orgs are shipping vulnerable code. The report also covers the workflows and metrics high-performing security orgs rely upon to reduce exposure without slowing their teams. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.datadoghq.com%2Fresources%2Fstate-of-devsecops-2026%2F%3Futm_source=tldrnewsletter%26utm_medium=newsletter%26utm_campaign=dg-security-ww-devsecops-26-infosec/3/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/e2TS8Jw7MzmCrVSl4jl1XcKphtcpHyRauIwlWi_Qiac=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get your free copy</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fweirdmachine64%2FSharkMCP%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/5FZIzBalzlsLVDUVMnBaXVZ3-i5qpVGDiKdUFd4Vg58=452">
<span>
<strong>SharkMCP (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SharkMCP is an MCP server that exposes Wireshark's programmatic interface (sharkd) as a set of tools to LLMs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsynacktiv%2Fpike-agent%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/WywCn_rSHFdpSgaO0BIIaiQoHEaAeN-NbHedHnN5650=452">
<span>
<strong>Pike Agent (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pike Agent records and analyzes how programs behave on Linux. It traces a program's activity, indexes it into a database, and lets you chat with an LLM agent about it in a TUI.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fengseclabs.com%2Fblog%2Fcloudtrail-for-ai-agents%2F%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/uDTBFZbFFVZF5Ci0fcCCZk6lMcQ4L9Bbrv16rLnmDuI=452">
<span>
<strong>TrailTool: CloudTrail for AI Agents (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TrailTool is an open-source AWS tool that pre-processes CloudTrail logs via Lambda and caches them in DynamoDB grouped by entities (People, Sessions, Roles, Services, and Resources) so AI agents can answer access-pattern questions without burning context on raw log queries. The CLI surfaces four agent-driven workflows: detecting ClickOps resource modifications, generating least-privilege IAM policies from session activity using iamlive mappings, auto-drafting permission fixes for AccessDenied errors, and validating break-glass justifications by comparing stated intent against actual session activity. Defenders deploy the Ingestor Lambda via SAM and query with standard AWS credentials. A hosted version is available at trailtool.io for teams that want to skip the deployment step.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FCWaz11/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/FAdFfDKAMQsJf6bBDfrQYBOFcOTLUoC5eWLM1nvsHIc=452">
<span>
<strong>76% of All Crypto Stolen in 2026 Is Now in North Korea (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korean hackers stole 76% of all cryptocurrency losses in 2026 through two major breaches: $285 million from Drift Protocol and $292 million from KelpDAO. The DPRK uses AI to enhance social engineering and reconnaissance, enabling high-yield attacks at low frequency.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.expressvpn.com%2Fblog%2Fcelebrities-stalkerware-data-exposed%2F%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/E-j7ReBZSP0QehILmo2A3K-p9fd2cOJ83szKZvdDDXw=452">
<span>
<strong>Celebrities' and Influencers' Private Communications Exposed in Stalkerware Data Breach (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researcher Jeremiah Fowler discovered an unprotected, unencrypted database containing nearly 87k screenshots of a user's device, taken by stalkerware. The database does not seem to be affiliated with the stalkerware company named in it, but rather a private individual's activities. Fowler notified the victim and law enforcement of the database.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.aisi.gov.uk%2Fblog%2Four-evaluation-of-openais-gpt-5-5-cyber-capabilities%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/JFaS1dRkOQnllRElVffmVlahzP2rUYLjGmlBfxcArlg=452">
<span>
<strong>Our Evaluation of OpenAI's GPT-5.5 Cyber Capabilities (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The UK's AI Security Institute (AISI) followed up on their evaluation of Claude Mythos with an evaluation of OpenAI's GPT-5.5 in their cyber range. The model was able to trivially complete all the CTF-style challenges and, in 2 out of 10 attempts (compared to Mythos' 3 out of 10), complete the βThe Last Onesβ end-to-end challenge, which is meant to mimic an enterprise network. No model has yet been able to solve AISI's second cyber range, which mimics an Industrial Control System (ICS) network.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Feviltokens-ai-bypass-mfa%3Futm_source=tldr%26utm_medium=email%26utm_campaign=cy26-q2-0505-web-brand-na-broad-all-x-phish-self_fails-pitstop-eviltokens%26utm_content=oops%26hnt=cqpzblzmppxv/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/zKW3OYDCDUQful5zaayjj-OtIZrM2N4tNMAuYi579AM=452">
<span>
<strong>EvilTokens: Big Cybercrime's AI Platform Built to Bypass Your MFA (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
340+ organizations were compromised without a single line of malware. Learn how AI-powered attacks bypass MFA undetected and what you can do about it. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fd2swt604.na1.hs-sales-engage.com%2FCtc%2FGH%2B23284%2Fd2SwT604%2FJkM5m-BpW6N1X8z6lZ3mBW40XNCd3_F-rpW1CybJz2R-1L1W5c_4xT159_TKW2ZZHs05xgLV3VRVTZC5WQTGnW1VDHMn7W5hVFW5khp8D3HfjcFVHm6zS5lgkwzW1SpVw37nL7BhW2hyFNh84wMwJW4BjCDJ1GpX8dMd4Xf9MF075W9gTJLt1c4Sc8W1j6VJX1dcc4DW2XbWhB5884xpW7Xysd68zsCgTW4Pf6N15qPCRdW7c2FKH11j_-XW1plshc64_97MW58sBdP7gQMHCW8FS2ZX90--MZW2_VqFL6ZGTSYW3H1rJ811fzmXW425cVR9gzmzhMx2k8K4QNCFW3c_8c53KkVZRW69fQTG86SyZwW23-FvZ6rxr-XW7ctZVT39PS_VW6JtJcH43-9MxW46F76p2Pr67SN8nd8JCn5lb-W5nsc9p9krpT4W1bZQrs931gwFW6kSJGj5cVPHXW6zFrZM4_4JDFN30W26QW9ZcWW1tc9jl7V-_3Vf9dpyY804/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/aB1oatrbUsm7r-8rjsLHJ2oVuoORbvFbPPNM_R8f29s=452" rel="noopener noreferrer nofollow" target="_blank"><span>Register Now β</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FduMnwM/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/UskBZJMem3RbHEQOnC-Gwe087hiDQ4wISWGw-fnInic=452">
<span>
<strong>Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google raised maximum Android VRP payouts to $1.5 million for zero-click Pixel Titan M exploits with persistence.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.justice.gov%2Fopa%2Fpr%2Ftwo-americans-who-attacked-multiple-us-victims-using-alphv-blackcat-ransomware-sentenced%3Futm_source=tldrinfosec/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/AedJyd0LBTit8OuVHLgZzMl_s15bmER8MvL0oz9Vcy4=452">
<span>
<strong>Two Americans Who Attacked Multiple U.S. Victims Using ALPHV BlackCat Ransomware Sentenced to Prison (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ryan Goldberg and Kevin Martin, two cybersecurity professionals from the US, were each sentenced to four years in prison for deploying ALPHV BlackCat ransomware as affiliates against multiple American victims in 2023, extorting $1.2 million from one victim and leaking patient data from a doctor's office.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FK1X83g/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/haY05xWwONGKSqf2jaV3tc3eE3eZzDsuA9eGzZRZtrA=452">
<span>
<strong>New Bluekit Phishing Kit Features AI Assistant (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bluekit is a phishing kit advertising 40+ templates targeting Apple ID, iCloud, GitHub, Gmail, Ledger, and ProtonMail.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/ZQxgklxYZaIpWuphTP-fxhzTx5enF8g5OKddRpA3P5c=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/kHoH3p3YNsO8OvHo_2V3se7TnIDJkUnm0hngW8DpalM=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/DMuceYHKq5qnZ0tFeVR2Yyim3Dz0YahRifppu7Jkmr4=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/SvOkwZm-rFld2RrAHMKk25KImq0URlPdPxdAm0uOFV0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/o3PUay90w7dQgCCBRTHDnlgAll2yE08YQxQ62VJcWoE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/KgVNPrr9WXIAZqmDL-2RRV1i6oG7JHXKsbkb7aiSAwY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/2uug15YRN8AElovwUtX-yA7gE1re4D6uhiqvJdcZv4Y=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/Iw8KyRGwPH6TlMI3M7vy4UBYy7SNOfuHFis0lyxZ8V8=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/Qd8Oly08WT6LgyQisyxJ8bUOKlIY7-zeJu6PIdCRtyc=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/Mbwp5f_UjupCgS_5ocn6w0bTZJJZoIh62HLVc5YU43Q=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a5f6a904-476c-11f1-b4d4-97bcd90c99b6%26pt=campaign%26pv=4%26spa=1777899758%26t=1777900093%26s=0aee6891aab97fe480d6f3365a9e7217be3bdd9181bea9d43c3a67a1d03873cf/1/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/uwDZ1_GySaHkSxiGDKYjlH32AT-dcBNgBZLiKPY4UMw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019df31a7ef9-aaecdb78-1f6d-4014-bf68-33b1191ad80b-000000/bdquBjrfM_kMKlV0tGj9jDbMLfAoM41MqPq0beDzfcA=452" style="display: none; width: 1px; height: 1px;">
</body></html>