<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-4670 is a critical authentication bypass in MOVEit Automation affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8 β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/Ej_s3a08FvHnnau8xGyFoJEgTJxTUB79xu9t4j5z-KU=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/bPuFpqgoVrliU_zES2NKI82ymlb7YzVtKTsItOkv0NM=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3da066c4-487f-11f1-b921-0768bb586825%26pt=campaign%26t=1777986395%26s=597c975eb530619758079b0012222bca7e39250879d398c5e21cf4d3b64024f4/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/qSMaZ9MsxBJ0KgaQzdhdvZaVvv-LX7bBpyPDzdCYLps=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260505/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/ZjYOpTPL6bfhQAGYMeCQI3ovsYgTT9u7Dzaapj6ss6k=452"><img src="https://images.tldr.tech/cato2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Cato Networks"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-05</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260505/2/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/1eus2Ni2-8EWYtyvYzNVcQupnqYvPw5_FxxyG3yAIg8=452">
<span>
<strong>What does Zero Trust look like in the age of agents? Find out at SASEfy 2026 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
How can enterprises navigate AI risk without killing innovation?<p></p><p>What are the biggest AI blind spots?</p><p>Get answers to your most pressing AI security questions at <strong>SASEfy by Cato Networks</strong>. This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260505/3/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/JlQMu1BCpTjf4mfdCm4vuDaqfK8oH0-53M5ad5Npbw0=452" rel="noopener noreferrer nofollow" target="_blank"><span>free virtual summit</span></a> featuring speakers from Cato, Microsoft, Forrester, and Dayforce will help you:</p>
<ul>
<li>Identify where AI risk exists </li>
</ul>
<ul>
<li>Secure and govern AI without added complexity </li>
</ul>
<ul>
<li><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260505/4/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/HEVaMGKmyR0TU9sQ9gbcfzViZ_X11Fw6YIqpqhAIlVk=452" rel="noopener noreferrer nofollow" target="_blank"><span>Adapt Zero Trust</span></a> for agentic AI </li>
</ul>
<p>Can't attend? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260505/5/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/RZq-scTgcycj27yaquxfEDDvgkd4jsCirNgcwE58iM4=452" rel="noopener noreferrer nofollow" target="_blank"><span>Register anyway to access the recording</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fg2b0ex/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/fa1ceVwQ8Y1iKm-YFU69dQolQyqj_Bq1jvDczd3XmrI=452">
<span>
<strong>Progress warns of critical MOVEit Automation auth bypass flaw (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-4670 is a critical authentication bypass in MOVEit Automation affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8. This vulnerability is exploitable remotely without privileges or user interaction, alongside a high-severity privilege escalation flaw, CVE-2026-5174. PwnDefend's Daniel Card identified over 1,400 internet-exposed MOVEit Automation instances via Shodan, including more than a dozen linked to US state and local government agencies. Given Clop's history of mass-exploiting MFT platforms such as Accellion FTA, SolarWinds Serv-U, GoAnywhere, Cleo, and the 2023 MOVEit Transfer campaign that affected more than 2,100 organizations, defenders should immediately apply the full installer upgrade and audit exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FumPhMq/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/IzorSiQh0z8t9THh1N_Zsir0jxv_Q1Vgvps36V4OS5E=452">
<span>
<strong>Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Instructure, maker of the Canvas learning platform, was hit by a cyberattack that disrupted APIβbased tools and led to a breach exposing names, email addresses, student IDs, and user messages. ShinyHunters claims 3.65 TB of data on 275 million individuals and access to Instructure's Salesforce instance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191638%2Fapt%2Fsalt-typhoon-breach-ibm-subsidiary-in-italy-a-warning-for-europes-digital-defenses.html%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/8Wcgesz6DcCnmc7MlTxsivdLMeluZP7tGM5M5lSt4y4=452">
<span>
<strong>Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe's digital defenses (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Italian outlet La Repubblica attributed an April 2026 breach of Sistemi Informativi, the IBM Italy subsidiary that runs IT infrastructure for Italian public agencies and critical industries, to China-linked APT Salt Typhoon, citing intelligence sources, though IBM's confirmation stopped at "identified and contained" with no scope disclosed. Salt Typhoon's tradecraft favors Citrix and Cisco zero-days and supply-chain footholds over phishing, with 2025β2026 victims including Viasat, Canadian telecoms, the US Army National Guard, and Dutch government networks. A managed-services provider compromise of this depth is a one-to-many pivot into Italian government databases, so defenders at MSP-dependent organizations should hunt for prolonged low-volume exfiltration on telecom and edge appliances and review third-party access scopes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2026%2F05%2F04%2Fcross-session-activation%2F%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/6gt0Bz37Re-bcW2WflmqkJbu_hi2jjdLGkWwhY6Jq5g=452">
<span>
<strong>Cross-Session Activation (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Purple Team detailed Cross-Session Activation (MITRE T1021.003), a DCOM lateral movement technique where elevated attackers hijack CLSIDs configured with RunAs=Interactive User to execute code inside another logged-in user's session via CoCreateInstanceEx and SetSessionId, with PoCs from Michael Zhmailo (IHxExec, sppui), Andrew Oliveau (SessionHop), and tooling like PermissionHunter, ComDiver, and ComHijackWrite. High-priority hijackable AppIDs include Speech Runtime, sppui, Auth UI CredUI, ShellServiceHost, and ActivatableApplicationRegistrar, all reachable once Remote Registry is started and a DLL is dropped via admin share. Defenders should hunt anomalous HelpPane.exe and slui.exe child processes (Event ID 4688), enable Audit Registry on the listed CLSIDs to capture Event ID 4663, and verify EDR hooks on WTSEnumerateSessions/WinStation* APIs used during session discovery.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fguard.io%2Flabs%2Faccountdumpling---hunting-down-the-google-sent-phishing-wave-compromising-30-000-facebook-accounts%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/do6JHxsu5bzqX8EjJa8F7P2BNpIIdo6Jn_71vi9CbCk=452">
<span>
<strong>"AccountDumpling" β The Google-Sent Phishing Wave Hijacking 30k Facebook Accounts (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Vietnamese-linked group abuses Google AppSheet to send fully authenticated phishing emails that target Facebook business and high-value accounts, leading to at least 30,000 compromises. The campaign uses four main lures: Netlify-hosted fake Facebook help centers, Vercel-hosted βsecurityβ and blue badge flows, Google Drive PDFs that hide live phishing panels, and recruiter-style job approaches that move victims into one-to-one conversations. Stolen credentials, IDs, and 2FA codes flow into Telegram bots where operators take over accounts, resell access, and run recovery-for-hire schemes tied to identifiable Vietnamese personas and infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpulse.latio.tech%2Fp%2Fbuilding-an-ai-ready-vulnerability%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/G8ALaX0Zw-I27C3plfIEaJnkDG4S-g4V2rUCSrdqvN0=452">
<span>
<strong>Building an AI Ready Vulnerability Management Platform After NVD Changes and Claude Mythos (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The NVD recently announced that, due to the increase of vulnerabilities from AI tools like Claude Mythos, they would only be enriching CVEs for vulnerabilities in the KEV, software used in government systems, or software that is deemed critical. Many security tools and teams build their programs around CVEs and prioritization around CVSS scores, which will now be missing from many vulnerabilities. Security teams should prepare by proactively making architectural changes and adding guardrails to harden systems, and consider adding runtime security tooling.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fridgelinecyberdefence%2Fvanguard%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/yOwKevv-rRPJKb_HwnBIj3gEGDM5OWv_7SZOMq3JsTM=452">
<span>
<strong>VanGuard (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VanGuard is a single-binary Go-based DFIR toolkit that consolidates triage, threat hunting, memory forensics, disk collection, and Velociraptor lifecycle management for Windows and Linux, with full air-gap support and zero installation required. The toolkit ships 28 pre-built MITRE ATT&CK-mapped use cases, integrates Hayabusa, Chainsaw, Loki, YARA, KAPE, EZ Tools, UAC, WinPMEM, AVML, and Volatility3, and supports remote operations over WinRM, SSH, and PSExec with bounded concurrency. Evidence integrity is built in via dual MD5+SHA256 hashing at collection time, an append-only chain-of-custody record, and HMAC-SHA256 tamper-evident audit logging, with credentials never written to disk or logs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fasamassekou10%2Fship-safe%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/90wdSCaimGNQyxTKvB9Uju2wqn07Wnk2Owodb-TnlyY=452">
<span>
<strong>ship-safe (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ship-safe is an MIT-licensed Node CLI that bundles 23 parallel agents for secrets, OWASP Web/Mobile/LLM/API Top 10, supply-chain typosquatting, CI/CD pipeline poisoning, MCP tool injection, and prompt injection in .cursorrules and CLAUDE.md, with a REPL that previews diffs before writing and routes dependency audits to npm audit, pip-audit, or bundle-audit. The agentic fix loop sends findings to Claude for REAL/FALSE_POSITIVE classification, rewrites hardcoded secrets to process.env, and opens provider revocation dashboards for OpenAI, Anthropic, GitHub, Stripe, AWS, GCP, and Supabase.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkadir%2Fcopy-fail-CVE-2026-31431-IOC%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/J3NmSTe1fNmpQ3-p8AhYZDm-v7d4RwwjTTTbsTG8TzQ=452">
<span>
<strong>copyfail-detect (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
copyfail-detect is a detection toolkit for CVE-2026-31431 (βCopy Failβ).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.heise.de%2Fen%2Fnews%2FClaude-Code-Leak-8100-Takedown-Requests-and-the-Birth-of-Claw-Code-11279674.html%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/29kHj7RGrrdB8eAl-BJ4_JAFkJi4Td_YAdhAG9rlUsA=452">
<span>
<strong>Claude Code Leak: 8100 Takedown Requests and the Birth of Claw-Code (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An accidentally published source map file at Anthropic exposed over half a million lines of Claude Code's source code, with security researcher Chaofan Shou first spotting the public directory and tracing the compiled code back to its originals before mirrors spread across GitHub. Anthropic responded with more than 8,100 DMCA takedown requests (later narrowed to roughly 100 specific copies), but Korean developer Sigrid Jin used OpenAI's Codex to produce Claw-Code, a Python rewrite of the agentic framework that became the fastest-growing repo in GitHub history and is reportedly being adopted by xAI. The incident raises a thorny authorship question β Claude Code was reportedly ~90% AI-written, and US courts have held that fully autonomous AI creations don't qualify for copyright protection β leaving Anthropic in the awkward position of enforcing rights on largely machine-generated code while also exposing how brittle the DMCA process is when platforms must remove content without judicial review.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.includesecurity.com%2F2026%2F04%2Fctfs-in-the-ai-era%2F%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/A_foAOQin4-CTe8Mjimv-RAAcxST43TpS_-fM7SHHkE=452">
<span>
<strong>CTFs in the AI Era (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Laurence Tennant of Include Security recounts BSidesSF 2026, where 16 teams fully solved every CTF challenge (versus one team in 2025) because Claude Code, Codex, and similar agents now crack easy-to-medium challenges including binary exploitation within minutes, shifting the competition from solving skill to infrastructure spend. Top teams ran auto-scraping pipelines that spawn parallel agents the moment a challenge drops and auto-submit flags, with the winning team open-sourcing a coordinator-LLM architecture that runs GPT-5.4-mini, Claude Opus 4.6 max-effort, and others in parallel and shares discoveries between stuck agents. Automated CTF success doesn't translate cleanly to pentesting because real engagements lack the unambiguous flag, bounded codebase, and consequence-free environment that make CTFs an ideal LLM testbed, with false positive triage, scope discipline, and business context still requiring human judgment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.analyticsinsight.net%2Fnews%2Fmicrosoft-defender-glitch-breaks-secure-systems-by-flagging-digicert-certificates%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/vmlFi4VbR9BRoKK66TnCpkCrnNBUgA5pm7ma4ECU0C4=452">
<span>
<strong>Microsoft Defender Glitch Breaks Secure Systems by Flagging DigiCert Certificates (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A faulty Microsoft Defender intelligence update on May 3 wrongly tagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading endpoints to quarantine or remove them and breaking certificate-based trust. Users saw TLS sites fail, apps break, and updates stop, while admins initially suspected an active attack. Microsoft pushed corrected definitions and urged rapid Defender updates plus checks for stripped certificates.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Fgtfo%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=ws-contact-sales-gtfo-data-campaign%26utm_content=tldr-infosec-quicklink-05-05-26/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/Jd7GpZJehImAWgSMP0YCq_XhaKROHa7W72ZGzXVS-2U=452">
<span>
<strong>GTFO (Get The Fraud Out) with Sift (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fraud doesn't wait and neither should your defenses. Sift catches risk in under 150ms, with real-time signals across every customer touchpoint. No added friction. No missed threats. <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsift.com%2Fgtfo%2F%3Futm_source=tldr%26utm_medium=referral%26utm_campaign=ws-contact-sales-gtfo-data-campaign%26utm_content=tldr-infosec-quicklink-05-05-26/2/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/6Tx4Tv3AsNhrmNljK1bp667vN0KKFw2TI9skCHhkNgg=452" rel="noopener noreferrer nofollow" target="_blank"><span>See it in action.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F8GrEm8/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/WC3BJ-0Y_osKkod55oq4zSvLdc8mDmryYcO2L5K-1Uw=452">
<span>
<strong>Microsoft confirms April Windows updates cause backup failures (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft confirmed that April 2026 security updates added the psmounterex.sys kernel driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896 (a high-severity buffer overflow enabling privilege escalation or arbitrary code execution), causing VSS snapshot timeouts and image-mount failures in Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 10, 11, and Server.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F05%2F04%2Ffive_eyes_agentic_ai_recommendations%2F%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/ky7TAmPG4qhoDSu8SmAUrr-lcYwFzGTLLVqKciW2594=452">
<span>
<strong>Five Eyes spook shops warn rapid rollouts of agentic AI are too risky (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Five Eyes have published joint guidance on agentic AI.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F04%2Fhackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites%2F%3Futm_source=tldrinfosec/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/JvrsJVVBRTNznmWX1uc7d7zkRLm217aGc4uTHKHb14w=452">
<span>
<strong>Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are exploiting CVE-2026-41940 in cPanel and WHM to hijack servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/CdQtLR3mPiZOY_9bgum70xWH1YS-uDeMGqQh4ohPxhY=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/hCPNDfDGqI3ZhrlpE4M7jltF6OLbeiaxLxVt-gAJiZs=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/AKyOzHb9A9yCsHwIKpAYri8iWAfqMlgMoCv4NeTUvQA=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/kC9L61Zd4zrxl55LJUZwxQEeZwiubma5eWxRVF3AXKs=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/eJ0BfdSx5I0sPKifBEscDijVj-95gF7ZoCvlcNlDKbU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/iMlxRiyC3DxrsE7QULnrBgrbM41ib3vGXev9nVx75JA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/CqI2wfeRed8TKOsepl3Y6c_GGdMBoeTRtapWuV0-mTg=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/xafT29YadYOB_FLY6h6yplsvQFLlH-tUyOx_61hcwwg=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/ygNVStGxNNBgokuayGElmPKg5iAzzUz8x_wTESJpUlY=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/ENaRyWuL1c9Bq9iYIyEdEtUXenj1TWb6ia2S3RfDc4o=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=3da066c4-487f-11f1-b921-0768bb586825%26pt=campaign%26pv=4%26spa=1777986082%26t=1777986395%26s=5c4acb68b7241a44db18e51cd8d2bca7b0084e664dae4243d82332dd1602bdd0/1/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/znluciVp5df4lnUVNByM1GVl4WlEuK7g2-CyzmjP8zQ=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019df83f5c8a-c73c3eb9-8512-4905-9598-cfcd7b10a14f-000000/D-sbK0S9lOdCkKDLrsA3MqFn3KPPzO_WOgVqaCO2E60=452" style="display: none; width: 1px; height: 1px;">
</body></html>