<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">WhatsApp fixed two medium-severity bugs reported via Metaβs bug bounty. One let attackers spoof Windows attachments using NUL bytes β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/9c9dPfbIIfvf884COS6yXib2LesiMaM3SprSyDnhWuk=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/HjcMrN3B-q3owqxvm_2u9ImUuGyFqVMP391m2lfiUaY=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=546f5980-4935-11f1-a764-c35404464fe0%26pt=campaign%26t=1778072809%26s=f808c4a083c378c8463ef6df5c073768378e2f3ebaace1b3a254f79c50e0bfb3/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/NAIIBkELLEB9x_zp9RcyldLQeu0O23eDW7GfkEkoUTw=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ox.security%2Fresource-category%2Fwhitepapers-and-reports%2Fmother-of-all-ai-supply-chains%2F%3Futm_source=tldr%26utm_medium=paid%26utm_campaign=tldr-mcp-may26/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/15Wnxedjqbp7O4CbOMmNM83Iwivg0TcGtr7EZKF1VGg=452"><img src="https://images.tldr.tech/ox2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="OX Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-06</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ox.security%2Fresource-category%2Fwhitepapers-and-reports%2Fmother-of-all-ai-supply-chains%2F%3Futm_source=tldr%26utm_medium=paid%26utm_campaign=tldr-mcp-may26/2/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/sIvyGugTjOhdUmm_xVmHuyXOhsN6Clm4JWO7CFqCY0s=452">
<span>
<strong>150M+ affected downloads. 30+ disclosures. 10+ CVEs. One root cause. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<strong>RCE in the MCP: The Core Vulnerability No One Would Patch</strong><p></p><p><strong>AI infrastructure is scaling without a safety net.</strong></p><p>OX Security researchers discovered a <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ox.security%2Fresource-category%2Fwhitepapers-and-reports%2Fmother-of-all-ai-supply-chains%2F%3Futm_source=tldr%26utm_medium=paid%26utm_campaign=tldr-mcp-may26/3/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/DvWiGXUZMN1wAcNKFoAa8V1qoZes6M9gD0qEcYsS6AU=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>systemic RCE-by-design vulnerability at the core of</strong> <strong>Anthropic's MCP</strong></span></a><strong> </strong>STDIO implementation, propagating silently through all downstream frameworks, IDEs, and registries. </p>
<p>This isn't a bug. It's how it was built to work.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ox.security%2Fresource-category%2Fwhitepapers-and-reports%2Fmother-of-all-ai-supply-chains%2F%3Futm_source=tldr%26utm_medium=paid%26utm_campaign=tldr-mcp-may26/4/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/3eA_fOaMjsx2wCZvQy48ppydLrckoxwMtmuG8QVPp3c=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the full research: The Mother of All AI Supply Chains β</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FDzbQl1/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/dw3Z7wWdIayqV4jJRgwx3KqY4JNkxesd03t5hm0aTsQ=452">
<span>
<strong>WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WhatsApp fixed two medium-severity bugs reported via Meta's bug bounty. One let attackers spoof Windows attachments using NUL bytes, so an apparent document executed instead. The other mishandled AI-rich responses for Instagram Reels in iOS and Android, allowing arbitrary URLs and OS URL schemes to be processed on a victim device. Meta reports no in-the-wild exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fmicrosoft-details-phishing-campaign.html%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/pZnyVRz3hj-8ZOxPTUuQzk9qWWD_EyUSxlAKTwPjvoU=452">
<span>
<strong>Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft describes a multi-stage credential theft campaign using code-of-conduct themed emails sent via a legitimate mail service to over 35,000 users in 26 countries. Messages use enterprise-style templates, urgent accusations, and PDFs linking to CAPTCHAβgated flows that lead to AiTM phishing pages harvesting Microsoft credentials and tokens, bypassing MFA.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FwxWsBQ/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/h7lKZ8oRAtb9qb5NpIySyul5qxfzOowkSV4KdiwIa2Y=452">
<span>
<strong>Weaver E-cology Critical Bug Exploited In Attacks Since March (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at threat intel company Vega report that threat actors are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Weaver E-colony enterprise automation software. The vulnerability is caused by an exposed debug API endpoint that improperly allows user-supplied parameters to reach backend RPC functionality without requiring authentication. Users are recommended to upgrade to the latest version as no other workaround exists.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.huntress.com%2Fblog%2Fdmsa-ouroboros-credential-extraction-windows-server-2025%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/MsCrbtrMkIjwFzQ2d02y6Udb1-2BtBmjrJucueNGido=452">
<span>
<strong>dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Huntress detailed a six-command persistence technique against fully patched Windows Server 2025 in which a low-privilege user with CreateChild on any OU and WriteProperty on a target account creates a delegated Managed Service Account (dMSA), takes ownership to grant itself GenericAll, plants a Shadow Credential on msDS-KeyCredentialLink for PKINIT authentication, and writes the dMSA's own SID into msDS-GroupMSAMembership, so it authorizes itself to extract the superseded account's NT hash. The chain survives password rotation (PKINIT bypasses the managed password and the KDC repopulates the hash on every S4U2Self request), survives deletion of the original attacker account, and can lock Domain Admins out of remediation by writing a restrictive membership descriptor. Defenders should hunt for any dMSA whose own SID appears in its GroupMSAMembership, audit msDS-KeyCredentialLink writes on dMSA objects, monitor Event IDs 5136, 4662, and 4768 for PKINIT against dMSAs, and treat full deletion of the rogue dMSA as the only effective fix since Microsoft closed the report as a persistence technique that does not meet the servicing bar.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityscanner.dev%2Fblog%2Fstripe-webhook-signature-bypass-1500-apps%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/sprInEujgQ8fkW6gjUNUrI9bfjNCtYsUKqxZyc9ZKiM=452">
<span>
<strong>We probed 6,000 web apps for Stripe webhook signature checks. 1,542 don't bother (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A scan of about 6,000 Stripe-style webhook endpoints sent a fake checkout.session.completed event with no Stripe-Signature header and logged which servers still returned 2xx. Around 1,542 endpoints did so, meaning they handle unsigned payment events that appear real. Many SaaS flows upgrade users or confirm bookings directly from webhook payload fields, allowing attackers to script free-plan upgrades or unpaid reservations with crafted JSON. The fix is to enforce official webhook signature verification using raw request bodies and stack-specific SDK helpers, then rerun targeted scans to confirm the behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.sondera.ai%2Fp%2Fclaude-code-data-leaks-security%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/dI8H-ZEfSgAjQra-oS_RFWyYnsb2BhK_xIV1LNEAXjU=452">
<span>
<strong>How to Stop Claude Code from Leaking Sensitive Data (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As models have become more advanced, they've evolved from a simple βinformational GPSβ to a powerful βself-driving Waymo.β The additional power also brings additional risk of leaking sensitive data via the context window or other mechanisms. Sondera implements an agent harness using coding agent hooks in Claude Code to enforce Cedar policy-as-code fine-grained policies to protect against data exfiltration.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25203%26utm_term=Secondary/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/9DiqOlEjnl4mdBXzuvob6Vw3E8RIV-jYFJNVaLc8QfA=452">
<span>
<strong>Identity security report: security orgs aren't ready for the impact of AI (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Research unambiguously shows most orgs have process & control gaps in AI identity management, but most leaders think their security systems are ready. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25203%26utm_term=Secondary/2/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/U-jsZkhOlToWRFmXcVNdo56Caxho1gYifPMAOUEfe5A=452" rel="noopener noreferrer nofollow" target="_blank"><span>This Delinea survey</span></a> of 2,000+ IT decision-makers lays out the most common blind spots. Get concrete steps you can take to address them. >> <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fai-and-identity-security-report-pdf%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR%2520Send%25203%26utm_term=Secondary/3/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/EjbRe7jwrVIkuNEGzWUWNgki3EhEYT1xkP_-Gjz-ZjE=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsix2dez%2Freconftw%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/MpEZiPQiB5I5q4cST-9pOE43ahPdL35whDVZweN0FfM=452">
<span>
<strong>reconFTW (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
reconFTW is a Bash-based automated reconnaissance framework that orchestrates 100+ tools for subdomain enumeration, OSINT, port scanning, web analysis, and vulnerability checks through an 8-module architecture. The v4.1 release adds adaptive rate limiting, incremental/monitor modes, parallel execution, structured JSON logging, a circuit breaker, and checkpoint-based scan resumption, as well as distributed scanning via the Ax Framework and optional AI-generated reports via reconftw_ai. Configuration is centralized in reconftw.cfg with secrets managed via environment variables or a gitignored secrets.cfg, and deployment supports local installs, Docker (with built-in HEALTHCHECK), and Terraform/Ansible on AWS.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2F1N3%2FSn1per%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/4Lwd6CPiSmljfv-vEm3ZudMkzAE7d5sXrTnIghguueo=452">
<span>
<strong>Sn1per (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sn1per is an offensive-security platform that consolidates reconnaissance, vulnerability scanning, exploitation, and reporting into a single workspace. The Community Edition orchestrates 90+ third-party tools with 600+ exploits and 10,000+ detections across scan modes, including normal, stealth, flyover, airstrike, nuke, discover, and mass variants for multi-target operations. The Sn1per Professional 2026 release adds Docker-first deployment, a Bootstrap 5/Tabler UI with a Workspace Navigator, JSON API v1.0 for CI/SOAR/SIEM pipelines, CSV/Excel/PDF report export, and expanded modules for ReverseAPK, MassPwn, Threat Intel, Nessus, and Burp Suite, alongside new -v, -db, and -rr CLI flags.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fgoogle%2Fosv-scanner%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/6Df0OZ8fYDGg81fozA2e_qMQyTzOhZfoDzeM8aIWi5s=452">
<span>
<strong>OSV-Scanner (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies. OSV-Scanner provides an officially supported frontend to the OSV database and CLI interface to OSV-Scalibr that connects a project's list of dependencies with the vulnerabilities that affect them.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwebdirections.org%2Fblog%2Fhaving-your-cake-and-eating-it-an-implementation-guide-for-privacy-with-ai-nick-lothian-at-ai-engineer-melbourne-2026%2F%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/yXxNih8Kf6ParmZBvmHlM0GiA9G0dKWVa8lSYRj-IrQ=452">
<span>
<strong>Having your cake and eating it: An implementation guide for privacy with AI β Nick Lothian at AI Engineer Melbourne 2026 (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This piece explores the privacy-versus-capability trade-off across six methods: private local models, trusted execution environments, differential privacy, secure multi-party computation, federated learning, and homomorphic encryption. It draws on Nick Lothian's four years of hands-on experience. Private models and Trusted Execution Environments (TEEs) are shown as the most practical defaults, while homomorphic encryption is still too slow for full pipelines and should be used mainly for specific cryptographic tasks. AI system architects should view privacy as a composition problem: combining federated training with local inference, layering differential privacy with trusted execution environments, and applying heavy cryptographic primitives only where their benefits justify the costs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwebhosting.today%2F2026%2F05%2F03%2Fthe-cpanel-zero-day-was-active-for-64-days-before-anyone-knew%2F%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/qy5qCdqg_E3fg5U6sqIblauBTALoEphdDAacfOPsqtA=452">
<span>
<strong>The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KnownHost CEO Daniel Pearson confirmed exploitation attempts against CVE-2026-41940 (CVSS 9.8) starting February 23, roughly 64 days before cPanel's April 28 advisory, indicating attackers found the CRLF injection authentication bypass in cPanel/WHM session handling well before the researcher who responsibly disclosed it. Censys identified over 1 million exposed cPanel/WHM hosts (Rapid7 put the figure near 1.5 million across versions 11.86.0 through 11.136.0 and WP Squared v136.1.7 and earlier), and on May 1 alone, 15,448 cPanel hosts (79.99% of GreyNoise's malicious-host tracking that day) participated in attack activity, with 7,135 hosts already showing Sorry Ransomware ".sorry" extensions on WordPress core files and a separate Mirai variant ("nuclear.x86") deployed via Telnet post-compromise. CISA added the CVE to the KEV catalog on April 30, with a May 3 federal deadline. NocInit recommends migrating any server that was internet-accessible on ports 2082-2096 during the February-April window to a clean install from pre-breach backups rather than cleanup.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fseclists.org%2Foss-sec%2F2026%2Fq2%2F250%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/hNQShtyWToB4y_xjQweEb-deBB0FpJ4PUOHDmv0f7_s=452">
<span>
<strong>Coordinated Disclosure in the LLM Age (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OSS maintainer Jeremy Stanley highlights the risks that vulnerabilities discovered using LLM tooling may be fed back into the training data and be trivially discoverable by other users. This changes the calculus of coordinated disclosure and embargos as Stanley argues that maintainers should assume that the vulnerability is discoverable. Stanley believes that OSS maintainers shouldn't use LLMs to develop patches or documentation for vulnerabilities that are still under embargo.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fthe-resilient-enterprise-using-ai-to-connect-governance-risk-and-compliance%3Futm_campaign=the-resilient-enterprise-using-ai-to-connect-governance-risk-and-compliance-032026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=05-06-2026%23form/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/tv95C3NIPAUI1153dIe_YldvO1Cv42h9w9J1I2oictk=452">
<span>
<strong>What the Harvard Business Review says about GRC: free eBook (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This report from the Harvard Business Review takes an in-depth look at today's fragmented GRC silos and makes the case for a new, AI-powered approach. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fthe-resilient-enterprise-using-ai-to-connect-governance-risk-and-compliance%3Futm_campaign=the-resilient-enterprise-using-ai-to-connect-governance-risk-and-compliance-032026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=05-06-2026%23form/2/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/_GGLUowiBO_3uvECJabFlyv-p4EOabJunrew7roYKeA=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get the eBook from Optro</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4166824%2Fanthropic-mythos-spurs-white-house-to-weigh-pre-release-reviews-for-high-risk-ai-models.html%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/8diNtzssTOJGLlR0BnlCAyYULdqmBOwIWlpw3JoxJ10=452">
<span>
<strong>Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Trump administration is now considering pre-release vetting for high-risk AI models following Anthropic's Mythos Preview.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F05%2F05%2Fnhs_to_closesource_hundreds_of_repos%2F%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/f1YXio46dpR9k_VE9vzvFaIveNinG7LCcel0WPYrHuE=452">
<span>
<strong>NHS to close-source hundreds of GitHub repos over AI, security concerns (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NHS England ordered maintainers to flip hundreds of GitHub repos from public to private by May 11.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F191715%2Fdata-breach%2Fvimeo-confirms-breach-via-third-party-vendor-impacts-119k-users.html%3Futm_source=tldrinfosec/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/3lyZZv-NBmR90iL_zanI-L6N5Fg4xGwssRqRjO2vykU=452">
<span>
<strong>Vimeo confirms breach via third-party vendor impacts 119K users (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters stole personal information of 119,000 Vimeo users in April by breaching Anodot, a third-party analytics vendor.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/nQykIm7AVQyP_rQyD716PUz_0Ks3Ond5dLdmGmUpWE0=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/LkXUM4szPcOwtvh9nSZfI8jrSeeQihAobcws7BkX_ac=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/P1rlv9YeQPUMDVdiWEdKZV-wgDwg1NyhBb8M87oKZqE=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/GZnCFUGbtyss9DWqxFOOafHHzvqQqIFKm6Fd3Viunto=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/OLNKdbJjhcJEBnZJtJOBteLfr8abifuw8YgzoTC1ge8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/zkEL4BrqPPzUpS2j2WRFM-DsvY4Z7Q04HL3slwubWgc=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/w7nGs3ITbJVz4AKeEtH85Q-ggsMuzfYnSwrlalkzEYg=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/P69puJ08-utd5E1FjmgNnu43AEgK1r1ONjaNuJIw2xs=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/Jb3vTKetzAFxHXqp4XHKo4hcqglaQQ0rbY28PDmEPvI=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/ht8Iw9mRJW8NYZOCrkhBES9OcMOtYzIP5sfU0Ge1Ikw=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=546f5980-4935-11f1-a764-c35404464fe0%26pt=campaign%26pv=4%26spa=1778072496%26t=1778072809%26s=76da79f970bbe517e64a52379be6067a75fa8b2eab26b9c7c4dda0ff96207fb6/1/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/rfg3QqXKcAkE5F30_ljZB3lLDadhzG5KkOn9_rM8Otk=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019dfd65f1bb-384d25ab-356c-4f34-9366-8ff931dcda81-000000/-CWDmzYzHV_a-JHhbyYp-gsGxLuFH73XrjJK2munVJ8=452" style="display: none; width: 1px; height: 1px;">
</body></html>