<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Palo Alto Networks warned users of a critical, unpatched vulnerability in the PAN-OS User-ID Authentication Portal that stems from a buffer overflow β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/PDcgUxkkA0J_neAHKbiId6b_SSEhEvwAsvikiE20-1E=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/dnUSgQxKPdnSVSaKvtB_9YlSZ4y0XPAS00bS9JHBea4=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5c856ef6-49e0-11f1-a148-7f994b5f8c45%26pt=campaign%26t=1778159238%26s=68c6ca25dd9ade63043dc5438564843bb800ba2c54ff5d06ef6bc941859ded02/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/75nTK7XChOQSf00awtiM73FDlNQVjyUkHR4jqkdLxMo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/-DB9-Qyx_d2ISRg287NDKAZ4A8HbqIfkXuxZ7c5kSAI=452"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-07</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/2/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/ULFjjA4jU04phMJbaLTMqx4GFFTgFK8H9je0t4PP6GI=452">
<span>
<strong>The 1,500% surge in AI-related threats was just the beginning (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered cybercrime is scaling, but not in the way you think. Ransomware is up 53% and it's mostly identity-based extortion, not technical file encryption, that's to blame.<br><br>Flashpoint's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/3/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/HB8yJKvWfYsQD6z_I93EgoS4V77wQ3so-1_xKe9vps8=452" rel="noopener noreferrer nofollow" target="_blank"><span>2026 Global Threat Intelligence Report</span></a> provides a data-driven view of the 2026 threat landscape. Readers will learn:
<p></p>
<ul>
<li>Why threat actors are <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/4/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/bFbW8-Nf5yRHeugMjGgF0MVGZarb-42_tkFBHweSekI=452" rel="noopener noreferrer nofollow" target="_blank"><span>transitioning from GenAI to autonomous agents</span></a> that execute end-to-end attacks without human intervention.</li>
<li>How the professionalization of groups like RansomHub and Clop is scaling the cybercrime economy.</li>
<li>How 3.3 billion compromised credentials and cloud tokens are making identity the primary exploit vector.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26sfcampaign_id=701Rc00000dDaIXIA0/5/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/nZJLaE0jm0ZNTQdiXWurONzcKe6CN3pIZmzxrTT3VFM=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fblog%2F2026%2Fmalicious-intercom-php-package-spreads-mini-shai-hulud-attack-to-packagist-via-composer-plugin%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/uYaFybgCjXKE-2Y-vQKT8jgLhp1Z-1EjfXJiB6MPsio=452">
<span>
<strong>Malicious Intercom PHP Package Spreads Mini Shai-Hulud Attack to Packagist via Composer Plugin (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers overwrote intercom/intercom-php 5.0.2 on Packagist with a malicious Composer plugin that executes at install time, downloading the Bun runtime and an obfuscated payload that exfiltrates GitHub tokens, SSH keys, cloud credentials, and environment variables to zero.masscan.cloud. The campaign extends the Mini Shai-Hulud attack from npm (where intercom-client 7.0.4 was hit via a preinstall hook earlier the same day) to PHP, abusing Packagist's webhook-driven reindexing model, which lacks a pre-publish quarantine. Defenders should pin versions, audit composer.lock for the malicious release, hunt for IOCs including setup-intercom.sh, router_runtime.js, src/composerPlugin.php, and .claude/.vscode artifacts, and rotate any credentials exposed on machines that ran composer install or update since the compromise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fcritical-apache-http2-flaw-cve-2026.html%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/PU5utP1tqWlfLlhYmxHO0e8rWdWLMxEcEK7vhKaRwuw=452">
<span>
<strong>Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-23918 (CVSS 8.8) is a double-free in Apache httpd 2.4.66 mod_http2's stream cleanup path (h2_mplx.c), triggered when a client sends a HEADERS frame immediately followed by RST_STREAM on the same stream before the multiplexer registers it, causing the same h2_stream pointer to be pushed onto the spurge cleanup array twice. Researchers Bartlomiej Dmitruk (Striga.ai) and Stanislaw Strzalkowski (ISEC.pl) demonstrated a trivial DoS against any default mod_http2 deployment with a multi-threaded MPM, plus a working x86_64 RCE PoC that leverages mmap reuse to plant a fake h2_stream and pivots through Apache's fixed-address scoreboard to call system(), with the RCE path practical on Debian-derived systems and the official httpd Docker image due to the APR mmap allocator default. Defenders should upgrade to 2.4.67 immediately. mod_http2 is included in default builds, and the prefork MPM is the only unaffected configuration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4mohR7/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/esOf4iqbsH2qojHwp7lFI7jMsIhkg-DxSx5o5BA2j2w=452">
<span>
<strong>Palo Alto Networks Warns of Firewall RCE Zero-Day Exploited In Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Palo Alto Networks warned users of a critical, unpatched vulnerability in the PAN-OS User-ID Authentication Portal. The vulnerability stems from a buffer overflow and can be exploited by attackers to execute arbitrary code as root. Palo Alto Networks is working on a fix and recommends users restrict or disable access to the portals in the meantime.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.ikaes.de%2Fexfiltration-using-numeric-only-outputs%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/lrG2peJqdDy8N_UfVojqtmONykev8MABBc5IC91WKdk=452">
<span>
<strong>Exfiltration using numeric-only outputs (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When code injection vulnerabilities return only valid decimal numbers (no reflection, external traffic, or timing), attackers can exfiltrate alphanumeric data by encoding command outputs as base-36 integers using int(command_output, 36) in Python or base_convert() in PHP, with non-alphanumeric characters stripped via string translation functions. Python's 4,300-digit integer limit allows exfiltration of up to 2,762 alphanumeric characters (over 2KB), while 64-bit systems like JavaScript and PHP are limited to roughly 12 characters per conversion, though PHP's BC Math functions enable chunking and concatenation for larger payloads. Base27 encoding can squeeze one additional character into 64-bit limits by shifting the alphabet left and excluding numeric characters, trading information density for longer output capacity in constrained environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.incendium.rocks%2Fposts%2FFuzzing-MS-RPC-structures-and-monitoring%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/verWn0NJP1tl5CXF7CvOCPfDxMPJXI1OaEu6t5aod9k=452">
<span>
<strong>Recursively fuzzing MS-RPC structures and monitoring using ETW (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Remco van der Meer enhanced his MS-RPC fuzzer with recursive structure handling via New-FuzzedInstance (depth-limited to 8 levels with visited-type tracking), union type support through random Arm_N field selection with proper discriminant setting, and replaced Process Monitor with native ETW monitoring of Microsoft-Windows-Kernel-File and Microsoft-Windows-Kernel-Registry providers to detect canary strings ("incendiumrocks_") in real-time syscalls. The fuzzer discovered RpcAddPrintProvidor [sic] in spoolsv.exe, which loads arbitrary DLLs as NT AUTHORITY\SYSTEM when provided a file path (appending .DLL to the input), though the procedure requires administrator privileges and supports ncacn_ip_tcp for potential remote exploitation. Defenders should monitor for suspicious DLL loads by the Print Spooler service and consider restricting RPC access to printer management functions, as this represents an admin-to-SYSTEM escalation path that could enable lateral movement in environments where attackers hold administrative credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zolder.io%2Fblog%2Fproton-pass-second-password-bypass-through-emergency-access%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/TjIu4Fy_uO0AlMYwF7WP2_fNb3AsVpaNgS_bfCImmkg=452">
<span>
<strong>Proton Pass: Second-Password Bypass Through Emergency Access (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Proton's Pass vault supports a separate second password, but the Emergency Access feature, with wait time set to βNone,β lets someone with mailbox access add an attacker account as an immediate emergency contact and reach the vault without that second password. An attacker can also hide notification emails using mailbox rules, then use Emergency Access to log in, open Proton Pass, and export the entire vault.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fabhishekamralkar%2Fargus%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/fqYEWc8e5SUVtJeDwCF3LURz4Ph7e9_QZbeFge2pqDY=452">
<span>
<strong>argus (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
argus is a RAG-based vulnerability scanner for Go, Python, and Rust projects that runs entirely on local Ollama models (nomic-embed-text for embeddings, gpt-oss:20b for analysis) with a DuckDB vector store, parsing go.mod, requirements.txt, and Cargo.toml against OSV, GoVulnDB, RustSec, and PyPA feeds. Findings are version-aware and alias-deduplicated to suppress already-fixed advisories and avoid double-reporting GO-/CVE- pairs, with a .argusignore file, --min-severity and --fail-on gates, and SARIF output for the GitHub Security tab. Configurable via .argus.yaml, distributed as Go install, prebuilt release binaries with cosign signatures, and a Docker image.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fclearbluejar%2Fpyghidra-mcp%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/tBwPkKmDLRCmkO_rEewzpYpQ2riiC4Z2L0h9ByKGwWE=452">
<span>
<strong>pyhidra-mcp (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
pyghidra-mcp is a command-line Model Context Protocol (MCP) server that brings the full analytical power of Ghidra, a robust software reverse engineering (SRE) suite, into the world of intelligent agents and LLM-based tooling. It bridges Ghidra's ProgramAPI and FlatProgramAPI to Python using pyghidra and jpype, then exposes that functionality via the Model Context Protocol.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.herdsecurity.io%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/XmN70Q6HSJDkNw5dUz632bg74843yp536vdrFT8WHM4=452">
<span>
<strong>Herd Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Herd Security is an agent-based training platform for security and GRC teams that turns policies, security data, and live threats into short lessons delivered in Slack, Teams, and LMS as text, images, and video.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F06%2Fuk-age-gating-plans-risk-breaking-the-internet-privacy-groups-warn%2F5230732%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/9hibBiTQpiuloeBuJ6aT4hWEKc6Uh7L_7s7_YBGXoeU=452">
<span>
<strong>UK age-gating plans risk breaking the internet, privacy groups warn (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UK civil liberties groups, browser makers, VPN providers, and Tor oppose new age checks enabled by the Children's Wellbeing and Schools Bill, warning they would force universal age verification, weaken privacy, and create fresh security risks. They point to easily bypassed checks under the Online Safety Act and argue that data-hungry business models are the underlying problem.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fwindows-phone-link-exploited-by-cloudz.html%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/U-Q1q0lMM2kPoSHq5_-2Lax8JDtfBEe1B0y9HY2KjKM=452">
<span>
<strong>Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CloudZ RAT uses a custom Pheno plugin to hijack the Windows Phone Link bridge on compromised Windows 10 and 11 systems, monitor active Phone Link processes, and access the app's SQLite database to steal synchronized SMS and OTP data without infecting the phone. Attackers gain initial access via a fake ConnectWise ScreenConnect executable that drops a .NET loader, which deploys modular CloudZ, connects to C2, and runs commands for credential theft, browser data exfiltration, and screen recording.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FaBcRtp/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/TnVO5FTarMymEDJhd9cPsVDfUf8MspqKYUXMuedHer4=452">
<span>
<strong>FTC to Ban Data Broker Kochava from Selling Americans' Location Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following a lawsuit in 2022, the FTC has proposed a ban on Kochava's sale of location data without explicit consumer consent. Kochava is a data broker that was sued for collecting users' precise location data without their consent and then selling it on the AWS Marketplace. Under the proposed order, Kochava would be prohibited from selling location data without explicit consent, required to establish a sensitive location data program, and required to allow users to request disclosure of who bought their data, among other provisions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblogs.windows.com%2Fwindows-insider%2F2026%2F04%2F24%2Fyour-windows-update-experience-just-got-updated%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/SOFLVXG5I8njFFbzEBB4mWDzEff2-530MAbGXrIGuC8=452">
<span>
<strong>Your Windows update experience just got updated (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft rolled out Windows Update changes letting users skip updates during OOBE, extend pause periods up to 35 days indefinitely, separate Restart/Shut down from Update and restart in the Power menu, and consolidate driver, .NET, and firmware updates into a single monthly reboot aligned with the quality update, alongside automatic recovery for failed installs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F06%2Fai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys%2F%3Futm_source=tldrinfosec/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/UcWBcTbPy9SYjzCcvZVwkkuzvFWnpc6BpRVTgzR3bXQ=452">
<span>
<strong>AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Braintrust reported an unauthorized access incident involving an AWS account containing customer API keys.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FXc890C/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/VHZVN0lQ16mtMJlba6cXXyAbB7TmEHz-NpQHMAaQJco=452">
<span>
<strong>Hackers abuse Google ads for GoDaddy ManageWP login phishing (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Guardio Labs uncovered a private AitM phishing framework abusing Google-sponsored results for the 'managewp' query to proxy credentials and 2FA codes through an operator-driven C2 panel.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/7CPvf_I68NuJxHC1TSW0CCfPCTnODd_kPT-9VTwOlUw=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/gay3Olc3ZfTmvzueIu0KPhCnMdf_Gm0whm7GoHhk2CU=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/Bp6t6cG0mfQaNU2opQ1z-euDzajti65wSGTwjKy68zU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/ESIy3iL3kmQ1mtg0xoH2XkdfNlAOfABlxkWUUR4cqYE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/rJd9qTh1_6zA7DbeloIwxIO6Q2ECjf39aRx-Kw4eNro=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/p8C7bzXMudNRLcwKG1djbmj9KI9B3tyYeWG1WtsvzW4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/BZY05lHYZQNan_0JtlZCu2-InKd8Tgy4vt6lCo31LNM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/CMsRdCaWPx4_oCFUORjCOp_0oVFvYEnB6626mmoVSvU=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/VjLivwX8hSMZmyMCHOTfRn544o-d940Ifcy9_Jr3e4g=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/QK75teii0FBLPX-sEmfGxSJ_JTtVn1NnAPLn9_1OcGA=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=5c856ef6-49e0-11f1-a148-7f994b5f8c45%26pt=campaign%26pv=4%26spa=1778158907%26t=1778159238%26s=7ad936872417cba1a97debb5091da36f2a0d09007af75cd26c57f19a2916b92f/1/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/AjoOU0CVWWZssq3G_vMhyLNlCDt2Uireud88CzLdZ0A=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e028cbc70-544d46f7-231e-4090-8abd-560fe44c3056-000000/TNiWAmrqyTEcUo1jVu8fgigTmfP1Rb2YEE2tHwSMzIk=452" style="display: none; width: 1px; height: 1px;">
</body></html>