<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">North Korea-aligned APT group ScarCruft (APT37) compromised sqgame[.]net, a gaming platform serving ethnic Koreans in China's Yanbian region β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/L2NbK3r1zdEiyzxAEKkTzvm3N8hSQo2dBzXihVjAE40=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/uAoboPSS58BXUBPU5juJovsQkwkQ2EgIu4yHTH-IxZ8=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=39052170-4dea-11f1-b49f-81f84a331d53%26pt=campaign%26t=1778591199%26s=8d2f9445f89734dfb900e89763c0cd5205a31782e9cad705d8a18a9e2b5d473b/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/LYKJXsGFqWkC-WoG4lmqbT1GzJ4ZwPn0zAiZ9MtCHnA=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260512/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/AqAR85NClG7yxlpnG0FVm7L6MD56tanjAJ2xWr_e0LQ=452"><img src="https://images.tldr.tech/cato2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Cato Networks"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-12</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260512/2/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/otLMl-qN2OlyofTYu3dMbmxXr4ItO3mEWh7yHQEYPAs=452">
<span>
<strong>Cato + Microsoft + Forrester + Dayforce = The ultimate agentic AI security event (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Everyone knows AI agents carry risk. Everyone wants to implement them anyway. <p></p><p>Delivering the agentic innovation the C-suite demands without jeopardizing the security customers deserve is no easy feat. At <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260512/3/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/TjB9lb-hZSZRHPZWA2o-A7qem6YRn1HRbXg2ceD6cfI=452" rel="noopener noreferrer nofollow" target="_blank"><span>SASEfy by Cato Networks</span></a>, experts from Microsoft, Forrester, Dayforce, and Cato will show you how to:</p>
<ul>
<li>Identify where AI risk exists</li>
</ul>
<ul>
<li>Secure and govern AI without added complexity </li>
</ul>
<ul>
<li>Adapt Zero Trust for agentic AI </li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260512/4/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/PtaIlyvxZirmnBN6F4HMgs68s9XQ1gY7abtRDSDHZJg=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join live</span></a> on May 20.</p>
<p>Can't attend?<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260512/5/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/V6_6yp9HvhmBP9m-kFvBMYVt4qThVOcDYoFS7QKy6Fs=452" rel="noopener noreferrer nofollow" target="_blank"><span> Register anyway to access the recording</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Frigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/KdSUQQ-9cudjkAzzcohQbgoBzgSCR4iyblf2Hd2EvEQ=452">
<span>
<strong>A rigged game: ScarCruft compromises gaming platform in a supply-chain attack (18 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
North Korea-aligned APT group ScarCruft (APT37) compromised sqgame[.]net, a gaming platform serving ethnic Koreans in China's Yanbian region, trojanizing its Windows update package and two Android card games to deploy the BirdCall backdoor β with the Android port marking a new addition to the group's arsenal. The Windows chain pivots through a sandbox-checking downloader to RokRAT and then BirdCall, while Android BirdCall abuses Zoho WorkDrive over HTTPS for C&C and exfiltrates contacts, SMS, call logs, screenshots, microphone recordings (limited to 7β10 PM local time), and files matching .doc/.docx/.xlsx/.pptx/.hwp/.pdf/.p12 extensions targeting defectors and refugees. Defenders should hunt for sqgame-sourced APKs and the trojanized mono.dll (SHA-1 95BDB94F6767A3CCE6D92363BBF5BC84B786BDB0), block the listed C2 infrastructure, including compromised South Korean domains (1980food.co[.]kr, inodea[.]com, and lawwell.co[.]kr), and flag outbound Zoho WorkDrive API traffic from non-business endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Ffake-openai-privacy-filter-repo-hits-1.html%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/Konhv3fajQBB1q8U5kGoBZj76k_7Oo8x0WnnUR-dZd0=452">
<span>
<strong>Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fake Hugging Face repo impersonated OpenAI's Privacy Filter model and shipped an infostealer via loader scripts for Windows, macOS, and Linux. The chain used JSON Keeper, scheduled tasks, and Defender exclusions to pull and run a stealer that targets wallets, Discord, browsers, and files, then exfiltrates. Linked repos and reused infrastructure tie the activity to ValleyRAT distribution previously seen with the trevlo npm package and Silver Fox operations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fg3w6CQ/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/fbvSRK6pfNXfIXFyT-nDz1Wp9QKH1tshe4cDl8vXlgw=452">
<span>
<strong>Over 500 Organizations Hit in Years-Long Phishing Campaign (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A fourβyear phishing operation, dubbed Operation HookedWing, has stolen more than 2,000 credentials from users at over 500 organizations across aviation, critical infrastructure, energy, finance, government, logistics, and tech sectors. The actor uses HR- or colleague-themed emails that link to GitHub-hosted pages mimicking Outlook, with loaders customized per victim organization. Landing pages validate data, inject PHP forms, capture credentials, IP addresses, and geolocation data, and send full records to attacker C2 servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fback.engineering%2Fblog%2F09%2F05%2F2026%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/2MTpSZz9MIGDMSUhGjiqY_gWutYeScClM-24KAE5s0k=452">
<span>
<strong>Static Devirtualization of Themida (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Back Engineering Labs has published a generic static devirtualization approach for Themida and CodeVirtualizer (extensible to VMProtect, vxlang, EagleVM, and other VM-based protectors) that deliberately avoids handler pattern-matching, instead lifting native instructions into BLARE2's SSA IR with all registers symbolic and RSP concretized, then running constant promotion, constant folding, dead store elimination (scoped to VM-private sections), instruction combination, and branch folding to convergence until handler addresses, VPC math, and dispatch logic collapse into concrete control flow. VM-specific knowledge is only required for Themida's VJCC handler (which writes a branch_taken_flag before advancing VIP, forcing both paths to be explored) and for VMEXIT classification via RSP displacement from initRSP β for example, a return at initRSP - 0x10 indicates a VMEXIT-CALL with target at RSP and return address at RSP + 0x8. Defenders and reverse engineers can study the released sample binaries on GitHub. Red-team tool authors should note that MBA-encoded branch targets no longer reliably defeat symbolic evaluation and that stronger anti-symbolic constructions (as in CodeDefender's higher tiers) are now required to resist this class of pipeline.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.zsec.uk%2Fbullyingllms%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/J_BQj0Ini79WDu3LFia6agIUBkkFjmzcFBjAKTLLZDk=452">
<span>
<strong>Autonomous Vulnerability Hunting with MCP (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An MCP-based Claude Code setup wraps more than 300 tools across five Proxmox VMs to automate vulnerability research end to end, from staging binaries through fuzzing, crash triage, RAG-backed knowledge, and reporting. Findings start in a βhallucination binβ and must pass strict PoC, exploitability, and low-privilege checks before promotion, which keeps false positives low. Campaigns have already produced multiple Go standard library OOM CVEs, a Windows OEM SYSTEM 0-day chain, and macOS app platform issues, while TokenBurn tracks token usage and cost-per-finding to keep the whole pipeline economically grounded.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cyera.com%2Fresearch%2Fbleeding-llama-critical-unauthenticated-memory-leak-in-ollama%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/2iNDacNQIUMAaFq0--AhfBP0feGo1swoaOGFpkApH5Q=452">
<span>
<strong>Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cyera found CVE-2026-7482 in Ollama, a memory leak that lets attackers dump the entire process heap without credentials. Ollama runs LLMs locally and has 170,000 GitHub stars, over 100 million Docker downloads, and 300,000 exposed servers. The bug is in Go's unsafe package during GGUF tensor quantization. Attackers upload a malformed GGUF file with inflated tensor shape values, triggering an out-of-bounds read that scoops up heap memory containing user prompts, system prompts, and environment variables. They then name the model as an HTTP URI and push it to their own server using /api/push, exfiltrating everything in three API calls. Leaked data includes API keys, proprietary code, and customer contracts from enterprises running Ollama as an internal AI chat.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPentHertz%2FLUKSbox%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/bDBOEs1eLS6E-NzYbNASaFmukSqeRTygmr5xuZVGImQ=452">
<span>
<strong>LUKSbox (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LUKSbox is an Apache-2.0 Rust tool from Penthertz that creates encrypted .lbx vaults for storing sensitive files on untrusted storage like cloud sync, NAS, or USB, with the Master Volume Key wrapped via passphrase, FIDO2 hmac-secret, TPM 2.0, or ML-KEM-768/1024 hybrid post-quantum keyslots. The pre-1.0 release pairs AES-GCM-SIV / AES-GCM / ChaCha20-Poly1305 AEAD chunks with HMAC-SHA256 header auth, a rollback-detection anchor sidecar, and memfd_secret(2) to keep unlocked keys out of coredumps, accessible via CLI, TUI, or egui GUI across Linux/macOS/Windows. A third-party audit is still pending despite 10 libFuzzer harnesses, 30M+ iterations, and 9 internal audit rounds.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fnoraj%2Fhaiti%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/ANssfUGHH5hrdIw91JfBz4GSh_7QlOYwFx7D6LBGObM=452">
<span>
<strong>HAITI (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HAITI is a Ruby-based CLI tool and library that identifies 675+ hash types, including modern algorithms such as SHA3, Keccak, and Blake2, and cross-referencing them with Hashcat and John the Ripper modes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fnuclear-treestump%2Fpydepgate%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/r0kePADbcgkKnZuVCn4yzQcbDw1843bsice4qQ9LPck=452">
<span>
<strong>pydepgate (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
pydepgate is a lightweight Python runner that inspects Python packages and environments for code that executes silently at interpreter startup.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.clearseclabs.com%2Fblog%2Fweve-been-here-before-ai-vulnerability-research%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/rb3Ic__tbYl9mLbRwm2JEf0hD4oen35500ix31On6Ak=452">
<span>
<strong>We've Been Here Before: Decompilers, Fuzzers, and Now AI (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ClearSecLabs has pushed back on Thomas Ptacek's "Vulnerability Research Is Cooked" thesis, arguing that the AI panic echoes prior cycles around the Hex-Rays decompiler, AFL/libFuzzer, and CodeQL/Semgrep, each of which automated the easy version of the work and made human judgment more valuable, not less. The author concedes LLMs are qualitatively different, citing Anthropic's 500+ validated vulnerabilities, AI finding 12 of 12 OpenSSL zero-days before humans, and Claude Mythos's discovery of CVE-2026-4747 (a 17-year-old RCE in FreeBSD), alongside RSA 2026 warnings from Kevin Mandia and Alex Stamos of exponential exploit discovery but counters that defenders get the same tools, novel bug-class discovery still requires human creativity, and AI in CI/CD pipelines structurally favors defense (where fixing the weakest link beats an attacker's one-shot chain). Practitioners should treat this as the equilibrium argument it is: invest in directing agents now rather than competing against them, pair LLM pattern-matching with domain intuition for logic and state-machine flaws, and expect a continued flood of low-quality AI-generated reports (as the curl project has documented) that defenders will need triage workflows to filter.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FOj4NUp/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/jgEC2Y41cHaCEX2CJC7dkbzHuteYEWyOtUM_MuQpPHQ=452">
<span>
<strong>Zara Data Breach Exposed Personal Information of 197K People (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fashion retailer Zara announced that they experienced a breach of data belonging to 197k individuals due to a breach of a former tech provider's databases, which contained data about business relationships with customers in different markets. The data contains 197k unique email addresses, geographic locations, purchases, and support tickets. The ShinyHunters gang claims to have breached the data via a compromised Anodot authentication token.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthenewstack.io%2Fdisappearing-ai-middle-class%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/E-c1-g1oA4WvyRai6ybfc81P4kLwwggIWv0NZnH33D0=452">
<span>
<strong>The Disappearing AI Middle Class (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prior to the most recent set of models, LLMs roughly followed a price/performance curve where more expensive models performed better. With the introduction of new top-tier models such as GPT-5.5 and Opus 4.7 which included major price hikes as well as Deepseek V4-Pro and V4-flash which are much cheaper, models have split into expensive, top-tier models and much cheaper models without a clear middle ground. OpenAI argues that the differentiator is that Codex (and similarly the Claude ecosystem) is looking to provide a full stack, whereas other models (such as Deepseek) are just providing one component.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fs3FTg5/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/MFuCL2lc7AgaqhZMIG34umjYQQnWoBhCyYJkPZZ_Dbo=452">
<span>
<strong>SailPoint Discloses GitHub Repository Hack (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SailPoint detected unauthorized access to some GitHub repositories on April 20.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJCWt5A/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/aahkk1vJEh78kLuM5xnNdSsvgoOfhdDKhvqEnx5LNsI=452">
<span>
<strong>Instructure confirms hackers used Canvas flaw to deface portals (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Instructure confirmed that ShinyHunters chained multiple XSS bugs in Canvas LMS user-generated content features to hijack authenticated admin sessions and deface login portals at thousands of schools with a ransom ultimatum.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fromanian-man-30-years-us-prison-vishing-scams%2F%3Futm_source=tldrinfosec/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/0m537s7icy9dG7YY0EqM_C_gQDJWYGMAO8IMpJi3dOk=452">
<span>
<strong>Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Romanian national Gavril Sandu was extradited to the US to face conspiracy and bank fraud charges carrying up to 30 years.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/gIkLw2WVU88MOhnMiKn3ZMHBziMM039SBMZkLm07IPU=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/j1YZYhi5DFyyu7bfE3KL6XUtKcHruPlTtsBqNLS91V4=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/1S0wQ7ju8cgTIFR5GvhU7DVXxEQ-b07UBYbvaFhzHQQ=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/F2pU_F89Egl-Xvl49ziYp_Ef9cq1GYyYMyYe3g_JgXU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/pUK1uUdHuGNd-O15KKO8HfEMVIg4JN0fkDtGnmIthM4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/tg0imnMzYrglfRYTrn3bLnQBlTzL96kkgI8fsyBdRek=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/-YGmDcFwYustabaVCVpFQnxt0SHFwdbR8cUEadumS6E=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/TsiihA_nuonALZRrvSau5AbsCeN-UtWwp57hmdj21IY=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/F-KD8wVuMyXOU2yg5r0xPl7HktfQfP_oYTBMjE_VPxM=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/cBYqlduqFaQQY84o8WHMihK4LrKw5V4W95KDodj0BPg=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=39052170-4dea-11f1-b49f-81f84a331d53%26pt=campaign%26pv=4%26spa=1778590882%26t=1778591199%26s=d0b10c98c680de08fd007978c67a033988f385dc27f15fa1bfec80e54894212a/1/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/x3TbRCOf5zZQ9ruKEP2cCjZUmbADtcclHpmR3aZ11J0=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e1c4bf258-37cbd2f6-5581-4795-a0f8-d8703e7ef30b-000000/Tl4hXrxf2xg60m_N52EYJx_90qV_nFZqyBlI2d354EE=452" style="display: none; width: 1px; height: 1px;">
</body></html>