<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Foxconn, the worldβs largest electronics manufacturer, confirmed that some of its North American factories suffered a ransomware attack β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/6XT4urUtX-1Zp8Olgv5FclWWO3_UUvu-EZCGVVOPU_s=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/u_oc_eLrhVKWRmeHu0TBi0Kau9fhBCbeK01XOcw56eQ=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8635c956-4f82-11f1-a8dc-7b4e31590754%26pt=campaign%26t=1778764062%26s=8eec27dee65d1b2793896c3c636251ea3d8da81aee42219b72b1df4bc6be2297/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/bTS0UW66qcuGzPFz_KVpq09rWb8cPSRl0vZCaAgFO2k=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/eC8ocosGmIurxNlpniIAdPj43OHL7ZY0SLOUoBhNNpk=452"><img src="https://images.tldr.tech/drata2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Drata"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-14</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/2/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/-JrgLKdM39bX7frxGlFNSeDTp1Wn11o3UBYOL2c_ZrI=452">
<span>
<strong>Manual GRC doesn't scale -- move to Agentic Trust Management with Drata (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Compliance doesn't end when you get your SOC 2 certificate. Security reviews, audits, and vendor questionnaires demand constant attention -- and leave GRC teams too overwhelmed to actually think about security strategy.<p></p><p>Drata's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/3/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/IZ6Yr3kmDaamW662f9UzyFKKYqcKRIy63dylwUqqbOc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Agentic Trust Management Platform</span></a> automates the most time-consuming tasks, from security questionnaires to continuous evidence collection, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/4/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/ZmDmucChOZOAZlFJNeS8Qw1Xdfai6lzhPrCjanuEJC0=452" rel="noopener noreferrer nofollow" target="_blank"><span>saving teams hundreds of hours</span></a> each year. Drata's AI chases down documents, so you can focus on outcomes.</p>
<p>With Drata's built-in Trust Center, you can streamline security reviews, share your security posture, and build trust faster throughout the deal process.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdrata.com%2Fc%2Fdemo%2F%3Futm_source=TLDR_infosec%26utm_medium=display%26utm_campaign=20260220_drata_for_startups_DG_all_ALL/5/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/6OzMPh_SxEiAr7AAesIwXhAvny1j3DFpikAthipK6QE=452" rel="noopener noreferrer nofollow" target="_blank"><span>β‘οΈ Automate and accelerate trust with Drata β‘οΈ</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fstatus.rubygems.org%2Fincidents%2Fcytf062tkwtt%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/znzacLOiFkmRzkSAI99AXiuiCFVDrPEPJQAXCStgQts=452">
<span>
<strong>RubyGems.org temporarily disables new user registrations (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RubyGems.org disabled new user registrations after a DDoS-style spam wave drove bot accounts to push 500+ malicious packages, which have since been yanked alongside the offending accounts. Registrations will remain closed for two to three days while Fastly WAF rules and account-creation rate limits are tightened. Gem installs and pushes for existing users are unaffected.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FbONQiO/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/4b7q9-Pq4n0UVnxTjfx8p7qY8vBZVCYKWHilZ5WLA_4=452">
<span>
<strong>Foxconn Confirms Cyberattack Claimed by Nitrogen Ransomware Gang (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Foxconn, the world's largest electronics manufacturer, confirmed that some of its North American factories suffered a ransomware attack. The Nitrogen ransomware gang claimed responsibility for the attack and stated that they stole 8TB of data containing over 11M documents. The documents contain confidential instructions, projects, and drawings from Apple, Intel, Google, Nvidia, and other customers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fd3kARC/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/1xEf1OTaqwq8_dbQacgg8eAcaP9D0dW3tpak2a-TI44=452">
<span>
<strong>716,000 Impacted by OpenLoop Health Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers accessed OpenLoop Health systems on January 7β8 and stole data on 716,000 people, including contact details and medical information, but not EHRs, SSNs, or financial data. The company cut off access, hired external responders, notified regulators, and is offering one year of identity and credit monitoring. A threat actor claims to have exfiltrated 1.6 million records.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.kaspersky.com%2Fblog%2Fllmjacking-2026-private-ai-server-security%2F55768%2F%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/Qd2c77FZO4QUPq5-sG6fMgkAI41r2wVzzJiJozT66Nk=452">
<span>
<strong>LLMjacking: what these attacks are, and how to protect AI servers (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Raspberry Pi honeypot masquerading as a private AI stack running Ollama, LM Studio, AutoGPT, LangServe, and an MCP server fronting an unaligned Qwen3-Coder 30B Heretic was indexed by Shodan within three hours and absorbed 113,000+ requests in a month. Of these, 23% probed AI capability endpoints such as /api/tags, /v1/models, /.cursor/rules, and /.well-known/mcp.json, and 175 active LLM-hijacking attempts in the final week targeted compute theft, API-proxy abuse against Anthropic, and .env credential exfiltration. The standardized LLM-Scanner tooling used for reconnaissance updated mid-experiment to detect canned-response honeypots, signaling a maturing shared toolchain among LLMjackers. Defenders should bind local model servers to localhost, gate remote access with OIDC/OAuth2 short-lived tokens rather than bare API keys, segment AI infrastructure with allowlists and TLS, issue separate tokens per MCP/LLM/RAG component, install EDR on AI hosts, and pipe prompt-and-response logs with consumption quotas into a SIEM with tamper-resistant retention.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2026%2F05%2F13%2Fentrypoint-hijacking%2F%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/wqGpVbAG8JC4dqDJVY9dhApstzhirTubUMYtF-IIjEo=452">
<span>
<strong>EntryPoint Hijacking (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EntryPoint hijacking overwrites the EntryPoint of legitimate DLLs such as kernelbase.dll, causing attacker code to execute when processes create threads. This avoids obvious thread-creation APIs and extends dwell time. Proof-of-concept tools such as EPI and LdrShuffle patch PEB loader structures, execute shellcode via thread pools or helper runners, then restore the original EntryPoint to keep processes stable. Detection relies on continuous scanning of PEB and LDR structures, comparing OriginalBase and DllBase, monitoring changes to EntryPoint memory types, and correlating suspicious OpenProcess and ReadProcessMemory activity with outbound traffic from sensitive processes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fllm-as-a-verifier.notion.site%2F%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/LpwKXRH-MJXSzL7xhn-1NjbBkibJRHA0GZUZIamURyk=452">
<span>
<strong>LLM-as-a-Verifier: A General-Purpose Verification Framework (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LLM-as-a-Judge is a common framework in which an LLM is tasked with reviewing an input, assigning it a score, and then selecting the highest-probability token. This framework frequently produces ties because the scoring granularity is too coarse. The authors introduce LLM-as-a-Verifier as an alternative framework that achieves higher decision accuracy and no ties by scaling the number of repeated verifications, the granularity of scoring tokens, and the decomposition of evaluation criteria.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F3QIKkEA%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/Gf6nr4RaCxhDG9XlQ3pWebKFdkpUT-_F7-T7PynY3rA=452">
<span>
<strong>One identity timeline for humans, machines, and AI agents (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Incident response still means stitching together Okta, AWS CloudTrail, Kubernetes, and GitHub logs. Teleport unifies behavior and context across every identity type β so you can investigate sessions, spot anomalies, and respond without jumping tools. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F3QIKkEA/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/CrPr9trInmgOcLgMcWXabaoM0jufBz2Qosf12dyeW94=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See how it works</strong></span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2Fopen-defense%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/JeZste_QjlvTzhgcS8nGsipLvWJUjTtdx1Iq6glkTeE=452">
<span>
<strong>Open Defense Initiative (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DepthFirst launched the Open Defense Initiative, offering up to $5 million in platform credits to maintainers of widely deployed open source projects to run autonomous vulnerability discovery and patch generation against their codebases ahead of frontier hacking capabilities reaching uncensored open-weight models. The company claims its harness, post-trained exploitability models, and full-system context found and fixed 12 memory corruption vulnerabilities in FFmpeg for $1,000 in compute that Anthropic's Mythos missed across several hundred scans costing roughly $10,000. FFmpeg, Envoy, and Kata have already signed on. Maintainers of downstream-critical projects can apply through a form, with proof-of-maintainership required before credits are issued.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fridgelinecyberdefence%2Fvanguard%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/D2qwv8v8cgTZLo1HsH73PZ28rzqsWopi7h4qa4hbhzw=452">
<span>
<strong>VanGuard (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VanGuard is a self-contained incident response toolkit that gives DFIR teams a single binary for triage, threat hunting, memory forensics, disk collection, remote operations, and Velociraptor management.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.exaforce.ai%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/H8VgkmG40Mzo9FEdXOUb6ovhKKT4O-jCIwoU-uYXzXY=452">
<span>
<strong>Exaforce (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Exaforce is an agentic SOC platform that uses autonomous Exabots to handle detection, triage, investigation, and response across cloud and SaaS environments powered by a real-time knowledge graph and multi-model AI engine.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fcanvas-hackers-shinyhunters-official-domain-suspended%2F%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/emHn7SlefwcOOna5iP-6U6N3RH496R5Hnbcn9txyhVI=452">
<span>
<strong>Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters' clearnet announcement domain, shinyhunte.rs, went offline on May 11 after Serbia's RNIDS registry suspended it, with the group confirming the takedown on its onion site and warning that the .rs domain may be reclaimed for impersonation. The group stated it will operate exclusively through its Tor-based leak infrastructure going forward, narrowing its public footprint following the Canvas LMS defacement campaign that disrupted universities across 11 US states. No agency has publicly claimed the action, leaving open whether RNIDS acted on its own initiative or on a referral from foreign law enforcement.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fgoogle-android-intrusion-logging-amnesty-spyware-detection%2F%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/qFDmCHcb4BJSDlOmi_4BeMR8ytA5CGxNyBcykGuVYl0=452">
<span>
<strong>Google and Amnesty International Teamed Up to Make it Harder for Spyware Vendors to Hide (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In partnership with Amnesty International, Google launched Intrusion Logging for Android as part of Android Advanced Protection mode. This mode is designed to track intrusions, such as the installation of spyware, on Android devices and to maintain long-term forensic logs for later investigation. The program does come with some caveats, including requiring a Google account, Android 16, and a Pixel device, as well as the logs being vulnerable to deletion by an attacker.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjoshuasaxe181906.substack.com%2Fp%2Fagainst-technocentrism-in-ai-safety%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/MHnywmDuqPJBTzf8lx9bZaBrHcxXIasQrENELFyhkuI=452">
<span>
<strong>Against Technocentrism in AI Safety (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Much of the AI safety focus is too heavily on technical aspects and on demonstrating techniques for abusing AI systems, rather than on incident data. The main risks that will emerge from agentic systems will come from human behavior, how much control we give over to these systems, and whether humans are incentivized to flag warning signs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fresources%2Fai-detection-and-response-aidr-a-zero-impact-operating-model-for-cloud-saas-ai-and-identity%3Futm_source=email%26utm_medium=tldr%26utm_campaign=aidr-whitepaper/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/LkmfhtcJhHJErTDnWaqiqhdw5M-6-rlaGAibEPE7hUo=452">
<span>
<strong>Posture-focused security alone won't stop AI-powered attacks (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Today, you need to defend with AI, defend your AI, and defend from AI. This Mitiga whitepaper explains why AI Detection and Response works where posture-based prevention operating models falter. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fresources%2Fai-detection-and-response-aidr-a-zero-impact-operating-model-for-cloud-saas-ai-and-identity%3Futm_source=email%26utm_medium=tldr%26utm_campaign=aidr-whitepaper/2/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/2W2Rd1-W0Pve8FZ6_c1NoJngNDqVAP2brz8zbjs6oTk=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get the whitepaper</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fpublic-sector%2F2026%2F05%2F13%2Fvietnam-to-develop-domestic-cloud-so-it-can-ditch-risky-overseas-operators-for-government-workloads%2F5239269%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/3suzgJgcEP_2ICg-G-4ALtSYjaAAqQ6cG-IHdnXxD-w=452">
<span>
<strong>Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prime Minister Le Minh Hung's Decision 808/QD-TTg named a sovereign cloud platform among 20 strategic technologies Vietnam will build by 2030 to phase foreign hyperscalers out of state workloads and curb data-leak and state-secret exposure, alongside a domestic next-gen firewall, SIEM, UEBA system, AI-integrated SOC, and quantum-resistant encryption.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4g4sL4/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/Sx54olf1IKCAw8Z0sgHmM47WuzycZKw88bZlEwQi0J0=452">
<span>
<strong>West Pharmaceutical Services hit by ransomware attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware attack on May 4 forced West Pharmaceutical Services to shut down and isolate its onβpremise infrastructure, disrupting global operations while core systems were restored.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.computerweekly.com%2Fnews%2F366642957%2FICO-fines-Cl0p-victim-South-Staffs-Water-over-data-breach%3Futm_source=tldrinfosec/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/R_uwoxmM8pcX2_DUmKt_8fRSiWx4wEK96qjeqvtCSAk=452">
<span>
<strong>ICO fines Cl0p victim South Staffs Water over data breach (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ICO fined South Staffordshire Water Β£964,900 (a 40% reduction for early admission and post-incident remediation) after Cl0p phished initial access in 2020, dwelled 20 months before escalating to domain admin in May 2022, and ultimately leaked 4.1 TB of data on 600,000+ customers and staff.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/RFO6iJC7qqeGz7AxjAQgwgwGcrifHKh3cK-MA5Gv1VQ=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/kMzB8eO4b1pESXDbIPJ1SPuFG0U7Ypqmfm4NXci5dco=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/7eC-YfNJaT6LMqKXbHDVh1_IM9a4azB9prRyHyhq42Q=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/YZijoys54pCWd17kIcd-Go49mf4hVxXiIJO_HQBZEpw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/5iMBrVk4WmF_C6zExs0TKYW4Ukr2O0yc69RJU8J51YM=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/hcRDcV6VjaClc3n6cgTJajuCE0E1RFfLE1k9rxczGH4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/xNtGJmC-XFeHldAqIxLx266XC_0iTrEOm_EMzZqF_eg=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/WmmqC2eu-cAzhpwroD8ZdYo7KZY9jmizTzjYwgULtOE=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/HHJyrD4lD8aUnGSxv5D5kPbJ89X_AqmF8a9UrWTcE78=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/q1GQ9ENmem2Bnk_XycIZOMQyw2CInCNwuDlOZe3tEVI=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=8635c956-4f82-11f1-a8dc-7b4e31590754%26pt=campaign%26pv=4%26spa=1778763732%26t=1778764062%26s=76b8dd8320c78c648182a80f9cc1a5c97d3bd17a2a7085ae76f144a55b97696e/1/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/FfPUDRcG7aUcNuv6SUjNH84kQF9DPBtNz3r0ATxfy0I=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e2699a01e-69a51741-65f6-44cd-8a9e-105850836694-000000/_2zz_AJ7dTmKJ-gmOSju06k5ceJFiRrbdWJaGMoudDo=452" style="display: none; width: 1px; height: 1px;">
</body></html>