<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">OpenAI published a security advisory stating that two employees' devices were compromised as part of the TanStack supply chain compromise โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/7K9sQGU4hkUX1A4sIEEjiMyJTXhgbAwMDjDgjMHOG2k=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/R5CL-JlrY_K3OuVb4z54kqO-eqB3SjHrPkXFF3l5F5U=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9b79157c-5025-11f1-ba3c-89339bd7acb1%26pt=campaign%26t=1778850474%26s=b297cff2d690b701feaf38d5d11054467445825287947c23ae18972ffb937fa0/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/haCvy1_5a7_DtaTedBYie_dMvlxUlW38rYT9oV45H0o=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260515/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/Nt-xX0eO0cPz2ElMVo5m0PjeP_nEo_vE1KEQzLGV1Ac=452"><img src="https://images.tldr.tech/cato2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Cato Networks"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-15</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260515/2/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/jGwt4J5-IZAnImaST4vW_TzILNo1PhVm8Oe45TtF130=452">
<span>
<strong>Last chance to see Cato, Microsoft, and Forrester on AI security at SASEfy 2026 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI and risk go hand in hand. But at <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260515/3/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/PQmFHnhy-wgBU0mH77iz-UZkcG2T8CNVik2qBEzsT8w=452" rel="noopener noreferrer nofollow" target="_blank"><span>SASEfy 2026</span></a>, you'll learn how to keep the risk at arm's length.
<p></p>
<p>Join Cato Networks, Microsoft, Forrester, and Dayforce for this<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260515/4/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/hCfVrvehdhwjEGIBAcm1qVIZorGPL6o8LNpLUotYnuU=452" rel="noopener noreferrer nofollow" target="_blank"><span> free virtual summit</span></a> focused on the ways leaders secure AI in practice. </p>
<p>Join live on May 20 to learn how to: </p>
<p>1๏ธโฃ Identify where AI risk exists </p>
<p>2๏ธโฃ Secure and govern AI without added complexity </p>
<p>3๏ธโฃ Adapt Zero Trust for agentic AI </p>
<p>Can't attend? <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.catonetworks.com%2Fresources%2Fsasefy-2026%2F%3Futm_campaign=sasefy-2026%26utm_source=tldr-infosec%26utm_medium=newsletter%26utm_content=20260515/5/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/s4nddfTWPDX_5CzXE4sozMT_d8vLnIgsoLQ7B6Ok2Hc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Register for the recording</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fg0JlGg/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/H9CTiLHluYr4PpzUqvBxQ8mvXm8oAYAO8TpEdtYPMbc=452">
<span>
<strong>One Is a Fluke, 3 Is a Pattern: MCP Back-End Vulnerabilities (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Akamai researchers reviewed about 300 MCP servers and found concrete back-end flaws in Apache Doris, Apache Pinot, and Alibaba RDS implementations, including exploitable SQL injection, unauthenticated HTTP access to tools, and unauthenticated retrieval of RAG table structures. Attackers who can reach exposed MCP endpoints can run arbitrary SELECT queries or inject SQL into Doris via an unchecked db_name parameter, and exfiltrate schema metadata from Alibaba's RDS MCP.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FOsWG0B/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/19f52Jco_GyCQpmJ-iSNEjHtgrG7mf3P3wwqIFO9Or4=452">
<span>
<strong>Hackers Exploit Auth Bypass Flaw in Burst Statistics WordPress Plugin (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WordPress security company WordFence is reporting a new authentication bypass vulnerability in the Burst Statistics plugin. Burst Statistics is a privacy-focused analytics plugin that is active on over 200k sites. The vulnerability stems from the plugin incorrectly interpreting the `wp_authenticate_application_password` function and could be abused by attackers to authenticate as any admin whose username they know.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FRxUjN7/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/OjhjzQgel5aQ9WtmToM-Bj8_FoNod7d4JWx33JBRXh4=452">
<span>
<strong>OpenAI Confirms Security Breach in TanStack Supply Chain Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI published a security advisory stating that two employees' devices were compromised as part of the TanStack supply chain compromise. OpenAI said the incident did not impact customer data, production systems, intellectual property, or deployed software, but is rotating code signing certificates as a precaution.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐ง </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdepthfirst.com%2Fresearch%2Fnginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/URI6nqrg6f9qK00y1LzrlHGBHwVMIokiVBuJuYdknfw=452">
<span>
<strong>NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Depthfirst's analysis of NGINX found four remote memory corruption bugs, including the heap overflow CVE-2026-42945 in the rewrite/set script engine, which has been present since 2008 in widely deployed NGINX and F5 products. The bug lets a crafted rewrite plus set sequence miscompute buffer length, then overflow heap data with escaped URI bytes, which attackers use to corrupt ngx_pool cleanup pointers and execute commands via the system. Reliable exploitation leverages deterministic worker heaps, cross-request heap feng shui, and binary POST body sprays, so anyone running vulnerable NGINX with rewrite/set needs urgent patching and config review.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.varonis.com%2Fblog%2Fbluekit%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/ufx6dsKPRUbojxSeFj7whUwbjS81--FVBgQ0Ml8Zt2I=452">
<span>
<strong>Meet Bluekit: The AI-Powered All-in-One Phishing Kit (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Varonis Threat Labs recently discovered a new phishing kit called Bluekit that advertises 40+ website templates, automated domain purchase and registration, 2FA support, spoofing, geolocation emulation, Telegram and browser notifications, antibot cloaking, and an AI assistant. It obtained access to the toolkit to test the AI assistant and discovered that it offers an abliterated Llama default alongside commercial offerings like GPT-4.1, Sonnet 4, Gemini, and Deepseek variants. Varonis found that the actual capabilities were much more limited than expected and that only a generic campaign draft was generated, with many placeholders.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.doyensec.com%2F2026%2F05%2F05%2Fcloudsectidbits-masso-cognito-sso.html%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/HN_9aJ2ggCCu1W80w9q1PgitUTUkfOc8-_qp1L00h2Q=452">
<span>
<strong>The Danger of Multi-SSO AWS Cognito User Pools (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Doyensec detailed four attack patterns against multi-tenant AWS Cognito User Pools that accept tenant-supplied OIDC/SAML IdPs: JIT ghost identity injection when PreSignUp_ExternalProvider lacks domain checks, trigger-source gaps where constraints applied only to PreAuthentication_Authentication skip first federated logins, sub-splitting attacks against ProviderName_sub userName parsing, and IdpIdentifier hijacks (e.g., claiming gmail.com) when domain ownership is not verified. Homoglyph collisions in ProviderName (Cyrillic ะต vs ASCII e) further enable split-identity confusion across Hosted UI, audit logs, and Lambda consumers. Defenders should branch PreSignUp logic across all triggerSource values, parse usernames with split("_", 1) consistently in both guard and consumer, derive tenant/role attributes server-side rather than via AttributeMapping, and gate IdpIdentifier claims behind verified domain ownership; Doyensec also released maSSO, a weaponized OIDC/SAML/SCIM IdP for SP testing.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐งโ๐ป</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fprompt.security%2Fai-agent-foundry%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/13bRWacz_ySg2oE7RzP9vBxyNmufXiX-eBkD7YKU--k=452">
<span>
<strong>Run the AI your team is already using, securely (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agents spun up without governance have zero visibility and no audit trail. Give them a sanctioned path with <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fprompt.security%2Fai-agent-foundry/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/IJ5e7Ao8MvXzaoRtFZ2udBbu42fyfwpdEHsTwl7-Y1U=452" rel="noopener noreferrer nofollow" target="_blank"><span>Agent Foundry by Prompt Security</span></a>. Run every agent instance in a SentinelOne-protected container on isolated K8 pods with centralized policy, audit, and real-time runtime protection. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fprompt.security%2Fai-agent-foundry/2/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/tR6WM6cdaWVbk4en28B--zg-56UZ9xIq2iHzmuFUhI8=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join the waitlist</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sweet.security%2F%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/PdpJz9wkee7V5DlJ7H5ThujuORRNzIV9T2-tpFO6pgQ=452">
<span>
<strong>Sweet Security - Sweet Attack (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sweet Attack is an automated red teaming platform that maps each customer's runtime environment and continuously tests real attack paths using indexed topology, L7 exposure, code, identities, and live behavior to surface exploitable chains and concrete remediation steps.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fmicrosoft%2FAntiSSRF%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/ABWQJrBSHg_u7uGVEK6BhFFe-ftFmBoejQO7RClchv0=452">
<span>
<strong>Microsoft AntiSSRF (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Microsoft AntiSSRF library is a securely developed, exhaustively tested secure code library that provides robust URL validation to mitigate the risks of Server-Side Request Forgery (SSRF).
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Freferefref%2FOpenAIPot%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/xjI-FhylV6Kh0CzD72kqqpB4EenHDRJ5VwIggtibQrw=452">
<span>
<strong>OpenAIPot (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAIPot is a deceptive OpenAPI gateway that serves as a honeypot to detect unauthorized API usage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Ffragnesia-linux-kernel-local-privilege-escalation-via-esp-in-tcp%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/rpSMgk7Wd9d1ohb8Lf6VLW21qhZoD58hc2rCDUF2M_I=452">
<span>
<strong>Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fragnesia is a Linux kernel LPE bug in XFRM ESP-in-TCP that corrupts page-cache data by decrypting queued TCP data in-place, letting an unprivileged user flip bytes in file-backed pages and hijack binaries like /usr/bin/su for a root shell. Mitigation focuses on kernel patches, disabling esp4/esp6/rxrpc, tightening unprivileged namespaces, and monitoring XFRM and AF_ALG activity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/5a9u1AGoLDfcsQeGlmfB189eA6_Us7vwzAuCe9sUD7I=452">
<span>
<strong>Mystery Microsoft bug leaker keeps the zero-days coming (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
YellowKey is a BitLocker bypass that requires physical access via USB, and GreenPlasma, a privilege escalation flaw granting SYSTEM access. It grants unrestricted shell access to BitLocker-protected machines, turning stolen laptops into breach notifications. It can be mitigated with a BitLocker PIN and BIOS password. There is no current mitigation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmobilesyrup.com%2F2026%2F05%2F14%2Fsignal-threatens-canada-exit-over-law-bill-c-22%2F%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/OjLkm2j8yxLT-KRMc8Nk5ZsKiusz8Z6w-QN-6VT2CPM=452">
<span>
<strong>Signal Threatens Canada Exit Over New Law (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Signal has warned that it will leave Canada if forced to comply with the proposed Bill C-22, known as the lawful access bill. Among other provisions, this bill would allow the Canadian government to create encryption backdoors to access confidential communications. Apple has also stated that it will not add a backdoor to its end-to-end encryption and may be unable to release certain features in Canada if the law passes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">โก</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FE3fkIz/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/uShYS2LpJacysePjd1X3-qXez1VeoAlnwDgO7izODM8=452">
<span>
<strong>High-Severity Vulnerability Patched in VMware Fusion (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Broadcom shipped an update to VMware Fusion to fix CVE-2026-41702, a TOCTOU bug in a SETUID binary that lets a local non-admin user escalate to root on macOS hosts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fteampcp-mistral-ai-repositories-mini-shai-hulud-attack%2F%3Futm_source=tldrinfosec/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/_ig9F8pYlNN8DIjX6eADCYBwGfHz41b_MUPrjl6Wij4=452">
<span>
<strong>TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A TeamPCP-linked forum account is selling roughly 5GB of allegedly internal Mistral AI source code spanning ~450 repositories for $25,000, surfacing days after the same actor was tied to the Mini Shai-Hulud supply chain campaign that hijacked OpenID Connect tokens to poison npm and PyPI packages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FrwiwVM/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/pR25goO35hil46KaApnw7c6_5XKkeUpNSuo9U1cc3CU=452">
<span>
<strong>KongTuke hackers now use Microsoft Teams for corporate breaches (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Initial access broker KongTuke is rotating through five Microsoft 365 tenants to impersonate IT staff in external Teams chats and trick employees into running PowerShell that pulls a Dropbox ZIP and launches an evolved ModeloRAT with a five-server C2 pool, reverse shell and TCP backdoor fallbacks, and a SYSTEM-level scheduled task that survives the implant's own self-destruct routine.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/IJW55tb8EQuUNzPpgRXpKSJjJBrSkGP54mwmCWLwel0=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/1iOVpwPRg_Rrz9x_Q061OIUWILnd97IrcueuoBdPTUQ=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ๐ฐ
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/0PrZNuaNbide29rzbEQfEm_8xcOQEuGk_UBvgUT-ZA4=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ๐ผ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/I4-tUSBk4kGUhjkkj5IPLFmhFHEkGz-bskipJZKh4lY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/pEPwq3LpG--LEBH8Ey1H7P1pRGSolwvyJgsl-0HI5n8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/WwmUyKTia9JtVl2Knn1PKomJJuqdWXyQY-44oWjqUy0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/miTRtmUvJLIAXQpWfeqDRCJzRAo4xfxMrxR3QQETmZ8=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/i4DNdzVzbyxGIxLhRwrTn5XVYjuP7xgK9EBaC2u0NFI=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/ZL_K5eOlPBxtHF6TKy-zJcOa2a_ib7UZMVYGLDK2oXs=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/RSsWz_Sdin5-Bio8gmHn3l4mo6LAT2W0YB6lO0-qff0=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9b79157c-5025-11f1-ba3c-89339bd7acb1%26pt=campaign%26pv=4%26spa=1778850152%26t=1778850474%26s=4cec97e8c8ac0d868b4f0090a26be8a7efea5a826eaf488b430be4ae83577aa3/1/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/5pzuQKjj9RXlO4Mv26HigXWnICqhz_2aNzFYp_phkSI=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e2bc02bf0-4383312c-de11-4d8b-9f91-a14eef035004-000000/pu47Yg4uVIIUbq9EQWAiorx2KykUmvLYeJ28sjdT_ac=452" style="display: none; width: 1px; height: 1px;">
</body></html>