<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Rapid7 researchers disclosed a CVSS 10.0 authentication bypass vulnerability in Cisco Catalyst SD-WAN components. The flaw allows attackers β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/KPoEPVQOaBoW7nKfKn0QWD85T12ilIMkL5Q_9DA2jH0=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/z2LB8DAW-UlDqJWQrCeEcwDFXssKIX5FzJgRSUpnzJA=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0303f642-5433-11f1-b5e8-114521f04d65%26pt=campaign%26t=1779282393%26s=7041f59712556b3cc0c170445f12969fb2f5eb319cedbf666f42c889e9ab8a06/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/YdkmI74bgeWq3y3H4zGFetrkRZuxKnUPHqzctT4xOIs=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/Mk6L01nyVpUWsN5ORPWBMGu6hRHnXgYLpTupR5cR7CY=452"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-20</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/2/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/av0soNZXN8aO_WKOE55LpaKbU1TpSRvnTCH1bgQSc38=452">
<span>
<strong>Webinar: Access management for AI agents (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agents and automation are reshaping access management. They use API tokens and service accounts across IDEs, scripts, and CI pipelines. These credentials are created on developer machines and used by machine workflows.<p></p><p>As AI adoption increases, security teams face growing secret sprawl outside the visibility of traditional controls.</p><p>In this webinar, we'll explore how organizations can adopt AI and automation without expanding credential risk.<br><br>Key Takeaways: </p><ul><li>Why AI agents and machine identities expand access risk</li><li>Where non-human credential blind spots emerge</li><li>How to secure credentials at time of use</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fsolving-the-access-trust-gap-in-the-age-of-ai-and-automation%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_unified-access_wb_solving-the-access-trust-gap-in-the-age-of-ai-and-automation_sa%26utm_content=newsletter_042226/3/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/1eDBYHIqqtl_6VVf3afMbBoLPOEvLRTJRZr8b1uZhss=452" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.resecurity.com%2Fblog%2Farticle%2Fcve-2026-20182-unauthenticated-cisco-sd-wan-control-plane-compromise-via-vhub-authentication-bypass%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/WST0j-m7ZYVjihro5XchpvgC-cp5uXz90brz_Ah6n1w=452">
<span>
<strong>CVE-2026-20182: Unauthenticated Cisco SD-WAN Control-Plane Compromise via vHub Authentication Bypass (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rapid7 researchers disclosed a CVSS 10.0 authentication bypass vulnerability in Cisco Catalyst SD-WAN components. The flaw allows attackers to forge device authentication via a crafted DTLS session, potentially enabling persistent unauthorized access. Cisco recommends upgrading affected devices to specified firmware versions and reviewing logs for suspicious activity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Faznehp/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/82-zlEAdWYE8Vn78lYxWy8-BvvhfJzjJBm5HCkKl2lY=452">
<span>
<strong>American Lending Center Data Breach Affects 123,000 Individuals (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
American Lending Center, a California nonβbank lender managing a $3 billion smallβbusiness loan portfolio, reported a ransomware attack in July 2025 that exposed names, dates of birth, and SSNs of over 123,000 people. The attacker accessed internal systems and files with sensitive data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fdrupal-to-release-urgent-core-security.html%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/Abcb_hHnlDz4NY2hnEC6l_ORIsIjNwhWhZXv5cdAzBU=452">
<span>
<strong>Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Drupal will ship core security releases on May 20 that cover supported 11.x and 10.x branches. Exploits may appear soon after. Admins should preβupdate to the latest 11.3.x, 11.2.x, 10.6.x, or 10.5.x patches and then apply the May 20 fixes quickly. Older 11.1/11.0, 10.4β10.0, 9.x, and 8.x sites get specific minimum versions and bestβeffort patches, while Drupal 7 is not affected.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sentinelone.com%2Fblog%2Fshub-reaper-macos-stealer-spoofs-apple-google-and-microsoft-in-a-single-attack-chain%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/lRaIj7PwLIWnRNdmbeTe0v8S_-jEKd2bcc3tgxcDHhY=452">
<span>
<strong>SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SentinelOne identified a new SHub Stealer variant tagged "Reaper" that uses fake WeChat and Miro installers hosted on the typo-squatted mlcrosoft[.]co[.]com domain, leveraging the applescript:// URL scheme to launch Script Editor with a base64-decoded payload that bypasses Apple's Tahoe 26.4 ClickFix mitigation and skips CIS-region hosts via com.apple.HIToolbox.plist locale checks. The build adds an AMOS-style Filegrabber routine that exfiltrates .docx, .wallet, .key, .json, and .rdp files in 70MB chunks to hebsbsbzjsjshduxbs[.]xyz, hijacks Exodus, Atomic Wallet, Ledger Live, and Trezor Suite by replacing app.asar with ad hoc code-signed payloads, and installs a LaunchAgent backdoor masquerading as com.google.keystone.agent.plist that beacons every 60 seconds for remote code execution. Defenders should hunt for unexpected osascript activity following Script Editor execution, LaunchAgents created under Google or Apple namespaces in ~/Library/Application Support/, and outbound traffic to the listed C2 endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecuritylabs.datadoghq.com%2Farticles%2Fintroducing-pathfinding-labs%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/XvPY3g9bf4xfZJLHeDgFUuw3HbJni3PPylw7DssNILg=452">
<span>
<strong>Pathfinding Labs: Deploy, test, and learn from 100+ intentionally vulnerable AWS environments (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog's Pathfinding Labs is a set of more than 100 intentionally vulnerable AWS environments built in Terraform and driven by a plabs CLI, mapped to the pathfinding.cloud privilege escalation catalog. Labs cover self-escalation, multi-hop, cross-account, CSPM misconfigs, and toxic combinations, each with a scripted demo_attack.sh path for repeatable exploitation. Teams deploy labs into sandbox AWS accounts, then use commands like plabs enable, plabs apply, plabs demo, and plabs destroy to practice attacks and validate CSPM and graph-based posture tools against known misconfigurations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Fcyber-frontier-models%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/BY0M67JS0Hwi32zNR-FVP-iUFX69liEenUzNFPuhNj0=452">
<span>
<strong>Project Glasswing: what Mythos showed us (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare tested Anthropic's Mythos Preview against 50+ internal repositories and observed the model chaining low-severity primitives (use-after-free, arbitrary read/write, and ROP) into working exploits, then self-validating findings by compiling and executing PoCs in a scratch environment. A purpose-built harness (Recon, Hunt, Validate, Gapfill, Dedupe, Trace, Feedback, and Report) outperformed generic coding agents by issuing narrow parallel tasks scoped to one attack class plus a trust boundary, with an adversarial second agent that cut hedged false positives dominant in memory-unsafe-language scans. Model refusals proved inconsistent across semantically equivalent prompts, and faster patching alone fails under two-hour SLAs because skipping regression testing ships worse bugs. Defenders should pair AI-assisted discovery with architectural mitigations like WAF reachability blocks, intra-app isolation, and synchronized fleet-wide rollout.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fopenbashok%2Fpromptzero%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/Dv-1t9EKY8-M161gaF_gl8OuPWtIC9aS1xhjkYdmEvE=452">
<span>
<strong>PromptZero (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PromptZero is a FastAPI drop-in proxy for api.anthropic.com that sanitizes prompts through a Presidio+spaCy NLP layer (en/es) plus country-specific regex covering Argentina DNI/CUIT, Chile RUT, Spain DNI/NIE, Mexico CURP/RFC, Colombia CC, Uruguay CI, alongside IPv4/IPv6, hostnames, API keys, and IBANs. A session-scoped bidirectional mapping table swaps real values for synthetic equivalents (IPs to 127.0.0.x, hostnames to .localhost per RFC 6761) before forwarding to Claude, then restores originals in the response, with /stats and /sessions/{id}/mappings endpoints exposing redaction counts and the mapping table for audit. Repo sits at v2.3.0 across 20 commits with 0 stars, so validate span coverage on your own corpora before routing production traffic through it.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ffalcosecurity%2Fprempti%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/Yi0Du35tDQP8QwDyuS8hs_sN0Oe0b_KKYEeaj8IJk6I=452">
<span>
<strong>Prempti (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Prempti introduces Falco to the world of AI coding agents. It provides guardrails that can either deny actions or prompt for confirmation of unwanted behaviors. Additionally, it offers real-time visibility into every tool call that your coding agent makes, including shell commands, file reads and writes, and API calls. Both features are driven by Falco rules that you can customize to suit your workflow.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fusestrix%2Fstrix%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/cF65PZAYoQtZlLndfKDqDeAfQFGWeTvcgA9tRklAeac=452">
<span>
<strong>Strix (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Strix provides autonomous AI agents that dynamically run code, find vulnerabilities, and validate them with real-world proofs of concept.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdocs.cloud.google.com%2Fdocs%2Fsecurity%2Fthreat-model%2Fbigquery-threat-model%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/oRJoH9wNrOo-AwWUCIn8lPnniXgthFEJsVShw_MxIKo=452">
<span>
<strong>BigQuery threat model report (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Cloud published a STRIDE/MITRE ATT&CK-mapped threat model covering 14 BigQuery attack vectors, including schema tampering via tables.patch, IAM allow-policy escalation through datasets.update and iam.serviceAccounts.actAs, confused-deputy abuse of downstream Cloud Functions/Dataflow, exfiltration via WRITE_TRUNCATE load jobs or cross-project export destinations, allUsers/allAuthenticatedUsers dataset exposure, stealth persistence through authorized views and scheduled queries, and cost-based DoS, with mitigations centered on VPC Service Controls perimeters, least-privilege scoping, constraints/iam.disableServiceAccountKeyCreation, and maximumBytesBilled custom quotas.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fgovernment-backed-hackers-cloudflare-malaysia-espionage%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/iowx8oy573RzBaDbBCkwBlRMQJj5MKlBm8AlylI6mbA=452">
<span>
<strong>Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oasis Security tracked a multi-year espionage operation tied to Malaysian government-linked networks that staged exfiltrated data into Cloudflare R2 buckets via a Python uploader (gen_photo_upload.py), pulling COPhoto blobs from SQL and pushing them to cloudflarestorage.com via curl.exe with AWS Sig V4 signing, with resume logic keyed to the last uploaded COBiodataID. C2 servers stayed off public scanners by returning different responses based on the caller and by gating access through specific paths or protocols, while operators rotated and repurposed infrastructure over the years rather than abandoning it between campaigns. The findings flag a broader shift toward ephemeral storage buckets and CDN-fronted domains that evade domain-reputation controls, pushing defenders toward outbound-connection inspection and behavior-based detection rather than allow-listing trusted providers like Cloudflare.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2026%2F05%2Fcisa-admin-leaked-aws-govcloud-keys-on-github%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/pn-PDt8ZlWyx5qHkrv75rRGSaapWfToD7m6tOGxGf6I=452">
<span>
<strong>CISA Admin Leaked AWS GovCloud Keys on Github (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A CISA contractor used a public GitHub repo as a working scratchpad, exposing AWS GovCloud admin keys, plaintext passwords, and internal tooling details for months. GitGuardian flagged the leak, and researcher Philippe Caturegli confirmed the keys still worked for 48 hours after CISA was notified. Weak passwords and disabled GitHub secret-scanning point to basic hygiene and oversight failures at an already understaffed agency.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4172591%2Fmicrosoft-may-security-patch-fails-for-some-due-to-boot-partition-size-glitch.html%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/A1az0qL0tbHSLX2aQDaHG-Z8szHoBvABj0KJckoNGMk=452">
<span>
<strong>Microsoft May security patch fails for some due to boot partition size glitch (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's May Security Update silently rolls back at 35-36% reboot completion on Windows 11 devices with under ~10MB free on the EFI System Partition, leaving systems unpatched until admins either apply Microsoft's registry workaround or expand the ESP to 1.5GB.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F19%2Fhackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack%2F%3Futm_source=tldrinfosec/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/klYuEz0j-XAaW7VMHhSxuT1OF2e5_g1SYYtZcUDOOq4=452">
<span>
<strong>Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers hijacked a developer account and quickly distributed over 600 malicious versions across 317 npm packages to steal credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FRItiDy/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/_4OmosrYHPnpigFpVC6OoQnPZFeA7c30410ayCpTEXU=452">
<span>
<strong>Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Verizon's 2026 DBIR analyzed 31,000 incidents and 22,000+ confirmed breaches (nearly double 2024's 12,195).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/QilNSRlGJYbbAh9PmOjFXPjV4a7kxOtCFp_9fpcc4XU=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/-UbP80fbBQQIKaUf7rVCOfvNRhIhqZzsoQg9rYq_Hmw=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/13zA9NO7LUuEfhLcx2GejCeAiV4X_E515hsYsohYPSU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/-72Dz2Q9qtINorBegkByut_CbBSMUMk1DVnvesCDcHA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/P6zajoYn0vWiKmUmQ_iZKJn7A9ivNvu3Y7-meDkg6Z8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/mn1SQwwo4PNzp0uo-s8k6LGCa-Vnn_UKqHQbHzm_WOE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/6TGZCebeiyziq0Xh7WRaxpILP_2Jp4spjphte8SUuaI=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/hJpu8_xe0-YEjRfa4WM1752pniC0bWF74R3zWJBv9pg=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/HyssifeaUw-ElJJGRDGJT41U1HtkuGUYlNps7743yPg=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/Tf18TTWvuSf1zDmsvsLv-QtNqtAAZXs26yNu9NS02eo=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=0303f642-5433-11f1-b5e8-114521f04d65%26pt=campaign%26pv=4%26spa=1779282049%26t=1779282393%26s=e613c7b723e84d846b53554a7b49ccef63a0832305ef0b167f0a9de679f54f39/1/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/si6oVGlkbkBNGlGRat7Qz3DKUZT_qSzxMocm0oJcRmw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e457eba84-681bb99c-2f8e-4ea2-b08f-ad73fcf7719d-000000/3uhc0Ate1iIuw-DLKn1vFCz2etAfu1s2gsNVQvAbCsk=452" style="display: none; width: 1px; height: 1px;">
</body></html>