<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Ubiquiti has announced patches to fix three critical vulnerabilities in its UniFi OS products, following recent patches for two vulnerabilities </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/kD29tixN5mZl8mpXJQpAsmMuGTUZMI--xDkY-WUEbjM=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/M6CvjqR2YFBOTt-wZR_zUE43nxVAJK9IBjjkCAi-3Vo=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=aecfad86-58de-11f1-aad3-d1ac07740850%26pt=campaign%26t=1779800871%26s=034d74de4561be70bcf2ab8e30f54e8f010ae59b0ebde3ac947ce2a05c5f0302/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/uaN9AxaGZUUV8ROUrkhQnVBqVXfTuKcWcKPenlDDSZw=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F845fbfb6-2ef2-44c7-ad19-3e5df5d12924%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=satori_brand_agentic_trust%26utm_content=reg_page_spring_of_satori_header_super_bowl_signals/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/DDMG6YhKuj3-b9jyU3hYQ05-cLF_NEdcuyQnoYfnvDI=452"><img src="https://images.tldr.tech/human.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Human"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-26</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F845fbfb6-2ef2-44c7-ad19-3e5df5d12924%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=satori_brand_agentic_trust%26utm_content=reg_page_spring_of_satori_header_super_bowl_signals/2/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/PdkB2NB3GMYh66dvUnCdVrIOveI23in2Uvj_eMJOxD8=452">
<span>
<strong>From Super Bowl Signals to World Cup Threats (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Join HUMAN's Satori Threat Intelligence team for a briefing and live Q&A on the biggest cyber and fraud trends shaping today's threat landscape.<p></p><p>Topics:</p><ul><li><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F845fbfb6-2ef2-44c7-ad19-3e5df5d12924%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=satori_brand_agentic_trust%26utm_content=reg_page_spring_of_satori_body_recent_threat_activity_surrounding/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/yWk-6wYToKTdoVQGxqlPI0_0EzIEUabl2N9jmkfLWyI=452" rel="noopener noreferrer nofollow" target="_blank"><span>Recent threat activity surrounding major global events</span></a> (like the Super Bowl) - and what it could signal ahead of the World Cup</li>
<li>How OpenClaw is accelerating automated abuse</li>
<li>How agentic traffic is reshaping both legitimate and malicious online activity</li>
</ul>
<p>Get insights from HUMAN Security researchers tracking these threats in the wild, and what security teams need to prepare for next.</p>
<p>📅 <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F845fbfb6-2ef2-44c7-ad19-3e5df5d12924%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=satori_brand_agentic_trust%26utm_content=reg_page_spring_of_satori_cta_june_2_10/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/up-EUYeguxk66WD8FXvDEK62qzC4QPwHdjTymDOJM_A=452" rel="noopener noreferrer nofollow" target="_blank"><span>June 2 | 10 AM PT / 1 PM ET</span></a></p>
<p>Speakers:
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Frondodox-botnet-2018-vulnerability-hijack-asus-routers%2F%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/Tqlqmbe1qi3ZuqCntOUukXdfR0EGb0N3ummWLcCQJ4s=452">
<span>
<strong>RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The RondoDox botnet has begun exploiting CVE-2018-5999, a critical (CVSS 9.8) unauthenticated configuration vulnerability in older ASUS routers, sending payloads that set the ateCommand_flag to 1, forcing the infosvr interface to accept external configuration changes, including admin password resets, against a population of over a million exposed devices. Despite public exploit code having existed since 2018, this is the first observed in-the-wild abuse, fitting RondoDox's pattern of stockpiling exploits (CVE associations tracked into the 170s) to build a DoS-focused, Mirai-style Linux botnet. Defenders running affected ASUS models should replace end-of-life hardware, block inbound access to the infosvr service, and monitor traffic to /vpnupload.cgi and config-change requests, since VulnCheck found that 56% of attacked edge devices in 2025 were consumer routers and 65% of botnet-exploited flaws were on unsupported tech.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzQLjmL/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/MY-3OOq0bCEHXnPx3lcTbM9EAYUqEREg-1r1Gg8MgA0=452">
<span>
<strong>Ghost CMS SQL Injection Flaw Exploited in Large-Scale ClickFix Campaign (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cybersecurity researchers have discovered multiple campaigns exploiting a vulnerability in Ghost CMS sites to inject malicious JavaScript. The vulnerability, which was patched in version 6.19.1, allows unauthenticated attackers to read arbitrary data from the website's database, including admin API keys. The malicious code serves as a loader that fingerprints victims and then serves a sale Cloudflare verification prompt on top of the article, which contains the ClickFix lure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FApuVpV/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/rOLBZ-V1602S-4zeHZyCVjOmGxYVuNcEVAMfjFnRrHQ=452">
<span>
<strong>Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ubiquiti has announced patches to fix three critical vulnerabilities in its UniFi OS products, following recent patches for two additional vulnerabilities. The vulnerabilities include: an improper access control flaw that could allow attackers to make unauthorized changes, a path traversal flaw that could allow strangers to access system files and hijack an account, and an improper input validation vulnerability that could lead to command injection. All of the vulnerabilities were reported via HackerOne.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sprocketsecurity.com%2Fblog%2Ftenant-enumeration-is-dead%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/HdC_AXACSFOYCJ8bAdJUpCxDuSy_386DTbAeKdy2l8Y=452">
<span>
<strong>Tenant Enumeration is Dead (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft has closed every unauthenticated path to full M365 tenant domain enumeration, first neutering the Autodiscover `GetFederationInformation` SOAP call in 2025 and then patching the ACS `/metadata/json/1` endpoint (mirrored across login.microsoftonline.com, sts.windows.net, and other identity hosts) across the board by May. Operators can still reconstruct most of that capability piecewise: resolve the tenant GUID via the unauthenticated OpenID config or ODC federation provider endpoints, recover the permanent `onmicrosoft.com` MOERA prefix from `selector1`/`selector2` DKIM CNAME records, fall back to MX brute-forcing of guessed prefixes, and use the authenticated Graph `findTenantInformationByDomainName` call when naming is unguessable. Defenders should treat DKIM CNAMEs as a tenant-name disclosure vector, monitor for the resulting SharePoint, OneDrive, and MDI host probing (`TENANTNAME-my.sharepoint.com`, `TENANTNAME.atp.azure.com`), and recognize that pre-built scan databases like azmap.dev now serves domain-to-tenant mappings instantly, so obscurity offers no protection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fe%2Fanalyzing-void-dokkaebi-invisibleferret-malware.html%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/ItKIvIaj9f1JhKN3LWpPMF6rJ_zW5VFDoPGyybyTpVE=452">
<span>
<strong>Analyzing Void Dokkaebi's Cython-Compiled InvisibleFerret Malware (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Void Dokkaebi (aka Famous Chollima) has migrated its InvisibleFerret stealer from readable Python scripts to Cython-compiled .pyd and .so extension modules that load via a generated .mod execution script, breaking script-based detections while preserving backdoor access, browser credential theft, keylogging, and cryptocurrency wallet trojanization. The kill chain runs BeaverTail (gjs) as a JavaScript downloader that fetches platform-specific binaries, with the mc module downgrading Chrome on macOS to restore Manifest V2 support for tampered MetaMask, Coinbase, and Phantom extensions, while the core XOR-then-Zlib deobfuscation logic remains unchanged from prior versions. Defenders should shift to binary-aware detection covering extension modules, embedded artifacts, and runtime scripts, hunt for module names like mod.pyd/pad.so/brw.so under .vscode paths, and recover C&C infrastructure such as 45[.]59[.]160[.]199 by applying the documented XOR routine to the execution scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Finfisical.com%2Fblog%2Fcredential-brokering-for-ai-agents%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/ZRREpX7q4QgVFWJpbjDOmHgF3KawGLstPGeXmmnId5I=452">
<span>
<strong>Credential Brokering for AI Agents, Explained (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agent builders face a core problem: agents need API keys and tokens to work, but prompt injection and malicious content can trick them into leaking environment variables or credentials. Credential brokering solves this by inserting a private proxy that holds real secrets, attaches them to outbound HTTPS requests, and keeps raw values away from the agent. Designs like Agent Vault run this broker on a separate host, pull secrets from a central store, authenticate agents, swap placeholders for real tokens, and enforce isolation and low-latency co-location so agents can hit targets like GitHub without ever seeing the underlying keys.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsanthsecurity%2Fkeyhog%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/JdLSRWXfPKb0McixBr5o3nnQS9hPVzyDHUzT62Zyrnc=452">
<span>
<strong>KeyHog (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KeyHog is a Rust secret scanner that compiles 891 TOML-defined service detectors into a Hyperscan NFA and routes scans to GPU, SIMD, or CPU backends, covering source trees, git history, Docker images, S3, and whole-system triage with decode-through preprocessing, companion-required validation, and per-detector Bayesian calibration to suppress false positives. Its self-reported benchmarks claim 96% recall on a synthetic set and 69% on a 15k-fixture corpus while beating Gitleaks and TruffleHog, but these are author-run numbers with no independent validation, and the v0.5.x version plus pre-1.0 status suggest the project is still maturing despite the broad feature surface. Run it gated in CI via SARIF output with a severity floor and baseline file, use --lockdown (mlock plus ptrace/coredump denial) when the scanner shares a host with live credentials, and reproduce the leaderboard against your own fixtures before trusting the comparison claims.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Friptideslabs%2Fkeyledger%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/eduyjfrX65Q7-CeeiQBmN9A-KF6WulmuWoVI4xJxYxw=452">
<span>
<strong>KeyLedger (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
KeyLedger is an interactive terminal dashboard that gives you a unified view of every API key issued across your AI providers, with health scoring, snapshot diffs, and encrypted storage.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FOFFENSAI%2Fscopeshift%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/glXoUeb_ovIb_udMsc4IhM3hdPnx-hPbiXUnqgi1_SA=452">
<span>
<strong>scopeshift (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
scopeshift is an automated tool to test AI models against scope manipulation by sitting in the network path of an LLM-driven offensive-security agent and lying about the things the agent uses to decide where it is and what it's allowed to touch.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FX8qqvx/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/r-kIVwVSPx6P8uG_SfJ_o3hHlXv_tJZGNMp2N5NWsxM=452">
<span>
<strong>Netherlands seizes 800 servers of hosting firm enabling cyberattacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch financial crime investigators (FIOD) arrested two men and seized 800 servers across data centers in Dronten and Schiphol-Rijk, targeting hosting infrastructure that authorities say provided financial resources to EU-sanctioned Russian and Belarusian entities and supported information-manipulation campaigns. The case centers on Stark Industries, founded just before Russia's 2022 invasion of Ukraine and sanctioned by the EU on May 20 last year, after which its infrastructure was reportedly transferred to a Dutch front company, WorkTitans B.V., operating as THE.Hosting and linked by De Volkskrant to DDoS attacks by the pro-Russian hacktivist group NoName057(16). The action illustrates how bulletproof-hosting takedowns increasingly hinge on sanctions enforcement and the financial trail rather than the technical attribution of individual attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJGCN7i/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/Wv0Yr3qwEW8AVhXOhkA5e0OsDzng16OQ4eo71IFA_yw=452">
<span>
<strong>A Deep Dive into Codex Sandbox Execution (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Following Codex releasing a writeup on their new Windows sandbox design, the author did a hands-on deep dive into how the sandbox works. Codex utilizes restricted tokens, synthetic SIDs, new users and a new group, and Firewall/WFP rules to create the sandbox. The author notes that there is a lack of logging built into the sandbox that significantly reduces observability.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F24%2Feveryone-is-navigating-ai-security-in-real-time-even-google%2F%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/CFY9L47Uh76Rqm5Vr4LdubeIskaJG4z5dRe2Tg1e90E=452">
<span>
<strong>Everyone is navigating AI security in real time — even Google (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Cloud COO Francis de Souza says companies need platform-level security from day one. Attack chains now move from breach to handoff in 22 seconds, down from eight hours. AI agents will expose old SharePoint servers and forgotten data nobody knew existed. Meanwhile, Google developers got hit with five-figure bills after API keys for Maps silently gained Gemini access as attackers drained $10,138 in 30 minutes from one account.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FcGzagS/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/EOTrOpAyT_t0H1pDziPIjMW2FdaWmGVeEFlIMlgw8t0=452">
<span>
<strong>Former US execs plead guilty to aiding tech support scammers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Former C.A. Cloud Attribution CEO Adam Young and CSO Harrison Gevirtz pleaded guilty to misprision of a felony for knowingly supplying call-tracking, rotating-number, and call-forwarding services to telemarketing and tech support fraud operations between 2017 and April 2022.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fcisco-patches-cvss-100-secure-workload.html%3Futm_source=tldrinfosec/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/cPJM_mhvuj8eW2U60qrTOO-H0zBxKp363nHIShENDUs=452">
<span>
<strong>Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cisco fixed CVE-2026-20223, a CVSS 10.0 bug in Secure Workload's REST API that stems from missing validation and authentication on API endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4NmXJ8/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/9Q5khVi3e0rnuC5_W_cBqHjaxPSNo9bUWsrUimN4-6w=452">
<span>
<strong>266,000 Affected by Data Breach at Radiology Associates of Richmond (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Radiology Associates of Richmond reports that attackers accessed internal systems around July 25, 2025, and stole files containing protected health information for roughly 266,000 people.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/CWFOPlLsNFXb-14107TvDucynb6Pc5oWGjPFwC9aSxM=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/77vIshzsK_wGTK3iXzfWoAVcGVz3ZGuSxYoh-HkYY2I=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/bCVel-5FfRA1ZapXAbLKqSMdmL93Wg-RrpRhJnyDT4Q=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/qhwxeQdlD3JuM-o_tVci-XnebOljmfazYtsKSrXP6bw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/84Er8E6IncoOpOQw8-GuGahD10SAhWNE4B4A1peFSwg=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/znesQvszWEgufBlSoXt6xWfQd8YtHS4bHxp6j12bZPI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/UP1AlpiWnbZ4YIRaHepUXQAgp80K9ArbFdtlvgoXZKM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/jT1RO4nJsMWOI-rGscvXKsvhpWhdj_C88ySlXhc9LcU=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/KdqpcLMYgP3i-kDTykKusVsXhJxmVUBKw6k9klgLpIY=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/URzDbyQa5DcERm02AdmtDDquTnslbAje2jL52JdmrYI=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=aecfad86-58de-11f1-aad3-d1ac07740850%26pt=campaign%26pv=4%26spa=1779800560%26t=1779800871%26s=1ae7eb01f546ac5dc22ca2ae4d58cc8ac837faf2a7d6b8197b404e70ba658dfc/1/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/hOZfs4wT1znKm2eabd6HSip4k0d0g0_gi4XKLyFzWEE=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e64661144-4fa3906a-8934-459b-af03-bae539cf4d79-000000/bh4G4Owt_TCvNYPt7HFLNhQeI4LhcUewjKClUKgO2NU=452" style="display: none; width: 1px; height: 1px;">
</body></html>