<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Iran-linked Seedworm (MuddyWater) ran an early-2026 espionage campaign that targeted nine organizations across nine countries β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/i7gomqVyFau3E5QqHV5XBPrXm-Wyw47HKLhPf42ksFw=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/QI2A24ybH83BX2debcKhpsuQbJkMb-WdrNA-tBfuXIU=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=010336f0-5b27-11f1-8245-ed6a8e23021a%26pt=campaign%26t=1780059950%26s=b86241db8d626573f539de49aa0864bd088fdee1e23fd4d23143277b40ba2e6f/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/wdMZZLczYKYP5NBcYQCGeJljmzpWtb1Do0nIcbx725U=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdiscover.picussecurity.com%2Fstart-your-free-trial%3Futm_campaign=BAS%2520Campaign%25202023%252F2024%26utm_source=tldr%26utm_medium=newsletter_header/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/CLvSq7MDqz661SUnzxT3GYZvqu2zOkHFjDa0M4nBRTM=452"><img src="https://images.tldr.tech/picus.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Picus"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-05-29</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdiscover.picussecurity.com%2Fstart-your-free-trial%3Futm_campaign=BAS%2520Campaign%25202023%252F2024%26utm_source=tldr%26utm_medium=newsletter_header/2/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/7QM4H6d3gEoTmUcQ3HONSazpKZpyrUwBwAupEAKsp30=452">
<span>
<strong>Double your threat prevention rate in 90 days (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most security controls block fewer threats than teams assume. Picus customers start at 37% prevention effectiveness and reach 74% within three months by simulating 30,000+ real-world adversary actions against their actual firewall, EDR, and SIEM stack (<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04gMzVw0%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=2026-05-29_Primary_Picus%2BSecurity%26utm_content=body_it_yourself_14/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/-hbcwW4_M7xFCOV0e7b73sjnav-MtZm1_anmmTexoXs=452" rel="noopener noreferrer nofollow" target="_blank"><span>try it yourself for 14 days</span></a>).
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04gM5580%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=2026-05-29_Primary_Picus%2BSecurity%26utm_content=body_ebook/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/VtmXKg54wNT_sJXSPRUyuRpWoOco7TXDMLEEChpsr_o=452" rel="noopener noreferrer nofollow" target="_blank"><span>This free eBook</span></a> walks through the full process:</p>
<p>β <strong>Measure what's working:</strong> See exactly what gets blocked, missed, or undetected across your prevention and detection layers.</p>
<p>β <strong>Fix gaps fast:</strong> Get vendor-specific signatures and SIGMA detection rules mapped to your exact stack.</p>
<p>β <strong>Track improvement:</strong> Benchmark your scores against industry peers and map ATT&CK coverage over time.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04gM5580%3Futm_source=TLDR%26utm_medium=newsletter%26utm_campaign=2026-05-29_Primary_Picus%2BSecurity%26utm_content=cta_download_ebook/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/OVopBY_a79HOmoLaN0RippOgkqNAklQEbqZEr6IuLvY=452" rel="noopener noreferrer nofollow" target="_blank"><span>Download the free eBook β</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fseedworm-apt-abuses-signed-fortemedia-2%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/GZXBvT7SEeDCpv70Y_u-tI0DsslfwLji9vLsFRsu0XI=452">
<span>
<strong>Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Iran-linked Seedworm (MuddyWater) ran an early-2026 espionage campaign that targeted nine organizations across nine countries, abusing legitimate Fortemedia (fmapp.exe) and SentinelOne (sentinelmemoryscanner.exe) binaries to sideload malicious DLLs containing the ChromElevator browser-data stealer. The operators orchestrated the chain via node.exe rather than PowerShell to evade detection, established registry-key persistence, deployed credential theft tools in redundant waves, and exfiltrated data via the public file-transfer service sendit[.]sh to blend into normal cloud traffic. Defenders should monitor for unsigned DLLs loaded alongside signed executables, flag unexpected Node.js activity, block outbound traffic to unknown file-transfer services, and enforce strict startup registry policies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techtimes.com%2Farticles%2F317291%2F20260527%2Fgitea-flaw-left-30000-deployments-private-container-images-readable-4-years.htm%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/FcxSyV3_TLXlh73fOnAclu206mfnABu_qH-PepAxMvI=452">
<span>
<strong>Gitea Flaw Left 30,000 Deployments' Private Container Images Readable for 4 Years (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Gitea container registry bug (CVE-2026-27771) allowed unauthenticated users to pull βprivateβ images for about four years, exposing code, secrets, and production wiring across roughly 30,000 self-hosted Gitea and Forgejo instances in sectors such as healthcare, aerospace, SaaS, and ISPs. Operators should upgrade to Gitea v1.26.2, consider setting REQUIRE_SIGNIN_VIEW=true as a stopgap, and audit registry logs for suspicious pulls.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F05%2F28%2Fa-security-lapse-at-prison-payphone-service-pay-tel-publicly-exposed-over-300000-callers-drivers-licenses%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/JuN84-mrGjCcPvLo5jSKxbyZlCznDDUrJMbZb9XYGwY=452">
<span>
<strong>A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers' driver's licenses (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pay Tel left an Azure storage server open on the internet with at least 300,000 scanned driver's licenses, other ID documents, user photos, and inmate communications, including texts, handwritten notes, and financial records. UpGuard reported the exposed bucket on May 7, and Pay Tel later locked it down but has not acknowledged the incident or said if it will notify affected users.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Firan-nimbus-manticore-trojan-zoom-installers-us-firms%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/FlRLUqNUlZqaxjS0rh3ekgJ4VkHR1VTjqc0mt14WdQ8=452">
<span>
<strong>Iran's Nimbus Manticore Used Trojanized Zoom Installers Against US Firms (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IRGC-linked Nimbus Manticore (UNC1549) ran a campaign from February to April that paired AppDomain hijacking, where a malicious Setup.exe.config sits beside a signed Microsoft Setup.exe, with trojanized Zoom installers (Zoom_cm.exe) to deploy the MiniJunk and MiniFast backdoors while hijacking the legitimate ZoomUpdateTaskUser scheduled task for persistence. The group escalated tradecraft mid-conflict, building AI-assisted code that gave full cmd.exe remote control over Chrome-impersonating traffic, then abandoned email lures for SEO poisoning that pushed a fake getsqldeveloper[.]com to the top of Bing and DuckDuckGo. Defenders should hunt for .config files paired with signed binaries, audit scheduled tasks for tampering, and watch for download activity from typosquatted software-download domains.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnovee.security%2Fblog%2Fpretalx-stored-xss-vulnerability-account-takeover%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/hw0fCKEF7n7eacYmPqawXD2hCVX0aVsTh7-RMQpUD9I=452">
<span>
<strong>How to Get a 100% Conference Acceptance Rate, The Novee Way: A High-Severity CVE in Leading Call-for-Papers Software (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Novee researchers found a stored XSS in pretalx that lets any registered user inject HTML or JavaScript into organizer search results and execute code in the organizer's browser on a matching query. The exploit uses an iframe srcdoc to bypass innerHTML script blocking and a same-origin uploaded .js file to satisfy CSP, then hijacks the organizer session and can permanently revoke superuser rights via authenticated GETs. An attacker can automate submissions, plant payloads in titles, and drive near-certain exploitation across many conferences using shared pretalx deployments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foblique.security%2Fblog%2Fpolicy-rollout%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/7Q7J9o70U9pkK6WoJ9fp5If_CiuFYGbNzJ9GYOiifA8=452">
<span>
<strong>The Security Policy Rollout Survival Guide (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When rolling out new security policies, teams should begin by communicating the details of the change, when it is going into effect, and why it is being made. Before rolling out the change, teams should run a pilot with a diverse set of users and iterate upon feedback from the pilot. Finally, when rolling out the policy teams should make enforcement of the policy visible, be in charge of enforcing it, and prepare for exceptions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fpuck-security%2Fpuck-oss%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/KoC89AIe4oUO7fWnfSDoxDvQTZd2nIbNvrrBYkB8r74=452">
<span>
<strong>Puck (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Puck is an MIT-licensed MCP server that drives autonomous, read-only endpoint investigations across a fleet, letting an engineer ask plain-English questions through Claude Code or any MCP client and receive narrative findings with containment recommendations. Rust agents execute only commands from a compiled-in typed allowlist enforced independently by both the Go server and the agent, so the worst case of a compromise is unauthorized read access rather than modification, with mTLS enrollment, audit logging, and cost caps built in. Operators should note that puck-agent reads sensitive files like keychains and process memory and may trip EDR heuristics, so it should be allowlisted before enrollment, and investigations should run under an API key or Teams/Enterprise plan rather than a training-enabled consumer account.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ibm.com%2Fproducts%2Flightwell%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/or0siIu2BcDLybvEPFVNZx5S7b1EC8Ka_xZEK61b7_E=452">
<span>
<strong>Project Lightwell (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IBM and Red Hat launched Project Lightwell with a $5 billion commitment to secure open source supply chains. The system backports vulnerability fixes to exact dependency versions already in production using 20,000 engineers and AI to patch packages across Maven/Java, with PyPI, npm, and Go planned. It works through dependency manifests like pom.xml without accessing source code, delivering signed patches with SLAs to repositories you control.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Flatiotech%2FLAST%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/KdncP-RemSIV0nJ7T4mhYARW023jQKizePZlsIEmtCU=452">
<span>
<strong>LAST (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4UD2AB/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/x-nz1yB4splibM4M48l-v7Wi1CTNI68K2612LZ1DqJo=452">
<span>
<strong>Glassworm botnet disrupted after resilient C2 infrastructure takedown (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CrowdStrike, Google, and The Shadowserver Foundation have disrupted the developer-targeting Glassworm botnet, active since October 2025 through malicious OpenVSX and VS Code extensions, GitHub repos, and npm packages that stole crypto wallets and developer credentials, by simultaneously severing four deliberately resilient C2 channels: Solana blockchain memo fields, the BitTorrent DHT, Google Calendar event titles holding Base64-encoded paths, and direct VPS connections. Any single channel could fail over to the others, so the operators built indirection layers that only a coordinated, all-at-once takedown could defeat, after which infected hosts can no longer pull new instructions or payloads. Defenders should hunt for compromised machines now beaconing to the CrowdStrike-operated sinkhole at 164.92.88[.]210 and apply the published YARA rules to confirm infections, then remediate the malicious extensions and packages on affected developer endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.lastweekinaws.com%2Fblog%2Freading-observability-tools-thats-a-robots-job%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/8bUP58K6orHgotC2PiyYcZSLKp7LaIyjDzgrwiznnjI=452">
<span>
<strong>Reading Observability Tools? That's a Robot's Job (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Metrics, logs, and traces have long been the three pillars that were touted for observability tooling. These pillars don't hold up in the era of LLMs and agentic systems because they were designed for humans even though agents are now the primary consumers of observability. Traces are the primary pillar now and their schema should be versioned and viewed similarly to an API.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Finformation-technology%2F2026%2F05%2Fmillions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package%2F%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/qDSFvG3Anm4yA7wdjqiTiBBvcTEM29zxlY8ovyS3KY0=452">
<span>
<strong>Millions of AI Agents Imperiled by Critical Vulnerability in Open Source Package (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A critical vulnerability was discovered in the Startlette ASGI implementation that underpins FastAPI and other widely used frameworks for building Python services. The vulnerability can be trivially exploited to bypass path-based authorization by adding a single character to the HTTP host header. Developers relying on projects that use Startlette, such as FastLLM, vLLM, or LiteLLM, should make sure to update.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2026%2F05%2Fscammers-pretending-to-be-microsoft-had-help-from-us-executives%3Futm_source=tldrinfosec/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/CI3loeofhY6piM46RRE-QEStDvFrZPsdIS3yHruqknw=452">
<span>
<strong>Scammers pretending to be Microsoft had help from US executives (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The US DoJ has secured guilty pleas from C.A. Cloud Attribution former CEO Adam Young and former CSO Harrison Gevirtz.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FaRYKR8/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/xlNgqhEsggfE5JrJ83-BIzzHwKKkYfl2sO6AqfVOY9I=452">
<span>
<strong>California amendment would exempt Linux from age verification law (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A proposed California amendment redefines "operating system provider" to exclude open-source, user-modifiable software.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FHN6bld/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/kht9QlOwUmYHc2Dc5ApSZCXC_2XEuTGZ0mL3gnczxvw=452">
<span>
<strong>Carnival Data Breach Exposed 6 Million People (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers used social engineering to compromise a Carnival employee account on April 14, then accessed internal systems and exfiltrated files with personal data for about 5,995,277 people.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/c7Jeg0gBhB3mUE2FT9c8RM1FaA0AYyTQwLvMaJ0i2lE=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/DvXPv83ySKPHgY4ZDAEh8sGPl1-emVL0L3OZ0pSX4dw=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/zioR_2ObT9eK5dALCH8HKezdLKesHT8ITAspc4jKabg=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/SfRLWMnyTG6Jezbvg75d2aOtdSL6T_utGMVJoM-S8x0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/4ecnVqKEbqnxUzlkb5yicqd_Y4tiw5YKdPbnl_Bw5OA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/V1OpnMByzWry7fD6p4yNys4jcH6-IsggjJez84sYVjo=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/Qfa6NUIbHTG7X1MxQrrNReIxgkzUXN4tL-KGzvPJLm4=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/T6QKEmLnOtAs7xnINfpcaZnYJGFlimAiXKUw86kxKag=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/JQGJ1kvAM8enSbdMr8qfPkMudNwoMZLd7M-yhb5JmFU=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/v91LMWDfoDugDcEGQ0mpPujkXmCkEWtUk-EXAF3o7oM=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=010336f0-5b27-11f1-8245-ed6a8e23021a%26pt=campaign%26pv=4%26spa=1780059640%26t=1780059950%26s=8fc95cb0a4a85010d590d37983ea9b324ad39ca9e9fe44f166d106ed5d533509/1/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/ItTMkWshXMXgI0Ys0tErpmGVg9bYvPwSS9oSsfpnEhE=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e73d74dda-bcefe586-3e96-4e14-a7d5-dbb6cc721f59-000000/iyZkNkSbWuK5GqBL2s8WyvqvJt89V0LenAI7glO5aLI=452" style="display: none; width: 1px; height: 1px;">
</body></html>