<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Attackers are chaining CVE-2026-35616, an unauthenticated improper-access-control flaw in FortiClient Enterprise Management Server β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/SujkgoCKskdiLah13ilHWaJr9tqSmIxiH4a4YvRcwB8=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/qN51UW6ivu6zb8epxvJIGK6wk1U4aUfT1Nsq0qGNlpY=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1027767a-5d87-11f1-9ea8-37f8dcaabf73%26pt=campaign%26t=1780319139%26s=42040e71e13a34fc227a99e8275a6490efc20e0b1edd7cdebd9203db5bdf6a17/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/oARMNrJUARO8UYqVXn1y_JVlbvCL4d8gx6FkuZhC8EE=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FTsBxbd/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/vDwEfnaTUzYfWLdPvMzD9rs136z4bb4lPBxHwavNp88=452">
<span>
<strong>Hackers exploit FortiClient EMS flaw to push infostealer malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are chaining CVE-2026-35616, an unauthenticated improper-access-control flaw in FortiClient Enterprise Management Server versions 7.4.5 and 7.4.6, to modify EMS configurations and VPN policies so that fortitray.exe launches malicious batch scripts seconds after an IPsec tunnel establishes to a FortiGate. The scripts run base64-encoded PowerShell that downloads the EKZ infostealer disguised as a Fortinet patch (FortiEndpoint_Patch.exe), which dumps Chromium and Firefox credentials, credit cards, addresses, and cookies before exfiltrating to an attacker VPS over HTTP and wiping local artifacts. Defenders should apply the April hotfixes, hunt for the log sequence "Certificate not found in request header" followed by "Certificate user: fortinet-ca2 β¦ successfully updated," and audit Remote Access Profile changes and administrative logins from Tor or VPS origins.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffake-anthropic-sites-fileless-infostealer-claude-code-users%2F%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/zm-0PHxmKjLiM5fqS3rciWNM65-SgvMFB2agZ7CMH1I=452">
<span>
<strong>Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cyderes uncovered a ClickFix campaign that uses SEO-poisoned "claude code install" results to lure victims to spoofed Anthropic pages, which instruct them to paste a mshta.exe command into Win+R that fetches a 6.7 MB MP3/HTA polyglot from download.version-516[.]com, playable as audio in VLC but parsed as script by mshta. The HTA spawns 32-bit PowerShell to evade EDR coverage, performs an AMSI bypass with key BWJFEesMEqRvjQbm, and pulls a 17 MB next stage from oakenfjrod[.]ru before reflectively loading a .NET infostealer via Assembly.Load(byte[]) entirely in PowerShell memory, beaconing browser credentials to 185.177.239[.]255:443 on Russian infrastructure. Defenders should block wildcard queries to *.oakenfjrod[.]ru, alert on mshta.exe spawning cmd.exe or PowerShell with outbound network activity, and watch for 32-bit PowerShell launched from HTA contexts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F9nv8bC/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/84h0N1yshWkpfI3Gt1D4iPV9ZIpnN-_nbz3JB3fdP-Q=452">
<span>
<strong>New CIFSwitch Linux Flaw Gives root on Multiple Distractions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers have uncovered a new Linux local privilege-escalation flaw that allows attackers to forge CIFS authentication key descriptions, exploit the kernel's key-request mechanism, and gain root privileges. The problem is that the Linux kernel's CIFS subsystem fails to verify that the cifs.spnego requests originate from the kernel's CIFS client. Some distributions that were confirmed to be vulnerable by default include Linux Mint 21.3 and 22.3, CentOS Stream 9, Rocky Linux 9, Alma Linux 9, Kali Linux 2021.4-2026.1, and SLES 15S P7.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FfxwkVm/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/t2yp0dE1mQE74lhDfogU149dt3mvALy2ReVlbuKdyac=452">
<span>
<strong>Parallel Reconstruction of Lawful TLS Wiretapping (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A researcher reproduced a plausible covert path for the 2023 jabber.ru TLS interception by chaining CVE-2023-38198, a command-injection flaw in acme.sh exploited via a crafted http-01 challenge Token, with the network-routing control already needed for a fraudulent-certificate MitM. The proof-of-concept smuggles a base64-encoded Python stager through the Token field using echo|nl to synthesize whitespace and stay under the 255-byte filename limit, landing a privileged reverse shell when acme.sh contacts the attacker-controlled CA while leaving only a transient python3 process and a /tmp artifact wiped at reboot. Defenders running ACME clients should patch acme.sh past the June 2023 fix, run renewal flows under least privilege, monitor for python3 or other interpreters spawned as children of ACME clients, and watch Certificate Transparency logs for unexpected issuances on owned domains.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthewhiteh4t.github.io%2Fblog%2Fai-chat-llmreaper%2F%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/0WZ_0rn5uX4r6BvWol8hfqByGTuTipf5QmiaDpDDwQY=452">
<span>
<strong>LLMReaper - DOM Based AI Conversation Exfiltration via Browser Extensions (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LLMReaper is a Manifest V3 proof-of-concept Chrome extension that uses MutationObserver to scrape full ChatGPT, Claude, and Gemini conversations from the DOM in real time, keying response completion off each platform's stop-button selector and shipping JSON payloads (including username, chat title, and Gemini Gmail ID) to a FastAPI backend through the service worker to bypass Same Origin Policy. The capture requires no special permissions beyond the standard "read and change all your data on websites you visit," and the accompanying backend runs regex to surface OpenAI keys, AWS access keys, Stripe secrets, JWTs, and database URLs from pasted content. Defenders should audit installed extensions, treat AI chat as an unencrypted channel, isolate AI use to dedicated browser profiles, and fold extension risk into awareness training, since legitimate-looking utilities can map cleanly to MITRE T1056.003, T1041, and T1555.003.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.yaelwrites.com%2Fwhat-my-privacy-and-security-stack-actually-looks-like%2F%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/Bolg3KDXZ9fPaOngGQEY66ScsT96F3a32DDYV2ybbRA=452">
<span>
<strong>What My Privacy and Security Stack Actually Looks Like (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Investigative tech reporter Yael Grauer describes the privacy and security principles that she employs in her everyday life. Grauer attempts to find information and inform friends before she meets someone and uses a PO Box when interacting with clients. Grauer also encrypts her hard drives, reviews app permissions, uses Lockdown mode on Apple devices and Advanced Protection on her Google account as well as a Yubikey, VPN, and password manager.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FwolfSSL%2FwolfCOSE%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/XxuJu93hT9lqoh2uXqCg1EnSNSxy19OuK2ZBljYlhe0=452">
<span>
<strong>wolfCOSE (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
wolfCOSE is a GPLv3 C library from wolfSSL implementing the full RFC 9052/9053 COSE message set (Sign1, Sign, Encrypt0, Encrypt, Mac0, and Mac) and CBOR encoding atop wolfCrypt, covering 40 algorithms including post-quantum ML-DSA-44/65/87, with zero dynamic allocation, a 7.5 KB minimal text footprint, and a path to FIPS 140-3 via wolfCrypt Certificate #4718. CI runs MISRA C:2012/2023 checks, Coverity scans, and reports 99.3% line coverage for the core, making it a candidate for constrained embedded and IoT signing workflows.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fgrepstrength%2Fmalsnitch%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/TAzSCkdQY7jgIa62cVxpa1ZdAiLn8DUWMieoIwaipdw=452">
<span>
<strong>malsnitch (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
malsnitch is a CLI tool designed to assist reverse-engineering workflows by scanning artifacts for embedded secrets that malware authors have included in their binaries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mokn.io%2F%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/-7QYXQGMC7-TYMixOa6OJm5vGc1gl6_FkObDvaAfVA0=452">
<span>
<strong>MokN (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MokN provides a phish-back identity protection platform that plants realistic decoy access points in enterprise environments to trick attackers into using stolen credentials, so security teams can detect and neutralize those credentials before use.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.technologyreview.com%2F2026%2F04%2F15%2F1135898%2Fcyberscammers-bypassing-bank-telegram%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/axxWnizazB0v6syNAINFghP2NgqbHkq5UZhcVozkPeQ=452">
<span>
<strong>Cyberscammers are Bypassing Banks' Security with Illicit Tools Sold on Telegram (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Know Your Customer (KYC) tools are designed to prevent account takeovers and phishing by requiring users to pass a βlicenses checkβ to verify their identity. However, an increasing number of tools that allow scammers to bypass these checks or utilize stolen biometrics are popping up on Telegram channels. As KYC tools improve in complexity to attempt to stop these bypasses, financial motivated cybercriminals improve the bypass tools in a cat and mouse game.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F05%2Fbotnet-of-more-than-17-million-devices-dismantled%2F%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/bpp_ETmGGDjDyc-atXsdembdjAUcNVDfU3N4WwMn9aU=452">
<span>
<strong>Botnet of more than 17 million devices dismantled (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dutch police and the National Cyber Security Center took down a botnet of more than 17 million devices controlled via 200 servers hosted in the Netherlands and reportedly linked to Russia-based residential proxy provider ASOCKS. Investigators seized botnet servers and noted overlaps with prior Proxylib activity, where malicious or misleading apps quietly enrolled phones and routers into a commercial proxy network.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F29%2Fno-fix-yet-for-critical-gogs-rce-bug-exploit-module-is-out%2F5248691%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/6RgGFRsKJflwJPfzaGEVeN0rwd-Bw7QI5zL1xMb_9-8=452">
<span>
<strong>No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 9.4-rated authenticated RCE in Gogs' pull request merge flow lets any logged-in user exploit an argument injection in the Merge() function when βRebase before mergingβ is enabled, leading to arbitrary command execution on Windows, Linux, and macOS. Rapid7's Jonah Burgess disclosed the flaw in March, published a Metasploit module, and recommends locking down registration, repo creation, and rebase settings until maintainers ship a patch.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F192907%2Funcategorized%2Fshinyhunters-leaks-charter-communications-data-potentially-impacting-5-million-customers.html%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/lWSVmHD7C_Ilo2VfP0RizID4_TWt-hm757Ac2jq9QMo=452">
<span>
<strong>ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters published data stolen from Charter Communications after a failed extortion attempt.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F05%2Fchatgphish-vulnerability-turns-chatgpt.html%3Futm_source=tldrinfosec/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/BXEdGn9ZG0_z9WDgfrwVzBUIeyQ_0ycPJSau70ay_UQ=452">
<span>
<strong>ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ChatGPT's summary renderer relies on Markdown links and image URLs from recently processed pages, which attackers can exploit to plant malicious payloads, trigger image fetches that reveal IP addresses, User-Agent, and Referer details, and display clickable phishing links, fake security alerts, or QR codes within the assistant interface.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FVLH3Aa/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/tAO1GuPgdUWXD00IbzVPHfFJ1ty2_Bz054gQzF1PZWs=452">
<span>
<strong>Exploit Code Published for Critical Flowise RCE Vulnerability (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Obsidian Security disclosed technical details and PoC code for CVE-2026-40933, a CVSS 9.9 RCE in Flowise's MCP adapter that abuses unsafe stdio command serialization to trigger OS-level code execution on import, often with root privileges in containerized self-hosted deployments.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/IXakNqcFqAcV7BKXDPzk_QUa8rMACkuzLHjG3HUivcg=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/mCTd9rJxSaVMzpoToClGFmv58DuSp7PUkyIZd1FwFiw=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/_3jQojLu3G7pIqKfEDx31kTSlFwq9teOX700yLduLnU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/wKfKhwn0vIDs2S6WCccIA0eIlvAKSvRGe-9EIrpVJgA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/qV2mxtdHKM7JkkUoiEFie38m9KKGmQar2ywhiI7ZsLE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/BiN5Qlr4V4oiKqXp6N9IIf-qYUyNSovjwBSm3E1dPa0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/_fjcb1NvcYgegTPhBf4WiApfxCK7Hh2a4hzjvPXSe1Q=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/wf1wQ3S0u-trm8lVyeiayG36mr7po_1mO4zT5pkV4Xw=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/VwfRC2yu333OsoFdQyv_wnOuWmQ87GHQxdEHmNvh3TQ=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/zXn_oYrLzu_KymKKnH31SdVd0uhuj2bRqdELwCq655g=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=1027767a-5d87-11f1-9ea8-37f8dcaabf73%26pt=campaign%26pv=4%26spa=1780318817%26t=1780319139%26s=f30ac8fc9a91ddced15159e89d5a9ba9702aa1018ebfc7d84f0f880f740b5644/1/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/vL7KxH-wpjLKRGHvOBtzKH2VY-K1GjawoFBM0vPO90g=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e834a3815-61f2c398-a494-44d8-9fbb-9a4fb79fcacd-000000/tKsSqtCLYBgwbKPcnppsona5hKkUR0QO53o1TNClFr8=452" style="display: none; width: 1px; height: 1px;">
</body></html>