<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Paradigm Shift published "usbliter8," a BootROM exploit against Apple's A12 and A13 chips that abuses a USB controller bug </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/BY_dKaRZyD8pAoD3yRaadQilrUWcRPnoyo_5wK9vyIA=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/H4X6BXUhMg9i7AFhqOXCOAROc9c3hmYYH5VN-Od7hLY=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=7b9b1664-6e08-11f1-ada3-1b0e2a5a6320%26pt=campaign%26t=1782133636%26s=7884bf18a1a6357faf91a756f9dc008a10a6e5a0729e1106c559945f30d7ac92/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/6y0oqGWi6hmT4rzWNhDEMnLYspcXVgfiPvzvZDIdQsI=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-22</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.macrumors.com%2F2026%2F06%2F18%2Fa12-and-a13-chips-facing-exploit%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/P-xmMBc93DBxgSwm7g0V5LQHHT0X3C2HlEX5igi6UIM=452">
<span>
<strong>Apple's A12 and A13 Chips Facing New Unpatchable Exploit (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Paradigm Shift published "usbliter8," a BootROM exploit against Apple's A12 and A13 chips that abuses a USB controller bug: sending a sequence of unusually small packets during startup walks an internal hardware pointer backward through memory, enabling out-of-bounds writes, and because the flaw sits in mask ROM, it cannot be patched, leaving iPhone XS through iPhone 11 vulnerable for life. A11 escapes because its USB driver resets the pointer per packet, and A14 and Later configure memory protection correctly at boot, whereas A13 exploitation required a lengthy, multi-step bypass of Pointer Authentication Codes (PAC). Once executed, the exploit installs a restart-surviving handler that can downgrade security settings and boot unsigned code, injects the "PWND" string into the USB serial, and, while it spares the Secure Enclave directly, it broadens avenues for attacking it.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techtimes.com%2Farticles%2F318790%2F20260621%2Ftexas-data-breach-hits-3-million-drivers-licenses-passport-numbers-stolen-hunting-vendor.htm%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/NeN22Fd9eSBALhBrCuAKIOoAUyDNsmWnS-xu3ZyY6E0=452">
<span>
<strong>Texas Data Breach Hits 3 Million: Driver's Licenses, Passport Numbers Stolen From Hunting Vendor (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers breached the unnamed vendor that runs Texas Parks and Wildlife's hunting and fishing license system, exposing driver's license numbers, passport numbers, and contact data for about 3.09 million people. The dataset is being sold by a threat actor tied to a similar Virginia wildlife breach, suggesting shared SaaS platforms are being probed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4a0GsV/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/6V44m0uLhtSbO3uptM6IR-5ccRjeeLFZCVXG80sb2DI=452">
<span>
<strong>FortiBleed: 86,000 Fortinet Device Credentials Compromised (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A large credential theft campaign called FortiBleed has exposed over 86,000 valid logins to internet-facing Fortinet firewalls and VPNs across 194 countries, impacting thousands of organizations, including government and critical infrastructure organizations. Attackers intercepted SSL VPN authentication, cracked password hashes using a 45‑GPU cluster, and pivoted into internal Active Directory environments after roughly 1.16 billion credential attempts against 320,000 FortiGate targets and billions more attempts on MSSQL servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pentesty.co%2Fblog%2Fnovo-nordisk-ozempic-fulcrumsec-breach-2026%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/C7b4kTBKSgMqwOkrNq-2oHcIe_5lBnWxMhKR6nr0RPI=452">
<span>
<strong>Novo Nordisk Breach: How a Leaked GitHub Token Exposed the Exact Ozempic Formula (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A group calling itself FulcrumSec claims initial access in March via a single GitHub personal access token that allowed cloning of internal repositories, then roughly two months of undetected dwell time before exfiltrating 700,000+ files (~1.3 TB), with Novo Nordisk confirming a limited intrusion on June 11 and reportedly refusing a $25 million extortion demand that triggered a 264 GB leak allegedly including source code, clinical trial records for ~11,500 patients, and the Ozempic formula. The detectable signal here was a token quietly cloning hundreds of repositories over weeks, plus large outbound data flows, neither of which was alerted on, which maps to OWASP A07 credential failures rather than any novel technique. Defenders should treat PATs, deploy keys, and CI tokens as bearer credentials with short expirations, narrow scopes, IP allowlists, and SSO-backed accounts, build alerting for abnormal bulk-clone and outbound-transfer patterns rather than just logins, and run secret scanning against their own repos before a stolen token turns into a master key.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.blog%2Fsecurity%2Fmaking-secret-scanning-more-trustworthy-reducing-false-positives-at-scale%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/MyicPCUY72ufKHQZx8Slf-7UTYPV3Tu4NR3dawWcRuU=452">
<span>
<strong>Making secret scanning more trustworthy: Reducing false positives at scale (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitHub added context-aware LLM reasoning to the verification step of its secret-scanning pipeline, working with Microsoft Security & AI's Agents Offense team and applying the approach from Agentic Secret Finder to reduce noise from AI-detected generic secrets. Rather than feeding whole files to the model, the system extracts high-signal usage context, such as whether a value flows into an API request, authentication header, database client, or cloud SDK call, which lets it separate real exposures from placeholders, test data, and random UUIDs at low latency. Evaluated against hundreds of customer-confirmed false positives, it reached a 75.76% reduction against a 65% target while leaving upstream detection logic and coverage unchanged, so defenders gain higher alert precision without retuning detection.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Flarge-scale-credential-attacks%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/IcjPrB7wfFdOAHKPXqhUsXcgdhffB6yvIC4Ja28y-98=452">
<span>
<strong>Threat Brief: Mitigating Large-Scale Credential Attacks (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FortiBleed is a large-scale password-spraying and credential-theft campaign targeting internet-exposed Fortinet, Sophos, and MSSQL services. It uses a multi-stage chain of spraying, privilege escalation, configuration extraction using stored credentials, and offline cracking that feeds the next round. An IAB on Exploit[.]in claims responsibility and sells harvested credentials as of June 16 (unvalidated). Defenders should audit remote access logs for successful logins following high-volume failure events, require MFA, adopt ZTNA with jump boxes to keep management interfaces off the public internet, rotate default credentials, disable unused accounts, and patch local privilege escalation flaws.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Fhs_preview=ZhpfYCSR-214928204608%26utm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/xBWhYw3rCxEQsSN52BSN4yfH2jUAROU57FizFydIvzc=452">
<span>
<strong>Models like Mythos will beat your defenses - but you can still limit their impact (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mythos is OOO - but it's clear that AI is getting much better at finding vulnerabilities, shifting the focus to limiting post-exploitation activity. This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Fhs_preview=ZhpfYCSR-214928204608/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/uVUyPJNesccO6HK_c4dqLQIAMZMNtrJf9-9bVHM0-mA=452" rel="noopener noreferrer nofollow" target="_blank"><span>Delinea whitepaper</span></a> explains why identity remains the critical control point, and how you can prepare for new frontier models by applying JIT privilege, secret brokering, and continuous authorization. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Fhs_preview=ZhpfYCSR-214928204608/2/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/KRjgGExVDo4hMkjN1d44NvAAAnHAaRJvN5VX3K3_yQ4=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get the whitepaper</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.vaultsort.com%2Fblog%2Fvaultsort-v4-hardware-bound-encryption-touch-id%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/zU2tkQcJFnforueYOLz111P6sKU8B1e6MT6pmkyRbHM=452">
<span>
<strong>VaultSort V4: Hardware-Bound File Encryption and Touch ID (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VaultSort V4 makes file encryption hardware-bound on macOS and adds Touch ID as a first-class key, running fingerprint encryption through the same Secure Enclave-backed path as a YubiKey. The V4 chain derives a per-file wrap key from a hardware PRF output through HKDF-SHA-256, seals a random 256-bit file key with AES-256-KWP, and encrypts the body with AES-256-GCM under an authenticated header, which closes a V3 gap where the YubiKey touch was an application-layer gate, and the file key could be derived offline from VaultSort's on-disk credential store. Touch ID requires macOS 14 Sonoma or later, and since this is a vendor self-disclosure for a closed-source $24.99 product, the byte-level guarantees rest on VaultSort's own free Security Design Document rather than independent review.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fqubridge.io%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/r50zZDge3LqPZmu08hRI3E3-uHOfxMTgR5bDCCnv3EA=452">
<span>
<strong>Quantum Bridge (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Quantum Bridge provides a quantum-safe key distribution platform for government, finance, critical infrastructure, and telecom customers, combining its DSKE protocol with PQC and QKD in a crypto-agile system.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fvisa%2Fvisa-vulnerability-agentic-harness%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/lVxb4qNeadFb9K9P1tflo6xWqfl-AlbPVTcm-bQxDRk=452">
<span>
<strong>Visa Vulnerability Agent Harness (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Visa Vulnerability Agent Harness (VVAH) is Visa's harness for automated vulnerability discovery using frontier models. VVAH uses threat modeling before analysis to focus the attack surface, using multi-agent deterministic voting to reduce false positives, and structured triage artifacts to compress the lifecycle from AI-discovered weaknesses to actionable findings.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWLckfb/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/5jowusoI8AmGvMVKmUjUy_ePT2ZoN83nH5CJ5CRDuG4=452">
<span>
<strong>White House delays release of US voting machine study as midterms near (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
White House officials have for months held back an ODNI report that documents significant security gaps in US voting machines, including outdated software and internet connectivity that attackers could exploit, though the report cites no evidence of vote manipulation and does not claim votes were flipped. ODNI briefed the White House for six months without authorization to publish, and a separate, unpublished report from the contractor Mojave Research, which studied machines seized in Puerto Rico, likewise found no evidence that the machines were hacked. Some officials reportedly argued that the findings could undermine voter confidence among Republicans or fall short of supporting Trump's false claims about the 2020 election, leaving the recommended remediation, which would require extensive coordination with states, unimplemented as the November midterms approach.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F06%2Fmicrosoft-spots-new-self-propagating-malware-for-stealing-cryptocurrency%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/729sc3Np59H32yjMcglguMznQQWpbw91YK2nJm3Uzec=452">
<span>
<strong>Microsoft discovers new lightweight backdoor that steals cryptocurrency (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Crypto Clipper is a worm that spreads via USB using .lnk files and a bundled Tor client to route traffic through a local SOCKS5 proxy. It monitors clipboards for wallet addresses and 12- or 24-word seed phrases, exfiltrates them with screenshots over Tor, and swaps copied crypto addresses for attacker-controlled ones. Defender products flag it through suspicious script interpreters, localhost:9050 proxy use, screen-capture commands, and clipboard or address-replacement behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fcloud-logging-defense-evasion%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/Xu5M7slHX1WFSO8bUnW_WxtYyGrEVjaCeh2M7qtZ8ds=452">
<span>
<strong>Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In cloud environments, attackers often target cloud logging services to hamper defenders' visibility and establish passive monitoring. To hamper defenders' visibility, attackers can render logging ineffective by disabling logging, deleting the router or destination, encrypting logs with attacker-controlled keys, or poisoning logs by directly modifying their contents. Attackers can also establish passive visibility by configuring an additional log destination or redirecting logs to an attacker-controlled account.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.phoronix.com%2Fnews%2FLinux-7.2-Drops-strncpy%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/O4hZRMne7qA0SEO5uNEwXy5aCtAzehsAUmMips9QRIE=452">
<span>
<strong>Linux Finally Eliminates The strncpy API After Six Years Of Work, 360+ Patches (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Linux 7.2 removes the bug-prone strncpy() API after roughly 362 commits over six years, with kernel code now directed to strscpy(), strscpy_pad(), strtomem_pad(), memcpy_and_pad(), or memcpy() depending on NUL-termination and padding needs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsanyamserver.online%2Fposts%2Fnginx-reverse-proxy%2F%3Futm_source=tldrinfosec/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/jzHLmTxpk31YBZOkqXOtcJ68Y4iSeg0yu3o2_1BzfI4=452">
<span>
<strong>Nginx as a Reverse Proxy (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An understandable and in-depth tutorial on using Nginx as a reverse proxy with examples included.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/QDdHpYCPNhBbj3Nkx8xqnd9AEnB9e3XcdLl9904wjew=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/6k5PT6cC5-8DObgLsyy0IpWK7ScLcOABOQ0w10-P1OE=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/GuiDbZ2uZvfQI-89hHNBmFoSN-tsf-oUJBozrA52aEw=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/t1q92mswCtLN2Cky6FDA7avpwqoRwg64xMkUNrhsakQ=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/JSyR8j7PaG1dhE2NJzhVw3yVxDKKCBX6Q3di1tAyMpA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/rRGMXtHawla4ACZmGDyOKYFNSavaCIFqk3alM-T5OTU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/5Ajz7SBz6crEa0olfEH1-odUd-cHZc2XguV2VnzOSWk=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/CtmFx3y2kzNF2nr-UqVivlPMxwTPLHBZQPFkkkRPcec=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/8YCNBWVifXQatBf5Kbxx9E8IOoJHXKeyXwx8jpJNSEM=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/DZf2gpjMqlkTJBHOiGwyfV4-ZWG92fp4dyO_1UAuCYk=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=7b9b1664-6e08-11f1-ada3-1b0e2a5a6320%26pt=campaign%26pv=4%26spa=1782133314%26t=1782133636%26s=ca6856d7770aa57fe9622cdf280240633282fcef93d54536205eddd85e229e3d/1/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/uhL0ZjCJ5It7b3RnBSJtlfVXbKHBmm1q6b2qiGXAse4=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019eef713f18-5301e744-7101-45f8-80dc-8d019ce4772e-000000/ZFtVpex_b-yfNnSgl74ZMHqk3ITI1Eqn9ZusLQuL_qo=452" style="display: none; width: 1px; height: 1px;">
</body></html>