<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Apple shipped Beats Firmware Update 1B211 to fix CVE-2025-20701, an authentication flaw in Airoha SoCs disclosed at a 2025 German security conference β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/rkewaNqAw9ernqNyOeswBJe1e30qWGmhdjq2Qv_aZao=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/2NhyzoU5fGTqv3BQscEGTnZSLjhDX64jpddi_3qh86Q=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=398d6d74-6ec3-11f1-a1e8-ab83c1e4c146%26pt=campaign%26t=1782220679%26s=eab4f0b0f0f65d8a5671867c3ea01c9ec7a0a87de5bcd95caf1906e16267a510/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/2mtSMV6GH6Co3PRrTyKMRhIm5ednyxuZ9TFhIiwVOoU=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.gartner.com%2Fen%2Fconferences%2Fna%2Fidentity-access-management-us%3Futm_source=tldr%26utm_medium=promotion%26utm_campaign=EVT_NA_2026_IAM21_PP_MP1_TLDR%26utm_content=header_save_dollar_400_gartner%26utm_term=ISTLDR/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/P6XuKvIyBi6LPP_zDSWrnG9iAjf2dt14KseYEMg-Xh0=452"><img src="https://images.tldr.tech/gartner.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Gartner"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-23</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.gartner.com%2Fen%2Fconferences%2Fna%2Fidentity-access-management-us%3Futm_source=tldr%26utm_medium=promotion%26utm_campaign=EVT_NA_2026_IAM21_PP_MP1_TLDR%26utm_content=header_save_dollar_400_gartner%26utm_term=ISTLDR/2/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/G45WeJR5WnpjHcXuEH1jwzS0GAfDoIj1qztRe8wJnME=452">
<span>
<strong>Save $400 on Gartner Identity & Access Management Summit 2026 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Join IAM and security leaders at Gartner IAM Summit 2026 to tackle today's most pressing identity challenges. Explore 70+ analyst-led sessions covering AI-driven threats, machine identities, modern authentication, IAM architecture, and Zero Trust strategies. Learn how to secure AI agents, enforce least privilege, and gain visibility across your identity ecosystem. Connect with peers, exchange insights, and meet with a Gartner analyst for tailored guidance. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.gartner.com%2Fen%2Fconferences%2Fna%2Fidentity-access-management-us%2Fsessions%3Futm_source=tldr%26utm_medium=promotion%26utm_campaign=EVT_NA_2026_IAM21_PP_MP1_TLDR%26utm_content=Body_2026_conference_topics%26utm_term=ISTLDR/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/1g9Pe84nVbDIIDHZdm-VuXrVmdFl0_9XSPInMzTYR8g=452" rel="noopener noreferrer nofollow" target="_blank"><span>Explore the 2026 conference topics</span></a> to learn about the actionable strategies you'll gain. >> <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.gartner.com%2Fen%2Fconferences%2Fna%2Fidentity-access-management-us%2Fregister%3Futm_source=tldr%26utm_medium=promotion%26utm_campaign=EVT_NA_2026_IAM21_PP_MP1_TLDR%26utm_content=cta_register_october_9%26utm_term=ISTLDR/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/-SFmP_mqr7dSO5NVO-GImJdCHufad4QUl07lW8B7Ux8=452" rel="noopener noreferrer nofollow" target="_blank"><span>Register by October 9 to save $400 on the standard rate.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fbugs%2F2026%2F06%2Fapple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/9fI5GoJ4QXPMvs_CuTJ4-ECj6rT85KZz5297gMlf1cA=452">
<span>
<strong>Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple shipped Beats Firmware Update 1B211 to fix CVE-2025-20701, an authentication flaw in Airoha SoCs disclosed at a 2025 German security conference, which allowed an attacker within Bluetooth range to listen through the microphone of an unpaired earbud while it was actively seeking pairing requests. Chained with related Airoha bugs, the weakness could also extract pairing keys, impersonate trusted headphones, and pivot to call hijacking, contact extraction, and voice-assistant triggering on the paired phone. Exploitation is difficult and proximity-bound, making it a targeted-surveillance risk rather than an opportunistic one. The firmware rolls out silently when buds sit cased near a connected Apple device, and this can be verified under Settings > Bluetooth.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fventurebeat.com%2Fsecurity%2F7000-langflow-servers-under-attack-langgraph-langchain-same-holes%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/QR3fVZi0PaURQcTqyLuxECc3AxDr9__kEb0W1smx6SY=452">
<span>
<strong>7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are chaining three classic bugs in LangGraph, Langflow, and LangChain-core to reach code execution and steal secrets from AI agent infrastructure. LangGraph's SQLite checkpointer can be poisoned to run arbitrary Python, Langflow's file upload bug is already delivering cron-based shells on ~7,000 exposed servers, and LangChain-core's prompt loader can read API keys from disk unless teams patch specific versions and lock down defaults.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F06%2F22%2Fgizmodo-readers-hit-with-clickfix-malware-prompts-after-account-compromise%2F5259226%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/buoID-0v_Jqk8GvbnMIJcUYQ71saXT3ZcACh0ty86mM=452">
<span>
<strong>Gizmodo readers hit with ClickFix malware prompts after account compromise (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gizmodo's site briefly served fake CAPTCHA pop-ups that triggered ClickFix malware scripts after a compromised account injected malicious code. Windows visitors risked installing NetSupport RAT for remote access and data theft, while the macOS payload was misconfigured and stalled at a ZIP password prompt. Gizmodo removed the script, took the site down, and secured the abused account.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthenewstack.io%2Fagentjacking-sentry-mcp-attack%2F%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/K8pb5K8ilzFfBjx66OdgCjhFFAh338RpWPLDxhPjgbQ=452">
<span>
<strong>A public Sentry key is all it takes to hijack Claude Code, Cursor, and Codex (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Agentjacking is an attack where a publicly exposed Sentry DSN, a write-only credential that Sentry documents as safe to embed in frontend JavaScript, lets an attacker post a crafted error event whose markdown context fields render as a fake resolution section containing an npx command. When a developer asks an agent to clear the Sentry backlog, the agent pulls the injected event through MCP, reads the fabricated fix as trusted guidance, and runs the command with the developer's own privileges to reach AWS keys, GitHub tokens, and git credentials. The payload executes even when system prompts and skills instructed the agents to ignore untrusted data, and because every step is authorized, Tenet's "Authorized Intent Chain" sidesteps EDR, WAF, IAM, VPN, and firewall controls entirely. DSNs surface through Censys queries and GitHub code search, so defenders should treat every MCP integration like a vetted third-party dependency and gate agent-initiated commands at the runtime layer rather than relying on prompt-layer or network defenses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrustsig.eu%2Fblog%2Freverse-once-run-forever%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/t7PfqrWRiWg17bN7VNdFOFWbRmrkIlZDmod1uVnzXzg=452">
<span>
<strong>Reverse Once, Run Forever: Defending Code You Can't Hide (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Client-side bot detection runs on hardware the attacker controls, so every line of code should be assumed readable and patchable. Defenses change on every build and even per session, so signatures or reversals from one version fail on the next. Critical checks avoid branch statements and instead use cryptographic key derivations, so tampering just produces useless output with no clear flag to flip. Highβvalue lookup tables and logic exist only on the server side and are minted per session, preventing meaningful offline analysis. The detection path depends on live, authenticated round-trip to the server, preventing attackers from running a static offline replica at scale.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdoublepulsar.com%2Fan-update-on-fortibleed-whats-happening-with-victim-orgs-c0671a50e7f4%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/_taQw8I_QpdZgNATLT7cCwbC2A_cfR35HiD4wkn2cuE=452">
<span>
<strong>An update on FortiBleed β what's happening with victim orgs (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An attacker scanned for internet-facing FortiGate boxes, logged in through prior unpatched vulnerabilities or dormant backdoor admin accounts (some planted earlier by a Russian ransomware crew reusing identical passwords), exported full device configs, then cracked the hashes offline on 36 rented enterprise GPUs before reselling the plaintext as FortiVPN client credentials. Roughly a thousand orgs were confirmed internally compromised, with operators adding rogue admin accounts, opening SSH and RDP firewall rules, and authenticating to IPsec tunnels while focusing on telcos and MSPs to pivot into downstream networks. Defenders should filter FortiOS logs under System, Events for config export messages, check their internet-facing IPs and Fortiguard-ID domains against the published FortiBleed lists, and if listed, rebuild the box, purge and recreate all admin accounts with MFA, patch to current firmware, and rotate IPsec site-to-site keys at both ends.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR_Send_6%26utm_term=Secondary/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/cUktrm2TXifv_O5JQFha-VfOo8K7GZ4QZ-teRoeGO7A=452">
<span>
<strong>Models like Mythos will beat your defenses - but you can still limit their impact (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mythos is OOO - but it's clear that AI is getting much better at finding vulnerabilities, shifting the focus to limiting post-exploitation activity. This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR_Send_6%26utm_term=Secondary/2/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/iF-_kzZUpYJZ77KF1CnNquuFAsYElDFY7yfI9MLmb7Y=452" rel="noopener noreferrer nofollow" target="_blank"><span>Delinea whitepaper</span></a> explains why identity remains the critical control point, and how you can prepare for new frontier models by applying JIT privilege, secret brokering, and continuous authorization. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdelinea.com%2Fresources%2Fmythos-impact-identity-security-playbook-for-cisos%3Futm_medium=paid-newsletter%26utm_source=TLDR%26utm_campaign=FF-FY26Q2_TLDR_*VisIP%26utm_content=TLDR_Send_6%26utm_term=Secondary/3/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/S_0kFk2Xy2QpTSQjI0DQhc1cfiOKb2OXjt4fauGuQQQ=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get the whitepaper</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsmicallef%2Fspiderfoot%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/MJfwKzbOKWc4GaqoBk4Mi_HRkkDAEhDUdUkUYF9HoPs=452">
<span>
<strong>SpiderFoot (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SpiderFoot is an MIT-licensed, Python 3.7+ OSINT automation tool with over 200 modules that feed each other in a publisher/subscriber model to enumerate hosts, emails, breach data, and dark web mentions across targets ranging from IPs and domains to usernames and Bitcoin addresses, usable via web UI or CLI with a YAML-configurable correlation engine shipping 37 rules. Actively developed since 2012, and most modules need no API keys, though the README's feature list doubles as an upsell funnel toward the cloud-hosted SpiderFoot HX tier, which reserves attack surface monitoring, screenshotting, and multi-user collaboration for paying users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fanthropics%2Fdefending-code-reference-harness%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/m-v3yrLCBa5fflO-exivxp7SmEiTUAngcPvbZyEu73Y=452">
<span>
<strong>Defending Code Reference Harness (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This repository contains a reference implementation for autonomous vulnerability discovery and remediation with Claude based on Anthropic's learnings from partnering with security teams at several organizations since the launch of Claude Mythos Preview.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fatomiczsec%2FNoradrenaline%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/hzw9TPt8nMxQkxHM0xPgtAcEbj0s6Hq-2IeY2t9yPr8=452">
<span>
<strong>Noradrenaline Shared Library Modules (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A collection of native Linux and macOS modules built as small shared libraries for Poseidon and other agent workflows.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdecodebytes.substack.com%2Fp%2Fwhy-your-microvm-sandbox-solves-a%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/ONIJTqw-tDyeBcjU3MrJdHCzTpNaz7q6mcqqG5SrKqs=452">
<span>
<strong>Why your microVM sandbox solves a particular problem very well, but not the agent security problem (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
microVMs and agent sandboxes have been wrongly conflated: a microVM enforces a guest/host boundary that prevents a hostile machine from escaping, but a coding agent runs as you, with your SSH keys, cloud tokens, and credentials already mounted inside the box. The threat is not escape but blast radius when a trusted, well-meaning agent misreads a task or follows an injected instruction and exfiltrates or deletes what it can legitimately reach. The hypervisor operates at an all-or-nothing grain of disk images and whole machines, while the actual agent threat lives at a per-path, per-host, per-syscall grain that the hypervisor never monitors, so the right control mediates the operations a process attempts rather than virtualizing the hardware under it.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9958%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/s2AQ3YEPWluuwTbZDSodGDog0A_q1Q5SVmw8Lc0XOJA=452">
<span>
<strong>RFC 9958 - Post-Quantum Cryptography for Engineers (50 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This IETF informational RFC orients engineers to the post-quantum transition, explaining that Shor's algorithm forces full replacement of RSA, DH, and ECC (while Grover's leaves AES-128 and SHA-256 effectively intact), detailing the NIST standards ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205), and forthcoming FN-DSA (FIPS 206), and stressing that KEMs cannot be both AKE and NIKE, that PQC keys and signatures run roughly 6-100x larger, that stateful HBS schemes (XMSS, LMS) risk forgery on key-state reuse, and that "harvest now, decrypt later" plus the Mosca x+y+z model justify hybrid PQ/T deployments with careful attention to key-reuse stripping attacks and lattice side-channel exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Fcanadas-spy-agency-used-first-of-its.html%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/Uw-8ygUl7xsw8mn8YO2cRRa0Mu0QVmbS3VrYGrAa910=452">
<span>
<strong>Canada's Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Canada's intelligence service used a court-approved threat-reduction warrant to access compromised Canadian servers, SOHO routers, and IoT devices, and to remove data tied to two foreign-controlled botnets. The operation removed infected gear from the relay networks without collecting user identities. The ruling highlights ongoing abuse of unpatched, endβofβlife routers and IoT devices, leaving owners responsible for securing or replacing vulnerable hardware.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.apnic.net%2F2026%2F04%2F28%2Fgoogle-hits-50-ipv6%2F%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/KGyy0hiMuw1Rd2FBLXRh_f3hBFj8PZb_W2EnBlSE_vs=452">
<span>
<strong>Google hits 50% IPv6 (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's measurements show global IPv6 adoption crossing 50% for the first time (versus APNIC Labs' lower 42% figure, the gap attributable to APNIC's population-weighting model), a milestone that reflects mature deployment driven largely by mobile and newer market entrants like Reliance Jio.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F22%2Fklue-hack-results-in-data-breach-at-several-cybersecurity-firms%2F%3Futm_source=tldrinfosec/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/9GkyrE3xikAOegRzIyZBgQwrLR3tOQAZfqlZXNuCnhY=452">
<span>
<strong>Klue hack results in data breach at several cybersecurity firms (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Icarus broke into Klue using a compromised legacy credential linked to a cloud integration tool.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQVw8TY/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/byf1xmFtfAapzUz8k05kuXSsfJLcWbD6Je601_xaGVA=452">
<span>
<strong>Decades-Old Squid Proxy Flaw βSquidbleed' Can Expose User Data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Calif.io researchers identified CVE-2026-47729, a longstanding memory leak in Squid's FTP parser since 1997 that exposes previous users' HTTP request data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/qTfXVdegMxqcFwOhN8M1OYCQOpbZP4K_2s29cYxMP-U=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/o2g-LGe-usfbiSuDZQZm6lVpQCptaT53ZM77Y0WKNUY=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/PWK-8bJ24UAON2qUn7DSDs96H0mhAIJZ_URY-NXubvU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/0FowQHy4-xT5V45fDthPyIH2yVXnr3f5mw0GS1q5v-g=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/xw49SwQ8ClRGwQMVfHrc9NjwvfGuKoUpAgeBuJCz878=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/4iDS2xhgytMKRwWQFr2YwqQbXxhSBSyrPAdjpQKDzZk=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/kRFyT7Q0-DuV5DjV1Wd8gVSYbT_GYteXI-gSwtyTPVY=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/ZFCHAKCfSeTmhgMkaAHBxsvimCgagGB7fz-fqbdH1DA=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/9Oj632P9VWa3hAm6YKqOm7XrcX-qIn6SXFeLlWjcNWA=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/Q5KUzA6NjSiPhythhGUIc0wjV3Kv-Fld9s3pY63B-e8=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=398d6d74-6ec3-11f1-a1e8-ab83c1e4c146%26pt=campaign%26pv=4%26spa=1782219704%26t=1782220679%26s=3e498cdc78b56e07efde2e53e3ad90b895eef095846768a8ec30f6f7a513bdda/1/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/TfKf_GkH7R-7kWkOlVi7Kkeu_KWbjb0sIP1KE1fCMyw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ef4a16a25-60570c71-b565-4420-a13a-5d479081949d-000000/4lbh_c29PYYysaezbrvuXpttQoaaM4rw_2BWEbncIAk=452" style="display: none; width: 1px; height: 1px;">
</body></html>