<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A Russian-speaking initial access broker has run FortiBleed since February, brute-forcing over 430,000 FortiGate firewalls β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/fm1VwQeMIActBXDK3aksK9ispnPD-7WGj1eR0tYG5G4=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/84nDdflixVrbxWtu7DUzv_hKx7lUQCKZLMLQT3q02PU=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6638ac60-707d-11f1-b9de-a13c0964bb77%26pt=campaign%26t=1782392824%26s=0e1d64c55a2941cdaefb8a8dac035c353e4af3bb906f4eb075f67be54b3d1fba/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/9-mdKQ6l_jraTArAh-1S48vXASXGBlNE54SH17KDL5g=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-25</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Ffortibleed-targeted-fortigate-firewalls.html%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/SbW2ZdchCr6nhd2_bBKtX7DIJxCMu0ylrrqjWT8kq4c=452">
<span>
<strong>FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Russian-speaking initial access broker has run FortiBleed since February, brute-forcing over 430,000 FortiGate firewalls and deploying FortigateSniffer to capture credentials across 24 protocols, feeding a Golang-based CyberStrike Harvester pipeline that cracks hashes via Hashcat/Hashtopolis, ranks targets by economic value, and resells access while repeating planted username/password pairs across thousands of devices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F1F9KfQ/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/KT5UPZ30BN1lpQYbySUo7W63dkn-MIqtO-Y23ytVN3A=452">
<span>
<strong>Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zafran Security disclosed DifyTap, four flaws in the open-source LLMOps platform Dify (CVE-2026-41947, CVSS 9.1, in tracing config lacking tenant validation; CVE-2026-41948, CVSS 9.4, in the plugin daemon enabling arbitrary API access and path traversal; and high-severity CVE-2026-41949 and CVE-2026-41950 in file identification and permissions) that let any signed-up console user read other tenants' chats, files, and internal APIs across multi-tenant cloud deployments, fixed in Dify 1.14.2 with a WAF rule recommended for CVE-2026-41948.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fmodelorat-and-mistic-backdoor%2F%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/n_VdVZEkaZv9SAVDVg_qUD-3yLvLeZpCrlIEqtP6rHw=452">
<span>
<strong>ModeloRAT and Mistic Backdoor Activity Linked to Ransomware Initial Access Broker (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Symantec and Zscaler tie the Python-based ModeloRAT (WinPython-delivered, run via signed pythonw[.]exe with RC4 C2) and the new in-memory, disk-less Backdoor.Mistic (DLL-sideloaded as EndpointDlp.dll via MpExtMs[.]exe, hooking GetModuleFileNameW and LoadLibraryW, with a self-delete kill switch) to financially motivated access-broker Woodgnat (aka KongTuke), whose ClickFix/FileFix/CrashFix and Microsoft Teams helpdesk "paste-and-run" lures have seeded Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta ransomware, so defenders should hunt EndpointDlp.dll loads by MpExtMs.exe, remote-tool-named Run-key persistence, and signed pythonw.exe executing unknown scripts.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnovee.security%2Fblog%2Fcordyceps%2F%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/9m0H_IZNc7QhhdGxKyb1TaIi8JskrgfHs2vosuyiqOM=452">
<span>
<strong>Cordyceps: The Silent Parasite Consuming Your Supply Chain (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Novee's team mapped CI/CD workflow bugs across roughly 30,000 prominent openβsource repositories and confirmed over 300 exploitable chains in GitHub Actions pipelines used by Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. Attackers with a free GitHub account can trigger workflows via pull requests or comments to run arbitrary code, steal longβlived tokens, and push modified artifacts into production paths such as Azure Sentinel content, Google Cloud projects, Apache Doris builds, Cloudflare Workers tooling, and Black's Docker images, reaching thousands of downstream environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Featon-works.com%2F2026%2F06%2F24%2Fjnj-webapp-hacks%2F%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/I9QgAuPpx9G0DwKCmR6LsUQIEBq96wzTN_ShP-GRvUk=452">
<span>
<strong>Exploiting vulnerabilities in Johnson & Johnson web apps (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Johnson & Johnson's campus recruiting site exposed nearly 1,000 students because client-side Microsoft Authentication Library (MSAL) checks could be bypassed and AWS APIs accepted a hardcoded key. The Audit Tracking Management System (ATMS) app exposed user lists, session creation, and admin access via unauthenticated APIs and local-storage spoofing. The reporter says the ATMS was fixed only after a journalist contacted JnJ, and the published timeline shows delays from October 2025 to April 2026.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.papermtn.co.uk%2Fdetecting-misuse-with-the-claude-compliance-api-the-threat-is-in-the-content%2F%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/flXmsdgX43VEL9owOO4qsvA12YRExdRF6_w9pdiMsZw=452">
<span>
<strong>Detecting Misuse with the Claude Compliance API: The Threat is in the Content (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In a previous post in this series, the author introduced an SDK to ingest Claude Compliance API events into a SIEM. When teams map these events to a common data model, they can leverage existing detections they've built that operate on that model. The post then suggests some specific detections to write for Claude. However, the tricky part is that the alerts need to detect intent rather than just rely on regexes. The author proposes a workflow that prefilters content and then sends it to an LLM-as-judge before creating a SIEM event.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ffabriziosalmi%2Fcaddy-waf%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/HYNsVvEt364fYCa2wOiNhWGXyNnd5Gyt_VKGnmDogz8=452">
<span>
<strong>caddy-waf (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
caddy-waf is an HTTP handler middleware that inspects requests and responses across four well-defined phases, applies a regular-expression rule set with anomaly scoring, enforces IP/DNS/ASN/country blacklists and whitelists, performs token-bucket-style rate limiting, and exposes a JSON metrics endpoint.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.geordie.ai%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/KNAoiJThuj2b3CvE4KADgyWl2S49tiOITSOtIgL-eP4=452">
<span>
<strong>Geordie (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Geordie is a platform that inventories and monitors AI agents in an organization, tracks their access and behavior, measures enterprise risk, and uses a runtime remediation suite called Beam to control and constrain those agents at scale.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcloudflare%2Fsecurity-audit-skill%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/yzFwg4c5fCi1HHcL72yqakY8OENvumI6E5D8pV4fsN8=452">
<span>
<strong>security-audit-skill (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare's open-source coding-agent skill transforms an agent into a security auditor, managing multiple sub-agents in a six-phase pipeline (recon, hunt, validate, report, structured JSON output, and independent verification). It reports only exploitable findings, including specific attack scenarios, with adversarial review in which the validating agent is never the finder, thereby reducing false positives. The repository includes the vulnerability-discovery harness from Cloudflare's "Build your own vulnerability harness" blog post. Runs are additive, reading previous findings.json files to skip known issues and identify gaps. Notably, a single run detects about half of the vulnerabilities found over multiple attempts, making repeated passes necessary for comprehensive coverage.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FeapkBa/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/DFd69yHL-0mC-sm8H_uSraNej_H_TNzJ4_BwB0iG_aM=452">
<span>
<strong>Anthropic's Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A US official says Anthropic's Mythos model, tested with intelligence agencies under Project Glasswing, quickly found vulnerabilities in classified systems but was not shown to exploit them. The Trump administration responded with directives limiting Anthropic's latest models, including export controls and access restrictions for foreign users, prompting the company to take models offline and cybersecurity leaders to argue that removing these tools may weaken US defenses against adversaries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.networkworld.com%2Farticle%2F4189077%2Fibm-red-hat-palo-alto-team-to-secure-open-source-software.html%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/gQKZ5N-NEVoV46wEjGt_4fjSKMXQ-zGKsWT9Ro0EwyU=452">
<span>
<strong>IBM, Red Hat, Palo Alto team to secure open-source software (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
IBM, its Red Hat subsidiary, and Palo Alto Networks are pairing Palo Alto's network-based virtual patching from Prisma with IBM/Red Hat's Project Lightwell remediation effort, enabling enterprises to receive preemptive virtual patches before official fixes ship and to deploy network-level protections the same day a vulnerability surfaces. The pitch leans on Nikesh Arora's framing that AI has collapsed the discovery-to-exploit window from weeks to minutes, positioning network-layer defense as the answer when traditional patching cannot keep pace, with early adopters concentrated among major banks and payment networks (Bank of America, Citi, Goldman Sachs, JPMorgan Chase, Mastercard, Visa, and others). The strategic signal: vulnerability intelligence and anonymized exploitation telemetry are becoming a subscription-monetized security coordination layer, extending the existing IBM/Palo Alto alliance that already spans quantum-safe readiness and AI risk assessment.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.wiz.io%2Fblog%2Fai-rewriting-secops-playbook%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/K6pMgiJTNVVSlyLEUn89fSoMk-CRTzOnrFjFc-sXL0c=452">
<span>
<strong>How AI Is Rewriting the SecOps Playbook (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As AI compresses the gap between vulnerability disclosure and exploitation to minutes, the SecOps model of gathering context after an alert fires becomes untenable, so context must be assembled continuously and beforehand across three layers: model (invocation logs surfacing prompt injection and data exposure), workload (runtime telemetry), and cloud (machine identities and delegated permissions used by AI agents). AI asymmetrically favors defenders, who can reason over inside-out context (asset inventories, identity relationships, source code, and business function) that attackers operating outside-in cannot replicate, shifting investigation from "did something unusual happen?" to "did this workload do something it was never designed to do?"
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Findian-auto-giant-bajaj-auto-hit-by-ransomware%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/Rgk1ZBiRSCWmKX2yebkymOs7mfFBDEePbWW4FbX7ufg=452">
<span>
<strong>Indian auto giant Bajaj Auto hit by ransomware incident (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Bajaj Auto, India's largest vehicle maker and the world's biggest three-wheeler manufacturer, disclosed in a regulatory filing that ransomware hit systems at the company and its Bajaj Auto Technology Limited subsidiary.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.csoonline.com%2Farticle%2F4188623%2Fmeta-pauses-employee-monitoring-program-after-data-protections-fail.html%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/Ml97_QMiFHRMgO9Zs_USj1AxLsKdG2ZcyF4QZKiu6eY=452">
<span>
<strong>Meta pauses employee monitoring program after data protections fail (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta halted its April Model Compatibility Initiative, which captured employee keystrokes, screen content, full prompts, private conversations, and performance data for AI training, after unauthorized staff accessed the restricted dataset twice (including after a claimed four-hour fix).
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.defenseone.com%2Fpolicy%2F2026%2F06%2Fnsa-mythos-anthropic-supply-chain%2F414371%2F%3Futm_source=tldrinfosec/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/Qrz0A9QF1Y3HDmWRPks6XJa5Xi4usfhctabqOxDnktQ=452">
<span>
<strong>Parts of NSA lose Mythos 5 access after White House imposes limits (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Parts of the NSA lost access to Anthropic's Mythos 5 after the Trump administration imposed export controls citing national-security concerns.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/Lx8I8nBrVChVdT9XZWoJr8P-7qsVVPc5rkbks577KzQ=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/7ftSHyuCBDMiP4sL0yOBWsb9YQisvG3ZeDEdewMHcZA=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/tVB8v5xLTe-zXPsiM-fnC0ESWyefxK1ZUVMWqT30QSM=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/pTeEWTTxS5jRlh_m8rQP2OTxZ4kBW6eAW1WGOLdicvw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/37mh_1r_UuTYZRBCBfG9zmROE5PGxntN2eXPQQ206bc=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/ptNGgdFaJnx7VTW3Rq_8UV--vMoKxANkIWkSMTdkwcc=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/vwkzYsmjlsRmQPX5jqTGRCUoPO4bSY_xvcVt-F5bZxw=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/H1GZsdZkEDOROnb1o3jYg8bexfQ4lgGi6QmkJCZBdTc=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/J0Sh8roO_t4B-pKb8_k2ysiK38H6hJdSgxFz_ebA0Sw=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/ov1xf--JB0Vh29pMTfDMXXX1p2Ws4fM3YTWZdrYtimo=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6638ac60-707d-11f1-b9de-a13c0964bb77%26pt=campaign%26pv=4%26spa=1782392486%26t=1782392824%26s=28f15d13802278c0394fface4358b85884e94781a7c59efc9f8e233606da6a74/1/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/TyN0wQwLe--FCwy7OgNvkV6sdZket-YNMWO3QQHJWBg=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019efee421a3-6db3084b-3d0a-43df-935f-26024362526c-000000/gOBu2OyPpBMJ1HQJbD-Y1NsdvWUHPZ88yE1LG7W_UIQ=452" style="display: none; width: 1px; height: 1px;">
</body></html>