<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A compromised third-party vendor allowed attackers to inject a malicious script into Polymarketβs frontend for some users β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/xKbkR7lw6tjpLZWRQi7DRiNS3PskQCJmBUUKMNadA58=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/d_SRFdL3tNk83cKkwh21aJ42STnIfALrmQfDVZZygHE=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=00fcf0b2-7114-11f1-a853-d7e0533fc64b%26pt=campaign%26t=1782479144%26s=2a01939acbe0a46e122af84a961a44f743f1b9e8904037a020b18254c52cde33/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/k-EZ6CfI7hxa4SYGMcJMlnG2iYk7zziyo9UpBW1r6C8=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-26</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcryptonews.net%2Fnews%2Fsecurity%2F33065348%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/rrW6XYy_BJd9EHU7LmtvYEcAN4zir66pclMYhCw0UXk=452">
<span>
<strong>Polymarket users lose $3 million after frontend hack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A compromised third-party vendor allowed attackers to inject a malicious script into Polymarket's frontend for some users, leading to a phishing-style drain of about $3 million from at least 11 wallets holding PUSD, with the stolen funds swapped to ETH and sent to a single address. Polymarket removed the bad dependency, contained the issue, and says it will issue a full refund to affected users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F25%2Fhacked-klue-says-criminals-are-deleting-stolen-customer-data-but-now-other-hackers-are-making-threats%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/L3cFyivy026bfUmRodhft_4D9lMV_h2VhUYXEymq8w0=452">
<span>
<strong>Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Klue says it is in contact with the Icarus hacking group and believes Icarus is deleting customer data stolen in the June 12 breach, which hit at least 11 security-focused customers. A second, unnamed group now claims to have copied that data from an Icarus operator's server, is listing 195 affected customers, and is trying to extort them directly. Klue is telling customers to verify any claims with random data samples and not pay the second group.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FmNbI72/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/rqiHW3FtLslXlvHS_7wv3kKq6LsZhHGDuFRh5-dBqq0=452">
<span>
<strong>New macOS Malware Embeds Fake Errors to Confuse AI Analysis Tools (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SentinelOne researchers discovered a new macOS malware, dubbed GasLight, that includes embedded prompt-injection strings to mislead AI analysis tools. The malware includes a 3.5KB payload that contains 38 fake βsystemβ messages alerting to issues such as out-of-memory errors, token expiry, and disk exhaustion, to confuse AI tools into stopping analysis of the binary. The malware itself is an infostealer and backdoor.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-213r1.ipd.pdf%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/nYVhH3Mi84e0A-SQW7mkrQY1Mjjfkfelk0M5h554nDY=452">
<span>
<strong>IoT Product Cybersecurity Guidelines for the Federal Government (30 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NIST is seeking public comments on the initial public draft of SP 800-213 Revision 1, which sets IoT product cybersecurity requirements for federal use and aligns them with existing NIST risk and control frameworks. The draft shifts focus from standalone devices to full IoT products and asks reviewers to validate the terminology, scope, and the extent to which the guidance supports current risk assessment practices.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurelist.com%2Fsmb-threat-report-2026%2F120357%2F/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/X1osUPq0LBkQ4ygO8IRWz96g90siqYZpA-G48g1Jxug=452">
<span>
<strong>Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Kaspersky's annual SMB threat analysis reports 33,352 attacks between January and April in which malware or PUAs, mostly Trojware capable of pulling additional payloads, masqueraded as five popular AI services, nearly five times the prior year and outpacing fake office tools, with Claude and OpenClaw among the leading lures alongside roughly 415,000 attacks impersonating messengers and 24,000 impersonating office software. The credential-theft chain leans on legitimate-platform abuse, with phishing kits spoofing OneDrive document shares, fake Facebook policy-violation appeals, two-stage lures staged through Zoom Docs pages, and dark web initial-access listings that disproportionately advertise SMBs as soft entry points into larger partners via trusted-relationship attacks, which rose from 12.7 percent of initial vectors in 2024 to 15.5 percent in 2025. Defenders should restrict and promptly revoke access to corporate resources, enforce account and password hygiene with email-borne threat filtering, run phishing-simulation awareness training, and install software only from official sources after verifying platform availability.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Ffn7bYL/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/tY-U9Jt3buqdoUSqqNkYdwFbwvpjhrHDw8y8Al-C24o=452">
<span>
<strong>Malicious Edge Extension Abuses Native Messaging as Bridge to Malware (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zscaler researchers are warning of a malicious Microsoft Edge extension dubbed Edgecution that utilizes the Chrome Native Messaging protocol to communicate with a Python-based backdoor. The attackers pose as IT support personnel on Microsoft Teams and direct a user to a fake Microsoft βOutlook Updates Management Console,β which the attacker can use to install the malware via an AutoHotkey, batch, or PowerShell script. The malware resembles the tradecraft of an initial access broker connected with the Payouts Kings ransomware operation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Foauth-for-all%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/gWdHXGboxV8ercdvmOZRfx_qsTr_FeWrOh4TU-ml_4A=452">
<span>
<strong>Unlocking the Cloudflare app ecosystem with OAuth for all (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare's June 3 self-managed OAuth release lets any customer register and manage their own OAuth clients for scoped, delegated access to the Cloudflare API, replacing the API tokens that previously gated SaaS integrations, internal developer platforms, and agentic tooling. This is Cloudflare's own launch write-up, and much of it reads as an engineering retrospective on migrating the underlying Hydra engine via sequential 1.X and 2.X blue-green upgrades, alongside clearer consent prompts, dashboard revocation, and visible app ownership to curb OAuth phishing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.runlayer.com%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/XoTm6Kr3jxZQiFO6ULrVZr4kR3LUFNA7aJS3oW49mSk=452">
<span>
<strong>Runlayer (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Runlayer runs a control layer for enterprise AI agents, monitoring access and usage, enforcing identity and permissions policies, and blocking prompt injection, data exfiltration, tool poisoning, and unmanaged agents across company systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FMemNixFS%2FMemNixFS%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/tJ1lhAH-Vp23yVx9j1P9CaSFNFvHTwnsuHNSQIw9iNk=452">
<span>
<strong>MemNixFS (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MemNixFS mounts Linux memory dumps as a browsable filesystem, exposing processes, the page cache, reconstructed root filesystem, threat-hunt verdicts, and a UTC forensic timeline as ordinary files you can grep, cat, or feed to existing scripts on Windows or Linux. It runs without a matching debug profile by generating types from the dump's embedded BTF information, and ships a stable C ABI so other languages can drive the same engine.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Famadey-and-stealc-malware-network.html%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/Z0hBZbNRRQ-aYJ_EL2KWieKOj5mQdzDsK3qxlYGuGhk=452">
<span>
<strong>Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Law enforcement and vendors disrupted Amadey and StealC infrastructure, seizing 326 servers, 142 domains, and restricting around $47 million in crypto tied to 27 million stolen credentials. Amadey and StealC operated as MaaS loaders and stealers, with affiliates using selfβhosted panels and broad payload delivery. Microsoft and partners shut down over 200 C2 endpoints and cut control over thousands of infected machines.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Fcl-sta-1062-tinyrct-backdoor%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/6pvr4FBL8Hxhgt27eLyjmqpGcpFVtJMg7XVZDDSkgbI=452">
<span>
<strong>CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 42 attributes a sustained 2025 campaign against Southeast Asian government and state-owned energy entities to CL-STA-1062, a Chinese-speaking cluster active since at least March 2022 that it assesses with high confidence to be the same actor Cisco Talos tracks as UAT-7237. The group pairs commodity tooling such as SoftEther VPN, Mimikatz, VNT, and JuicyPotato with TinyRCT, a previously undocumented C#/.NET backdoor delivered via AppDomainManager injection that supports arbitrary command execution, file exfiltration, screen capture, and a self-destruct routine that scrubs forensic artifacts. The progression from Taiwanese web hosting infrastructure to regional critical energy and government targets signals a broadening Asia-Pacific espionage focus, and the shift toward bespoke malware suggests CL-STA-1062 will remain a durable threat to the region's strategic sectors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F25%2Fthe-white-house-is-asking-openai-to-slow-roll-the-release-of-its-new-model-over-safety-concerns%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/n4Wjer8jmPU45VZ8Pigf3v4WNP2X6ISNL8b22xLWXxU=452">
<span>
<strong>The White House is asking OpenAI to slow roll the release of its new model over safety concerns (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Trump administration has reportedly pressed OpenAI to limit GPT 5.6 to a vetted, customer-by-customer preview rather than a public launch, mirroring Anthropic's Project Glasswing restrictions on its Claude Mythos cyber model, over concerns that frontier models capable of autonomously finding and exploiting software vulnerabilities pose an outsized risk in the wrong hands.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fzw6uXE/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/_aaFahgYcW-MvRTdEB7kAR4eZap8THZmUM2koKqJF2M=452">
<span>
<strong>GitLab Patches Code Execution, Information Disclosure Vulnerabilities (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitLab shipped CE/EE security releases fixing 13 issues, including three highβseverity bugs in Analytics dashboards, Web IDE, and Duo Workflows that allow XSS and exposure of committed data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techrepublic.com%2Farticle%2Fnews-interpol-cybercrime-report-apac%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/mtQA1QKwRM6wiGkqXpknAEYTiiKLjMFxn3gBcsU6wWE=452">
<span>
<strong>Interpol: Cybercrime Hits 30% of Recorded Crime in Surveyed APAC Countries (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Interpol's 2025/2026 Asia and South Pacific Cyber Threat Assessment found that more than half of 18 surveyed member countries report cybercrime as 30% of recorded crime.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.zdnet.com%2Farticle%2Fchromes-next-update-will-kill-your-adblocker-and-make-the-web-less-safe%2F%3Futm_source=tldrinfosec/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/t8KNPNyo0aPrVddcPl56byOke3urp5Zj8GiJms51ZMw=452">
<span>
<strong>Chrome's next update will kill your adblocker - and make the web less safe (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chrome's Manifest V2 to V3 transition, expected to finish with version 150 (rumored June 30), caps extensions at 30,000 filtering rules and strips out dynamic content blocking, gutting advanced ad blockers and security tools like uBlock Origin and NoScript and weakening protection against browser-delivered threats such as ClickFix malware.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/UxjJW1FU9uMSxYHm572TI2RPM2-WZYm9td49HVsRzgs=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/tU1Y6Mkg-ZQ7wbd857UmYc5A-eOm5aKxG5JMPlyZ6Sk=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/lJIyXV__OyLYPNe_qRDw_dJefW8GSqnLJ4gwPN90ZoI=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/Gbu_34-5pg2_QW_RWIUKpAblwP7SxvfZtVI8S3fGDA0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/6mhXvyvBuiFolkFPBLnEiUWhkKLP8CDagUXTgAACUHI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/DKcmFvd0-ttHBSFkwbHh5_mE7Oa23DxDO5xr1Bz21gY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/gEli9P0o_5UK4otRkVHsJ7fK3bbdwnj4Xx4jAGWxErg=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/nRyiLnc3whKrKkg4GDFeCe6lFmsi8TJ49RNY_-Wmp58=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/o7iPiCtrFXk_wVSBhwKYJ6VAjF6NE6hpy_Op38jAZYc=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/2iN_KdpVVTN1gHPygMQVHVgDukJtK1V5veqGQ7_9SEM=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=00fcf0b2-7114-11f1-a853-d7e0533fc64b%26pt=campaign%26pv=4%26spa=1782478824%26t=1782479144%26s=49bd8f5567b6490eb7200e5dce1a020b0698630103b337c488a16b5c0c714a08/1/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/s-Mmkrya_FYlXhz69roiDvsoYx94ZM7PWnsqoVKCAlw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f04094666-cab846c4-cb0f-4ff7-95f1-680eaef88d7b-000000/dIZXM3fu0OpiFdOmDy3YUKnVWmN8gqnXvh1rYNQrdBw=452" style="display: none; width: 1px; height: 1px;">
</body></html>