<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-43503 (CVSS 8.8), known as DirtyClone and detailed in a June 25 JFrog exploit walkthrough, is the fourth in the DirtyFrag family β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/-9WSn8EvmKxED5PAXW6O4RBuP7kDYde0y-Ocwn486SI=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/t7f7l6VXRaxsG_gYowFdGfuHys9QF_1MfOgufl3nYa4=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a16de038-745c-11f1-893b-39763bc2e5d3%26pt=campaign%26t=1782824893%26s=02f2491745c4fbb54f9489892c4c828f80463eae4cc022edfebf3a991bf08dd2/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/vPs0ypzvqkUJG5Ra_mLlTuS2vjEy-ayUNUyYBpgsw3k=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Fsfcampaign_id=701Rc00000dDaIXIA0%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26utm_content=header_1_500_pct_surge/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/B09ZHbSUyMfuQG6UTr9DfAentVYBFqeKvkB6Ch0ZN20=452"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-30</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Fsfcampaign_id=701Rc00000dDaIXIA0%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26utm_content=header_1_500_pct_surge/2/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/bvcMRNCVmUwFs3dNI2cMgMfLrgwu7HZcuY4eBpz_8fg=452">
<span>
<strong>The 1,500% surge in AI-related threats was just the beginning (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered cybercrime is scaling, but not in the way you think. Ransomware is up 53% and it's mostly identity-based extortion, not technical file encryption, that's to blame.<br><br>Flashpoint's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Fsfcampaign_id=701Rc00000dDaIXIA0%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26utm_content=body_intro_2026_global_threat_intelligence/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/o517jvYm2DxNftZRp8GnFC7erer8VaAlBa_FQBq8ZkA=452" rel="noopener noreferrer nofollow" target="_blank"><span>2026 Global Threat Intelligence Report</span></a> provides a data-driven view of the 2026 threat landscape. Readers will learn:
<p></p>
<ul>
<li>Why threat actors are <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Fsfcampaign_id=701Rc00000dDaIXIA0%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26utm_content=body_outro_transitioning_genai_autonomous_agents/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/NWPxdfLpyI-3jTEbWjOlinax04u0RieuXtnLfDo8j_U=452" rel="noopener noreferrer nofollow" target="_blank"><span>transitioning from GenAI to autonomous agents</span></a> that execute end-to-end attacks without human intervention.</li>
<li>How the professionalization of groups like RansomHub and Clop is scaling the cybercrime economy.</li>
<li>How 3.3 billion compromised credentials and cloud tokens are making identity the primary exploit vector.</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint-intel.com%2F2026-global-threat-intelligence-report%3Fsfcampaign_id=701Rc00000dDaIXIA0%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_GTI_2026%26utm_content=cta_report/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/DVsjk9AFJEdzq7Bq1_UWa3wCfQ0dl47f3iq-1VvC4XA=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fit4sec.substack.com%2Fp%2Fskip-or-inject-commands-into-uav%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/nm-BczQzfPlZTlE1OYTM8HLMdtQTXSBjIYl0LhiVZxI=452">
<span>
<strong>Voltage Glitching Attack Bypasses Safety Checks in PX4 Autopilot Flight Controllers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers demonstrated a voltage-glitching attack against the PX4 Autopilot running on an STM32 microcontroller, enabling the bypassing of safety checks and the skipping of control instructions within the flight controller. The attack was shown on a flight controller board widely used across research, hobbyist, and commercial UAV applications, though the current implementation requires physical access to the device. Defenders should treat physical access to UAV flight controllers as a meaningful risk vector and evaluate hardware-level mitigations for STM32-based PX4 deployments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F194338%2Funcategorized%2Fdirtyclone-fourth-linux-kernel-flaw-in-six-weeks-escalates-to-root.html%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/wsvWsQUFAlGxRMCVliRnHhkvWvw03o12SX9irkjbj3s=452">
<span>
<strong>DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-43503 (CVSS 8.8), known as DirtyClone and detailed in a June 25 JFrog exploit walkthrough, is the fourth in the DirtyFrag family. It allows unprivileged local users to gain root by tricking the kernel into treating read-only, file-backed page-cache memory as writable. The attacker maps a privileged binary, such as/usr/bin/su, wires those pages into a packet, and forces decryption through an attacker-controlled IPsec tunnel, overwriting the binary's auth logic without touching the disk or leaving any logs. The exploit requires CAP_NET_ADMIN, available on Debian and Fedora through default unprivileged user namespaces, but Ubuntu 24.04+ blocks it via AppArmor. Root causes include fragment-transfer helpers dropping the shared-frag flag, as well as related vulnerabilities such as Copy Fail, DirtyFrag, and Fragnesia. Defenders should apply the May 21 mainline fix or, if immediate patching isn't possible, set kernel.unprivileged_userns_clone=0 or blacklist specific modules, knowing that this disables IPsec and AFS and that new DirtyFrag variants may still emerge.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fus-insurance-regulator-confirms%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/ATZcn-EgH3_LSltY0tqsfZ7ti34y-vPEtOP_rAiwXI0=452">
<span>
<strong>US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The NAIC, the non-profit association for the US insurance regulatory system, confirmed on June 26 that an unauthorized actor reached a portion of its environment via a zero-day in Oracle PeopleSoft (used for internal financial reporting), part of a broad campaign that hit multiple organizations before the flaw was known to the vendor. The breach was detected on June 11 and disclosed on June 17. The attacker obtained temporary access to certain storage areas and published some data, prompting several credit rating agencies to pause their feeds and the NAIC to temporarily suspend the assignment of designations to insurer investments, while the association denied the attacker's claims of access to regulatory systems such as SERFF, OPTins, and RDC. The strategic read for defenders is that a PeopleSoft zero-day exploited at campaign scale turns a back-office financial-reporting platform into a path that can stall sector-wide functions like rating designations, a reminder that shared enterprise software at a regulator becomes systemic infrastructure whose compromise ripples outward to the entities depending on its outputs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjohnstawinski.com%2F2026%2F06%2F18%2Frepo-jacking-anthropics-claude-community-plugins-and-the-shas-that-saved-them%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/w_n8Gbje-663va0yGVaqP7v_7cewbV-9c5uul2NYZSg=452">
<span>
<strong>Repo-jacking Anthropic's Claude Community Plugins (And the SHAs That Saved Them) (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Stawinski agent-scanned Anthropic's official claude-plugins-community marketplace.json for entries pointing at owner/repo paths whose GitHub accounts had been renamed or deleted, then claimed one dangling namespace (oduffy-delphi), recreated deep-research-claude seeded with a clone of the real project, and demonstrated that the /plugin install flow's "Open Homepage" action lands the user on the attacker-controlled repo with no warning, one click from a setup-mode user who already trusts the ecosystem. The automated code-install path held because marketplace entries pin each source to an immutable commit SHA (e76d372e96e626f01a8d3a6c2aed142faa1234d4 for this plugin), so a recreated repo cannot reproduce the pinned hash and the integrity check fails, though the author flags that Anthropic's bot-driven SHA-refresh PRs may be foolable into ingesting a SHA from a malicious commit, making the protection durable only until that validation is bypassed. Anthropic closed the report as out-of-scope (dependency hijacking excluded, residual risk classed as social engineering). IOCs are the dangling paths still claimable at disclosure time: mailfnguides-del/Claude-Paste, comment-io/claude-code-plugin, CharlieGreenman/ghostlty-dynamic-themes, Chipkorvyn/Strategy-consultant, and oduffy-delphi/deep-research-claude. Harden by treating Anthropic-vetted marketplaces as untrusted third-party code, pinning all plugin sources to commit SHAs rather than branch refs, auditing marketplace.json for owner paths whose accounts no longer resolve, and avoiding "Open Homepage" on freshly installed plugins since that link resolves live and outside any SHA guarantee.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flyra.horse%2Fblog%2F2026%2F06%2Freddit-spam-internals%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/bmghlvjeegLYF-9lpYE6v5GaotvRx1llJYIHedmy6hk=452">
<span>
<strong>A peek into Reddit's anti-spam internals (17 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In 2021, a glitch in Relay for Reddit exposed internal removal reasons for sitewide spam actions, revealing how Reddit labels and processes spam at multiple layers. This post walks through legacy source code to explain moderator removals, domain-based bans, and systems like spammit and spamurai, which combine rules, perspective-based spam scoring, and account metadata to flag posts. It shows concrete spamurai strings, domain experiments, regex tricks with unidecode, link βinspectionβ that follows redirects, and special rules that can instantly wipe accounts tied to certain patterns.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fprojectblack.io%2Fblog%2Flocal-ai-for-cyber-security%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/W_e58ZTqTqfg3R8samd7Hj2SxmS8V87pTZ3Vnkcn6f4=452">
<span>
<strong>Local AI for Penetration Testing & Research (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Four workflows are tested against a known PHPIPAM authenticated LFI issue: Semgrep, an agentic cloud setup with GLM 5.1, a cloud skillβbased review system, and a local model driven by a custom fileβbyβfile harness. Semgrep and the agentic cloud run miss the bug. The skillβbased approach only catches it on some runs and shows how detection depends on which files are read and what patterns are searched. The local harness, walking each source file with structured reports, reliably finds the LFI and later uncovers an authenticated RCE in myVesta, now fixed as CVEβ2026β12195.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04l_tGW0%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/yK2yTMuRkQcpBsX45bzPmOkjbnZ0cWxdPyA_WLDftCs=452">
<span>
<strong>Only 3% of data exfiltration attacks get blocked (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
How do security controls perform across every layer of a defense-in-depth strategy? Network controls miss 38% of threats. Only 14% of attacks generate an alert. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04l_tGW0/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/kKoKJwdCyh1t1Yo5pAUkBlhwiMlLJcePxT7wr_Lh8cU=452" rel="noopener noreferrer nofollow" target="_blank"><span>This whitepaper</span></a> breaks down where each layer fails and how breach and attack simulation validates and fixes the gaps. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04l_tGW0/2/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/ARFNr0IxodkZSJWZjex2mHsKUGufNNMapcU7jQ-_SUo=452" rel="noopener noreferrer nofollow" target="_blank"><span>Download the Multi-layered Defense Guide from Picus</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.doyensec.com%2F2026%2F06%2F17%2Fsession-switcher.html%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/xvqIWq1lGVd4MiyX61HIRr2MD45JD4HjTXIYGmIVsDw=452">
<span>
<strong>Introducing Session Switcher. Swap Burp Sessions with One Click! (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Doyensec released Session Switcher, a Burp Suite extension that adds a Sessions tab to the request editor to store named cookie/header sets and swap between user roles, tenants, or privilege levels with a single click. Auto Update rules monitor Proxy traffic to keep stored sessions valid, refreshing the alice session whenever cookies change on requests carrying the X-User: alice header, which removes the manual JWT and cookie re-pasting that drives false positives in IDOR and privilege-escalation testing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.straiker.ai%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/-KwTbQBZ_3zgS_k7WqAyw0C9YHB4rNoVZ1gBerPmzRw=452">
<span>
<strong>Straiker (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Straiker provides a platform that finds autonomous agents in company systems, tracks what they access and do, tests them before rollout for exploitable flaws, and blocks live attacks using updated exploit data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FADScanPro%2Fadscan%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/Q8A6o80bNYZ6mq-aEgSmqf_LafGveCdzggxIHYsFZeA=452">
<span>
<strong>ADscan (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ADscan is a free Linux CLI for pentesters, red teamers, and security consultants. It covers 41 Active Directory attack techniques in a single workflow: enumeration, Kerberoasting, AS-REP roasting, ADCS/ESC exploitation, DCSync, credential harvesting, and native attack-path analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F194360%2Fintelligence%2Fnew-fbi-alert-russian-intelligence-uses-signal-recovery-keys-to-access-messages.html%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/P-CKaqQ-r3-IX2XIuo2l1ysk6CMy42q7CCde3kDHVQo=452">
<span>
<strong>New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A joint FBI and CISA update to their March advisory names UNC5792 and UNC4221 as FSB-linked operators who have shifted their phishing objective from expiring verification codes to Signal Backup Recovery Keys, posing as automated support to walk targets through enabling backups and pasting the key into chat. The distinction the advisory keeps emphasizing is that nothing here breaks Signal's encryption: the account is the weak point, and a harvested recovery key unlocks the full historical archive and survives account recreation under the same phone number, so it functions as durable access rather than a one-session compromise. The broader signal for defenders of high-risk populations is that end-to-end guarantees stop at the human who can be talked into exporting their own keys, a pattern now mirrored against WhatsApp and Telegram and serious enough that Rewards for Justice has attached a $10 million bounty to UNC5792.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F06%2Fsupreme-court-ruling-guts-governments-use-of-geofence-warrants%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/0nCKAjKdwFN11ZXONkyT8-YfiPloyjN8bECPLtI62X0=452">
<span>
<strong>Supreme Court ruling guts government's use of geofence warrants (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Supreme Court ruled 6β3 that cellphone location history held by companies like Google is protected by the Fourth Amendment and generally requires a warrant for police access. The majority rejected arguments that limited data slices or voluntary sharing with apps strip users of privacy expectations.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWwJ81p/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/7WYP36QNeh5u9jJ0gzpb1T-_t6BRD1axtN2W6_lzFTk=452">
<span>
<strong>Clean GitHub repo tricks AI coding agents into running malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mozilla 0DIN researchers demonstrated a proof-of-concept where an agentic coding tool like Claude Code clones a clean-looking GitHub repo with ordinary setup instructions (pip3 install -r requirements.txt, python3 -m axiom init), and a deliberately planted Python package refuses to run until initialized, emitting an error that prompts the agent to auto-run python3 -m axiom init as routine error recovery, which executes a shell script that pulls an attacker-controlled value from a DNS TXT record and runs it as a command. No malicious code lives in the repo, and no single step trips review, because the reverse shell sits three indirection layers from anything the agent evaluated (a trusted error message, a fetching script, and an unseen DNS record), yielding an interactive shell with the developer's privileges and access to environment variables, API keys, and local config for persistence. 0DIN, which notes threat actors could seed such repos via fake job posts, tutorials, or DMs, recommends AI agents disclose the full execution chain of setup commands, including dynamically fetched scripts and code. Defenders should run untrusted repos in sandboxed or containerized environments, deny agent outbound DNS/network egress during setup, and require human approval for any command that pipes fetched content into a shell.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fanonymous-hacktivist-aubrey-cottle-gop-cyberattack%2F%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/FdDUicloivb5ht0c8JFZfhyat62cWMYsraCg2RI7Xbw=452">
<span>
<strong>Anonymous-Linked Hacktivist Aubrey Cottle Jailed Over Texas GOP Cyberattack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Canadian hacktivist Aubrey Cottle (Kirtaner), once linked to Anonymous, was sentenced to 18 months in a Newmarket court after pleading guilty to three charges over the September 11, 2021, defacement and 180 GB data theft from the Texas GOP via web host Epik.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2026%2F06%2Ffactoring-rsa-keys-with-many-zeros.html%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/GutKmBHYBxP2KWOwR6B6MP_zHmeUxKLZT3BBQVMm5Vg=452">
<span>
<strong>Factoring RSA Keys with Many Zeros (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The badkeys project found real-world RSA moduli with regularly spaced all-zero blocks across CT logs and internet scans.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdaringfireball.net%2Flinked%2F2026%2F06%2F29%2Ftata-electronics-breach%3Futm_source=tldrinfosec/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/BIPURd2i57TMmEZARv8WDWcJBGffBivkqQ-lMdg8nHk=452">
<span>
<strong>Data Breach at Indian Supplier Tata Electronics Exposes iPhone 18 Pro Details and Photos (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A ransomware group that breached Apple supplier Tata Electronics posted files to the dark web exposing hundreds of iPhone 18 Pro component details, photos, and supplier-to-part mappings Apple keeps out of its public supplier database
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/FDs7H33atHs7Zr_UcL3RXn8bEqshEDTvHORVep_2BeM=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/yQssSkfuXWvGDHhVSVI0jE1TDM8Fl08acstKkHjbYwY=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/0rx-PwiV9FKF_yp3ap5Vq9Bxmb8R8VEks8QF5s67ADU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/hui2i1A0DxEPlW91_jiy3Ovq2NcUC96-9F3dTeLY09E=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/RytHqh6C4SRd63ggfO73KDyzlIMDnAdcsM0qy-0Mnas=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/uoJwlmxy9rAN0U0qwZU6S8KGN2Sv0Mbe0FH5XwMtZqg=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/XMlxC7_yBdQdPA7XEX6TUWD9byIwU5oT4UuwDmeweuQ=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/HV7peKiLVSL-5YbDgX9RJoanwnz-pWT-Q-eQRCS-26A=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/wOY6WPZr8JB0dSQwPwCrhfFvfZ4I82WYGgMfGNR-MuU=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/OvvvxBAwpBVIf5Zwf-l1ITdA9xVOlYtcl_5XC0vNb5o=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a16de038-745c-11f1-893b-39763bc2e5d3%26pt=campaign%26pv=4%26spa=1782824575%26t=1782824893%26s=26d37d7cb29cfafc7e50671a9b97ae4320670836982b67cbcd2267d8c7e6ab0f/1/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/3waUbDKH-0FBsJOUg0H0aFT2STZJ8rzWENDopABU6es=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f18a4fb78-e8f5be4b-77b4-4863-9956-09ad68971752-000000/FJ_Y6E8-HXrZ7opQljPX_uM3yhAr8fxDSje5mfCFMzc=452" style="display: none; width: 1px; height: 1px;">
</body></html>