<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">An anonymous researcher known as "bikini" published a repository named "exploitarium" containing zero-day exploit write-ups β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/kV1LIv7XBOHATQrPxQiHVMGYTXd_SY0EJ07mu8YXo9E=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/DnGyXAuR1sx_k1b4sE1SQpAyWV13JAwTBQT1RR5D_mo=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6241283a-751e-11f1-97d5-2b1129054454%26pt=campaign%26t=1782911177%26s=85ccff8fad415b37114793d2c2426aa2974cf859b2f7e9b0442d38fd01ffc30c/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/Q_UmWbBD1ay2PcD8G0gE_lvN4oFC8CujqIpLcnFIZLo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F06%2F29%2Fanonymous-researcher-drops-0-day-exploitarium-repo%2F5263961%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/jBTtjPayVuCQEAd2WAZEjWgfPcNu1bmCmZYNrasGO58=452">
<span>
<strong>Anonymous Researcher Drops 0-day 'Exploitarium' Repo (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An anonymous researcher known as "bikini" published a repository named "exploitarium" containing zero-day exploit write-ups for multiple software products, including active exploitation of CVE-2026-55200 in libssh2 and CVE-2026-20896 in Gitea Docker deployments, without prior vendor notification. The vulnerabilities detailed are a pre-auth heap corruption remote code execution flaw in libssh2 and an authentication bypass in Gitea, both of which are currently unpatched. Defenders should monitor SSH and Git service logs for anomalous activity and block exploitation attempts targeting libssh2 and Gitea until official patches are released.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flobste.rs%2Fs%2Fuaoe9y%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/w0tFkVjoTI6JPidKUhrf6V35g2zXrE-xVKRwL6-wL28=452">
<span>
<strong>Longinus: 2 Boundaries in One Bug, Piercing Chrome's Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307 (25 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-6307, known as Longinus, is a critical V8 JIT compiler vulnerability in Chrome 106 that enables attackers to bypass the renderer sandbox and V8 heap isolation through a single flaw in TurboFan/Turboshaft inlining, JS-to-Wasm call wrapper canonicalization, and deoptimization FrameState handling. The vulnerability provides arbitrary read/write primitives within the sandboxed heap and allows full remote code execution without memory spraying or chained exploits. Defenders should apply Chrome updates to version 106.0.5249.119 or later and monitor for exploitation attempts targeting V8 JIT components, particularly in rendering contexts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FC9oCqS/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/c529tHq4A4JLmrK2BZgtoaoWLesSeTgpeL0N3ZTCJ88=452">
<span>
<strong>Vulnerabilities Expose Private Data in Indian Government Systems (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An independent researcher reported 14 security flaws across Indian government education, scholarship, and civil service portals, exposing student records and thousands of full bank account numbers through open directories and weak access controls. The Union Public Service Commission portal had an exposed admin interface, missing security headers, and issues that enabled automated credential attacks, creating straightforward paths to full system takeover and largeβscale data theft.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecuritylabs.datadoghq.com%2Farticles%2Fmapping-out-your-unknown-threat-hunters-guide-to-salesforce%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/fgCLimvymrojSLVkUYcQkPUhlMhZibTZDwguixwzZiI=452">
<span>
<strong>Mapping out your unknown: A threat hunter's guide to Salesforce (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog's Julie Agnes Sparks analyzes the first part of the MITRE ATT&CK chain against Salesforce in the GRUB1/UNC6395 Salesloft campaign. Attackers gain initial access via OAuth phishing, compromised third-party tokens, or stolen SSO/MFA factors, then attempt brute-force retries and weak-factor swaps, locking out owners. They reuse OAuth tokens and perform discovery, hitting API limits, listing objects, and querying data to size exfiltration. Defenders should monitor Event Log Files and Real-Time Monitoring for AuraRequest calls, LoginEvent records with rare values, privileged account activities, and large queries, and correlate them by IPs, off-hours, and user agents. Queries use Datadog syntax, and the post promotes Datadog's Salesforce integration and SIEM detection rules. Other shops will need to adapt field names, and steps covered include recon through discovery, leaving collection, exfiltration, and ransom for later.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fenterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/XqfyIf1jFNk3bzCL-XnpOi-UZUkFq55Wra_efOtd7d4=452">
<span>
<strong>Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-8037 is a pre-authentication remote code execution vulnerability in Progress Kemp LoadMaster, exploitable via the LoadMaster API when enabled due to an uninitialized heap condition. The vulnerability allows unauthenticated attackers to execute code by exploiting improper memory initialization during API request processing. Defenders should patch to LoadMaster version 7.2.63.2, which addresses the flaw by modifying the escape_quotes() routine, and monitor API access logs for unauthorized activity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F06%2F30%2Fsecuring-ai-agents-ai-tools-move-from-reading-acting%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/R749DNMoKPZwKN45cWjwM4nfENSSu5EVlFoitqz1lqs=452">
<span>
<strong>Securing AI agents: When AI tools move from reading to acting (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Enterprise AI agents are starting to run tasks across business systems via MCP-connected tools, which opens the door to data theft when tool metadata is poisoned. A finance-focused Copilot Studio agent example shows how hidden instructions in an enrichment server's description quietly pull unpaid invoice data and send it to an attacker-controlled endpoint, all while remaining within normal permissions and workflows. Microsoft recommends treating MCP servers and descriptions as part of the supply chain, inspecting metadata, restricting tool access, and using DLP, Sentinel, and Guardrails to monitor and block risky actions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fblog%2F2026%2Fwe-have-mythos-at-home-glm-52-beats-claude-in-our-cyber-benchmarks%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/ITxMkpAUQPbdVb1_21Uujd6vwI64XIyB8AV3IOTELSA=452">
<span>
<strong>Semgrep: GLM 5.2 Beats Claude in Cybersecurity Coding Benchmarks (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GLM 5.2, an open-weight model from Zhipu AI, achieved a 39% F1 score in Semgrep's IDOR detection benchmark, outperforming Claude Code's 32% at a cost of $0.17 per true finding, though Semgrep's own multimodal pipeline with endpoint scaffolding reached 53% to 61%, underscoring that harness design significantly influences real-world effectiveness beyond raw model capability. The results highlight GLM 5.2 as a cost-efficient, competitive option for security-focused code analysis, particularly when deployed within optimized evaluation frameworks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FPennyw0rth%2FNetExec%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/kY1AatWu7NkCusYop-X23ueUynkp2QpHPso_dTFg6mU=452">
<span>
<strong>NetExec (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NetExec is a network service exploitation tool that helps automate the assessment of the security of large networks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FDietrichGebert%2Fponytail%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/91BBnVAcqP-aLTBpiAzLXnuH30YxVknzbtZ7jyIX8zM=452">
<span>
<strong>Ponytail (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A coding agent/plugin that makes your AI agent βthink like the laziest senior dev in the room.β The goal of the plugin is to reduce the amount of code generated to the absolute minimum.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:infosec@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a curator for TLDR Infosec! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 400,000 subscribers read TLDR Infosec to stay on top of the latest in cybersecurity, vulnerabilities, breaches, threat research, and security tools. If you work in security and want to help curate it, send your LinkedIn or resume to <a href="mailto:infosec@tldr.tech" rel="noopener noreferrer" target="_blank"><span>infosec@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fscotthelme.co.uk%2Ftop-1-million-analysis-june-2026-ten-years-of-web-security%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/qEGZlwPWvmiKk0z8kKqIZr9T-FPJA4TYwz1qq4-xCss=452">
<span>
<strong>Top 1 Million Analysis β June 2026: Ten Years of Web Security (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Scott Helme's decade retrospective on the Tranco Top 1 Million (819,002 responding sites) shows the foundational web-security primitives now firmly entrenched: HTTPS redirects have climbed roughly 960% since 2015 to 658,038 sites, CSP has grown 125x to 170,057, and HSTS sits at 252,846, yet the headline story is that presence has decoupled from quality, with 46.8% of CSPs still carrying unsafe-inline, only 21% of HSTS deployments preload-eligible, and DMARC stuck at p=none on 51.4% of publishing domains. The structural takeaway is concentration risk: Cloudflare now fronts over a third of responding sites and single-handedly drives aggregate movement in NEL, HTTP/3, and the cross-origin isolation family whenever it flips a default, meaning much of the web's measured "progress" reflects one provider's configuration rather than independent operator decisions. Helme runs sponsor Report URI and folds in course and product mentions, so read the optimistic framing accordingly, but the core signal stands: with over half the population still scoring an F on basic headers, the next decade's lever is correct configuration and better platform defaults, not further raw adoption.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.techmeme.com%2F260629%2Fp8%23a260629p8%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/UcI5IADc882y42N09Wx0mNDYOQ7Z2NgbZuunPIgyAxs=452">
<span>
<strong>Security and Misuse Concerns Surround 100,000+ AI-Powered License Plate Readers (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 100,000 AI-enabled automated license plate readers, primarily deployed by Flock, have been installed across the United States, enabling persistent location tracking and raising alarms about unchecked surveillance and potential police misuse. Security flaws and weak data safeguards in these systems risk unauthorized access, mission creep, and harmful exploitation of collected data by law enforcement or malicious actors. Defenders and policymakers should audit ALPR data retention policies, monitor access logs for anomalous queries, and enforce strict compliance with civil liberties standards to mitigate abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F06%2Fai-browsers-can-be-lulled-into-a-dream-world-where-guardrails-no-longer-apply%2F%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/zZQrZPU2JcImsgec0LSt6qgz2fBqK9Cs_vBWGa2kkL4=452">
<span>
<strong>New attack provides one more reason why AI browsers are a bad idea (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers show how a booby-trapped game on a website can push AI-powered browsers into a fantasy context where wrong answers, such as 2 + 2 = 5, become βcorrectβ and safety rules stop applying. Once the agent accepts that false logic, the site can prompt it to pull code or credentials from local resources, turning merged browsing and automation features into a highβrisk path for data theft on user machines.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FFG1Gnv/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/d0R-WvH0jT-B2u76ul-vJoQ-7wOfr4CIaDj-orkCKfE=452">
<span>
<strong>Aflac Japan Data Breach Impacts 4.38 Million (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers repeatedly accessed Aflac Japan's systems between June 15 and June 25, stealing personal data tied to its policyholder portal for about 4.38 million customers and agents, including contact, identity, and insurance details, as well as bank transfer information for roughly 230,000 people, but no card data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEGSwdW/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/dGbcNuVcvNuwcQLZB9mxhggAg2U3qW48WHHWmXFOOuk=452">
<span>
<strong>Anthropic to restore Claude Fable access on Wednesday (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic says the Department of Commerce lifted export controls on its top models, starting access to Fable 5 on Wednesday, while Mythos 5 remains limited to select companies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Fhotforsecurity%2Fscammers-cash-in-venezuela-earthquake%3Futm_source=tldrinfosec/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/3eRdS7KRzXcmWzNT7kjlcIkE1K7oebuT03Q5lZ-2aLI=452">
<span>
<strong>Scammers race to cash in on Venezuelan earthquake disaster (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WhoisXML API researchers found 212 domains referencing the recent Venezuela earthquake within five days, including 105 on June 25 and none in the previous three days.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/4fdzbRTA63i-F0r4SlgfOpOa6oYIawIf6PCW1D3BfKY=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/ak46S11_R6N7H0_GqwgiuH_AzF1JB-qv0ulJEMDGcvM=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/p_XACXU-rXIwrNVZvVU9rpKRtFeiXE06I0C9PUqzkpE=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/14tFc02zcPTOHwVJtP4xB-nnigQcd88lDrsHjwUv62w=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/7hM8zKFDay6cpRP_lGS_kw53jwUdSwEdLm449igmtHM=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/5gO3xodvdKW57CCLAuPKj5jfWGV73RVj6ka9Cj8h9zg=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/wui07u0mvqvCz9Ojkhd8WPsl9wNFwH0ztooiooKtXqw=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/rVYPa-Tjli-DA7uDSeLGWIhtuT02qhq98t7v8Hy0PL8=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/r44rY6Z8_zNb1voJyqXcxGAN_nYPh5YpoK0pfr78sAU=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/hm3_c-HTOsYEfaAuRJosoMT0I3Xg3lojnnfMfS2BzRU=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=6241283a-751e-11f1-97d5-2b1129054454%26pt=campaign%26pv=4%26spa=1782910863%26t=1782911177%26s=5514963858e6f65824f1881b2fd2a5bfbda33e13e2be87b4e865bdda8fc091c4/1/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/KD6NMkcMTCdVUsOsrCFGeCVcPU-vMyWaphik5phsCdw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f1dc994d8-adb62744-1b0b-4a40-8baf-460dfea5e85f-000000/NNAcn4aaBKsBg-Z_kAX9uUVRFBTFLCbUvyGXzfTVhJI=452" style="display: none; width: 1px; height: 1px;">
</body></html>