<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">JadePuffer is the first known ransomware operation fully automated by an LLM-driven agent exploiting CVE-2025-3248 with no human intervention β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/yytliDeyUNCf0OIew9HZ2S0npyKxwChM2O2BPPpNgQM=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/uidlZ8yi72P2cOb62Us6WZkd58shs-Tg3OeCrnwiJdc=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b53921b2-791c-11f1-8f9d-9b961181999e%26pt=campaign%26t=1783343245%26s=8cd128ad727d537da84fe0a9163e730f24f9d5ab18771e9baeb08e417fe7737e/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/cNbRsS9ABR0Qmw3_f-b3WPH1Ed2_wgu_5t3zbfuTZEo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-06</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEtnIFd/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/ASt9RjYujv5KdDB5HnEogKuwpaPneVQbtrb_3nBOg2I=452">
<span>
<strong>JadePuffer ransomware used AI agent to automate entire attack (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JadePuffer, the first known ransomware operation fully automated by an LLM-driven agent exploiting CVE-2025-3248 in Langflow with no human intervention, conducted reconnaissance, stole credentials, performed lateral movement to an internet-exposed MySQL/Nacos server, encrypted 1,342 Nacos configuration items, and demanded Bitcoin payment, leaving the victim unable to recover data despite mitigation attempts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FmkT74O/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/vOUVdabC7_Ze3mWCGOGbsJMOdQuJYPb7K-4Ep0CbMLs=452">
<span>
<strong>Medtronic Data Breach Impacts 3.8 Million People (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ShinyHunters accessed Medtronic's corporate IT systems in April and stole patient data, including names, contact details, dates of birth, Social Security numbers, and health information. Medtronic reports 3,834,294 affected individuals and says it has no evidence that the data was posted online. The company is offering 24 months of credit monitoring, dark web monitoring, and identity theft restoration, and is working with law enforcement and regulators.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F07%2Fnew-pamstealer-macos-malware-uses-clever-tradecraft-to-remain-stealthy%2F%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/9kA29-y9jk8vzD7QTv4INMwgDqeod790z1RB_bnUkCY=452">
<span>
<strong>Newly discovered PamStealer isn't your typical macOS malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PamStealer spreads via a clipboard manager disk image called Maccy that runs AppleScript, which launches a JavaScript for Automation downloader and a Rust-based payload that uses native Objective-C APIs. It bypasses quarantine flags, hides within app bundles mimicking Finder or Software Update, and uses a realistic password prompt to capture credentials via PAM. It then seeks full disk access and can target Ethereum wallets.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.reco.ai%2Fblog%2Fclaude-mythos-saas-security-risks%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/TFY4mmo2P0wIUDgLP26Z_6qjHyJL_39xBDMZ2S5SmRc=452">
<span>
<strong>Claude Mythos and SaaS Security: What You Need to Know (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
As part of Project Glasswing, Anthropic and roughly 150 partner organizations used Claude Mythos to identify more than 10,000 high and critical severity vulnerabilities across major software systems, prompting Anthropic to restrict general availability to a vetted partner program. The episode illustrated how AI-driven vulnerability chaining has compressed the gap between discovery and exploitation from weeks to minutes, turning SaaS misconfigurations, excessive permissions, and ungoverned non-human identities into an accelerated attack surface rather than introducing genuinely new attack techniques. Organizations that had already closed their exposure looked uninteresting to an AI attacker, while those with orphaned accounts and over-privileged tokens looked like an open invitation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdetect.fyi%2Fthe-blind-spot-in-the-watchtower-detections-for-when-someone-attacks-your-sentinel-897709f0dcd9%3Fsource=rss----d5fd8f494f6a---3%26utm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/qNyO1iFmOoXgFPTm9B0r5zhNwx_m46ry9SFJCVpchfA=452">
<span>
<strong>The Blind Spot in the Watchtower: Detections for When Someone Attacks Your Sentinel (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers can sabotage Microsoft Sentinel by altering detection rules, disabling data connectors, or modifying log retention to obstruct visibility, effectively using the SIEM's own infrastructure to hide malicious activity. Defenders can detect such tampering by monitoring AzureActivity, SentinelAudit, and SentinelHealth logs with targeted KQL queries that flag unauthorized changes to Sentinel configurations. Implement continuous monitoring of these logs and establish alerting on anomalous administrative actions to harden the SIEM against insider or elevated-threat abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fschamper.dev%2Fdissecting-apples-sparse-image-format-asif%2F%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/hyMWTu6ES5L3cLmRirerFn5zMrVtEMGtPTARb3fCGyk=452">
<span>
<strong>Dissecting Apple's Sparse Image Format (ASIF) (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ASIF is a sparse virtual disk format for macOS Tahoe geared toward virtual machines and similar to VMDK, VHDX, and QCOW2 in concept but with its own layout and header structure. The researcher walks through building a parser by generating a test ASIF image, inspecting hexdumps, and reverse engineering DiskImages2's diskimagescontroller binary to recover header fields, directory offsets, and chunk metadata. ASIF uses directory tables of 64βbit entries, grouping chunk pointers with embedded allocation bitmaps so each table directly mixes mapping and bitmap data, which affects how offsets map to chunks. Finally refines the math for translating a virtual disk offset into table index, chunk index, and flags, then points to a working implementation in dissect.hypervisor for practical parsing and forensic use.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.crowdstrike.com%2Fen-us%2Fblog%2Fnew-in-falcon-cloud-security-expanding-multi-cloud-coverage%2F%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/t7by_bhIO_zOd1JTH_VkWx_5q3f47IGf1a6RAU8Wk7Y=452">
<span>
<strong>Falcon Cloud Security June 2026 Release: Updates for Azure and Google Cloud (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CrowdStrike extended real-time CSPM, Cloud Risks correlation, DSPM, and CIEM from AWS to Azure and Google Cloud, unifying misconfiguration detection, breach-path correlation, and entitlement analysis across all three providers under one workflow, while also adding Windows container image scanning alongside existing Linux coverage. The release consolidates existing single-cloud capabilities rather than introducing new detection logic, so value depends on how much of an organization's estate already sits outside AWS.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fproject-copacetic%2Fcopacetic%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/alwpxBPKtA_B1miy5ZUxeXo335U6lTPy8UDB59FJQaA=452">
<span>
<strong>Copacetic (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
copa is a CLI tool written in Go and based on buildkit that can be used to directly patch container images without full rebuilds. It can also patch container images using the vulnerability scanning results from popular tools like Trivy.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fudgover%2Fwhim%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/IMVmDRzR0557BcoQamOn4N0Z1zeu9D-yQXGIPwT2svs=452">
<span>
<strong>whim (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
whim is a CLI tool to launch root shells in ephemeral AWS Lambda MicroVMs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F06%2Fanthropic-claims-alibaba-defied-trump-to-attack-claude-and-steal-capabilities%2F%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/ZY7p6ExO6cBIG5VJQYEeVEAduHhm96AwOBjWWwm3KQU=452">
<span>
<strong>Anthropic Accuses Alibaba of Claude Distillation/Cloning Attack (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic alleges that Alibaba and its Qwen team orchestrated a large-scale AI model distillation campaign using approximately 25,000 fake accounts to conduct 28.8 million interactions with Claude from April 22 to June 5, leveraging obfuscation and proxy networks to extract capabilities in agentic reasoning, software engineering, and long-horizon tasks. The company has reported the incident to US Senate and White House officials, warning that such theft could significantly accelerate China's AI advancement by cloning proprietary model behaviors. Anthropic urges Congress to reform antitrust laws and advises enterprises to strengthen monitoring for AI model exploitation and data leakage vectors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.geopolitechs.org%2Fp%2Fchinas-cybersecurity-standard-on%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/oo4ZU9oxgXcm-YJfn8Qkz2gNzo072niVHGc_x1hUkNg=452">
<span>
<strong>China's Cybersecurity Standard on AI Agent Deployment (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
China's TC260 has issued a security practice guide for AI agents that establishes a regulatory framework requiring pre-deployment assessments, lifecycle permission controls, audit logging, and secure data erasure, reflecting a systematic approach to managing AI risks. The guidance defines AI agents as integrated systems with memory, tool-use functionality, and operational privileges, thereby subjecting them to stringent oversight akin to critical information infrastructure. With new interim measures for anthropomorphic AI interaction services set to take effect on July 15, this standard signals China's intent to assert control over AI behavior and data handling in high-risk applications.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Fnew-avalon-malware-framework-packs.html%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/lPagM-3EGByrLyyEWxjoDqf1dE_x5YMsTaG_75ERiIw=452">
<span>
<strong>New Avalon Malware Framework Packs CrownX Ransomware Capabilities (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Avalon is a modular framework delivered via legal-themed phishing that uses Proton Drive archives, ISO images, LNK shortcuts, and MSBuild to deploy itself while disrupting ETW and avoiding major EDR tools. It harvests browser and wallet data, corporate credentials, VPN and messaging tokens, then moves laterally, encrypts key business files with Windows Crypto API, kills VSS, manipulates disk structures, and drops CrownX ransom notes with deadline timers. Separate research shows agentic and codeless ransomware operations that use public LLM APIs and Telegram bots to turn natural-language attacker prompts into live shell commands against compromised systems.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthenextweb.com%2Fnews%2Fkairos-data-extortion-million-payment%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/Gm-VPKRdAc-xc6HNjjCgEfgD7EnxGdSgWG5eicLaoaE=452">
<span>
<strong>US government body paid $1M to hackers who never locked a single file (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A US government entity, possibly Union County, Ohio, paid around $1 million in Bitcoin to the extortion group Kairos after a 28-day negotiation in 2025.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fcyber-crime%2F2026%2F07%2F03%2Fdev-says-google-warned-him-about-account-hijack-then-charged-him-11000-anyway%2F5266234%3Futm_source=tldrinfosec/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/KiY2DzI0tEjI9LuShma5E5lDYiumjHYDR8UKTn8P1ko=452">
<span>
<strong>Dev says Google warned him about account hijack β then charged him $11,000 anyway (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Developer Charles Jones racked up $11,089.77 in Google Cloud charges over 48 hours, largely from Gemini image-generation, after a compromised firebase-adminsdk service account key was abused.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/trl_nww8ipzywSL-YFpO0BwOtaMhEWyo6HAMV8rjzkI=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/EA7W1eV6drvkYbq3gOVb3STpKVSovEMWfFz_UpRko8o=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/M6J8t0cH0W57SU3COQ1qFYE3TNGXBvJjvgRSLOVdoLo=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/Hmx8VEre4K6T8Y_mEdYvdw0dNTYOc9HFg4wgw9oT1oY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/_Xn0Rw460KPTv4V3rQCe8wA5JQ-GKTbhTGgiUABDfZY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/I_UQYDSHFGnTYQjakbNsooGu9VLUKpzZzl4_MWqJWDE=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/PR0-juWkPyJ3A9FxHgvxjbA95F-Dzcfm9P9p9DnwPFE=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/LfMqI0vqVx3yW8n5c3xQrjpCKQKbv1sUq8shB5DnVyM=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/OkoBQb2Y7yatC8QT1OUpzlAJlFb0X67cVaBlv6egOr4=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/-bW92pI0pFT6Eo8Bk3VPwXXcVHYaaKC6VT_GXIn8zq8=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=b53921b2-791c-11f1-8f9d-9b961181999e%26pt=campaign%26pv=4%26spa=1783342907%26t=1783343245%26s=325a065c6fe6f5cc34fd150979efeb24cec05ec1fc4c7bee0ddf5e3d701ed623/1/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/-v4bBnHCTkvy7YYjV80E-PRjXDabjOgYeU84lTMN4Gs=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f378a6a79-b812bde2-a738-4aac-a1af-902bfed38ead-000000/-s9s6fKvDzeDH0_aA26KjVLRWFi2moLaOPIBDS-wGuw=452" style="display: none; width: 1px; height: 1px;">
</body></html>