<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A crafted GitHub issue in a public repo can drive GitHubβs Agentic Workflow to read README files from both public and private repos and post them β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/0k8kiPkpFr1u800eQ-NlnbPoDYDV5AFBWVugMNYVWSE=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/98-e_bsNKDQS7VIKr-_vZYquYw0sR-rcSf00x_IzXBU=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=09ea272e-7ab2-11f1-8eda-979c28883cc4%26pt=campaign%26t=1783515943%26s=af59da333d867cfbe0f29fda3afacb7fa703a6854eecc81790ea013f1161b08e/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/8oMBYsMxsy-fUhLxLkJaxlGWTIQwj-OGiLAziKlAy0I=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-08</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F194868%2Fsecurity%2Fjanuscape-16-year-old-linux-kvm-bug-enables-cloud-vm-escape-attacks.html%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/OLo0rcoZJMiHvrCU1Os0pjVulVdzEyaIVeO6jK2XCCI=452">
<span>
<strong>Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Januscape (CVE-2026-53359) is a use-after-free vulnerability in the shadow MMU of Linux's KVM hypervisor that has existed since 2010. The flaw allows a guest VM to corrupt host kernel memory on both Intel and AMD hosts. The bug stems from KVM matching shadow page table candidates by address alone, ignoring page type. A public PoC reliably panics the host within seconds to minutes, while a more severe path can turn the corrupted write into host code execution, threatening multi-tenant clouds like GCP and AWS that expose nested virtualization, including custom stacks that bypass QEMU entirely. Administrators should apply patches immediately or disable nested virtualization for untrusted guests if patching isn't possible.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnoma.security%2Fblog%2Fgitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos%2F%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/MzY4SaZItDpEtpoSaM_4D0BUNb_nbW-iyv2HNElfQp4=452">
<span>
<strong>GitLost: How We Tricked GitHub's AI Agent into Leaking Private Repos (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A crafted GitHub issue in a public repo can drive GitHub's Agentic Workflow to read README files from both public and private repos and post them back as a public comment. The attack relies on prompt injection and a single keyword, βAdditionally,β to bypass GitHub's guardrails and leak private repository data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.varonis.com%2Fblog%2Frogue-agent-dialogflow-attack%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/AjR1kH9ZfzOe0SMvtuHXwcclvZvXaOZQItLwe_rmkwI=452">
<span>
<strong>Rogue Agent: How a Single Code Block Could Hijack Your AI Conversations in Google's DialogFlow (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rogue Agent is a Dialogflow CX flaw that lets anyone with dialogflow.playbooks.update rewrite a shared Cloud Run file and run arbitrary Python across all agents in a project, exfiltrating chat history and injecting phishing prompts through respond(). Attackers could bypass VPC Service Controls via unrestricted egress and query IMDS for service account tokens, so teams should review Dialogflow audit logs, failed requests, and Code Blocks for signs of tampering.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.talosintelligence.com%2Fuat-7810%2F%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/usk8NXBvdgnZ3PbjAeMef6Zie1fbGJv9x3XnM6iLgT4=452">
<span>
<strong>UAT-7810 Continues Building ORB Networks Using New Malware (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cisco Talos assessed with high confidence that UAT-7810, a China-nexus actor maintaining the LapDogs ORB network, compromised unpatched Ruckus wireless routers to deploy a shell script that opened firewall access and launched its passive backdoor DOGLEASH. The group was found actively developing LONGLEASH, an expanded successor to its SHORTLEASH backdoor built on Boost.Asio with reverse-shell, multi-protocol proxying, and self-removal capabilities, alongside a new JAVA-based administrative backdoor, JARLEASH, configured with Simplified Chinese comments. Defenders operating Ruckus or ASUS AiCloud infrastructure should prioritize patching the referenced CVEs and apply relevant IoCs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2026%2F07%2F06%2Fwindows-service%2F%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/TTGszt-M5Slgr0r-j5-j0uxDo9AyMDB590nKj5_Yo0s=452">
<span>
<strong>Windows Service (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This playbook details six techniques for abusing Windows services to achieve privilege escalation and persistence, including service creation, binary path modification, permission tampering, malicious driver installation, and recovery function abuse. One notable technique exploits Windows service recovery actions to execute arbitrary commands as SYSTEM without modifying the monitored service binary, making it more difficult to detect. The guide includes Sigma rules and a sample KQL query to detect service creation, registry modifications, and recovery function abuse, and recommends proactively identifying Windows services that can be abused through crash-triggered recovery actions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fawsteele.com%2Fblog%2F2026%2F06%2F23%2Fsome-notes-on-lambda-microvms.html%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/BMA6xSZI-mptwFJAs2uTPW6wgHvBlUkCl9N_tdw9CXs=452">
<span>
<strong>Some Notes on Lambda MicroVMs (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lambda MicroVMs are a new feature that allows users to run code in a VM for up to 8 hours via Lambda. Users can get a shell in their MicroVMs and access all operating system capabilities. Outbound network connections are blocked by default and require users to configure networking.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzYfPsx%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/o_GpkRJP6Q00frkfiZtwf6RRdTvdlStH6adgrhpBwEI=452">
<span>
<strong>Are pentests obsolete in the AI era? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
You can now get the depth of a pentest at the frequency of a scan. Does that mean pentests are dead? This <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzYfPsx/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/owk1MQ5DqlSHcYtjLDWM39Ds98Kqq9SCh0iIf28Tstw=452" rel="noopener noreferrer nofollow" target="_blank"><span>Intruder blog</span></a> lays out the short-term, mid-term, and long-term implications of AI-driven pentesting. See what the economics, frontier AI developments, and threat landscape are all pointing to. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FzYfPsx/2/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/MwU2VeFsuQ3nCpEMjelyPmrpbxL0H4Pa8JDJv4eUatQ=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsecdev02%2FEasyTokens%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/K7BOxf8F93A1YnKsUYY8VNbUbIdsxjPBsUWr20j6R3E=452">
<span>
<strong>EasyTokens (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EasyTokens is a Python/PHP adversary emulation tool that phishes Microsoft 365 OAuth tokens by abusing the Device Authorization Grant flow, presenting victims with a themed enrollment page while an operator dashboard polls for captured access and refresh tokens to query OneDrive and email via Microsoft Graph
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Felder-plinius%2FT3MP3ST%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/Uo512a8DPhwTNfXgUL00m960KDYM3gRS1P6-NPkfa1Y=452">
<span>
<strong>T3MP3ST (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A multi-agent offensive framework built to turn the AI coding agent you already run into a zero-day hacker. The tool is built by known jailbreaker elder-plinius.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:infosec@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a curator for TLDR Infosec! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 400,000 subscribers read TLDR Infosec to stay on top of the latest in cybersecurity, vulnerabilities, breaches, threat research, and security tools. If you work in security and want to help curate it, send your LinkedIn or resume to <a href="mailto:infosec@tldr.tech" rel="noopener noreferrer" target="_blank"><span>infosec@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIN2DI5/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/gc2hDf5bf2aYKyqSddjknGA0Q3ZuNkhiVhokM8N2e68=452">
<span>
<strong>County Government Reportedly Paid $1 Million to Cyber Extortion Group (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A US local government paid the Kairos extortion group $1 million in Bitcoin after a May 2025 breach where attackers claimed to steal over 2 TB of data via brute-force access. Negotiations moved from a $3 million demand to the final payment under deadline pressure. The victim is described as a small county, likely Union County, Ohio, which later notified 45,487 people of exposed IDs, financial data, biometrics, and medical details.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Fwriter-ai-flaw-could-let-agent-previews.html%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/pKTE2jeabLHg0n4FJeUpjgIuKk0whJfsZdxFvMlT3lU=452">
<span>
<strong>Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A WriteOut session isolation bug in Writer let attackers steal session cookies via live agent preview links and hijack other companies' accounts, including admin access. The exploit used sandboxed code to read and exfiltrate cookies attached by logged-in users' browsers. Writer fixed it by blocking cookie forwarding into sandbox previews and isolating them on a separate origin.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flwn.net%2FArticles%2F1081690%2F%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/QvCZvbdUZmuJj5Gq0GWFYh90HyOXm7gJKj_eQ6B7dmA=452">
<span>
<strong>Woodruff: You shouldn't trust trusted publishing (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PyPI's trusted publishing only authenticates the machine identity behind an upload, not the package's safety or quality, a distinction PyPI reinforces by deliberately withholding any green checkmark styling.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F07%2F06%2Fthe-first-ai-run-ransomware-attack-still-needed-a-human%2F%3Futm_source=tldrinfosec/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/Dk6MeLMLpgpAsLHFqwWqIFkF7qHxgmov_PO0UXZs5So=452">
<span>
<strong>The βfirst' AI-run ransomware attack still needed a human (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sysdig tracked a JadePuffer ransomware case where an AI agent breached a Langflow host, pivoted into a MySQL server, encrypted more than 1,300 configuration records, and generated its own ransom note and Bitcoin address.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/-l1VKpbGCmsSiReMf2PHv4dgl9sJ-dbrzlMgbHkI6cs=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/2kxPE1wsRScKjnjj9RFE8xL-zhhYd1sSNDodpw-_inU=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/ZCHMPmCNjLrDWg_3ivhfzlDd5Iw3HGiRuEp7eynzN0I=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/ASmXlvqdQ6v5YMytuG1ZoiswRm3uEzuZleEQEStxD7w=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/RmKKuhFm_XgRRUxW6c51U_T8qCPszqWaFzo2nvLicGQ=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/uLzqWQbhDtyjZDCbNjfpcrjz4baoYubH8XNpPylgTEU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/Wt8XsPY8vRB3V2qD-VxduXZyhA9KbSWg4VtJZQD_GNA=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/2xv5rTZz_849GixAyWVt1zfdbTygoW1OOBEsd7g9YIU=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/ZX8WBs7APPdeSlxXz3mj2quhm-SLvMqT7yPEKkCuoP8=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/Rg9SKW0R-pkRYx8jnW0gGdPe3PSQvwyIiV5IrSVGvWc=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=09ea272e-7ab2-11f1-8eda-979c28883cc4%26pt=campaign%26pv=4%26spa=1783515623%26t=1783515943%26s=b6f9ac4b75a4f59419bad95dfc624cd981a4b5de7968cba570cdfcc096b2645a/1/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/pMHILciSpYqeCa0iAyZSUhS7NPrRmaXKm9tC4THND3Q=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f41d59301-2fba5c97-a532-400f-9a6b-ca04f259ee2f-000000/WT4RgbGSjMtCbVtwzExIHv3luJvMDKKN8UoktuPmsV0=452" style="display: none; width: 1px; height: 1px;">
</body></html>