<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A single financially motivated attacker obtained an AWS access key via a vulnerable Internet-facing application and ran it through multiple β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/EVfSvjxrkuHdTNdkrIGdhu5wm_892mKY3ihLRd50PMc=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/OUYKTsDAC1lG7lKsjdW_tt5VVFrntpJdltjmeiUQ8bs=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=fe069bc6-7b7f-11f1-ae15-e90765f4e8b3%26pt=campaign%26t=1783602492%26s=83b49e3ad8fff82efefabd50c63a19dfc73a5875e15beb6add5f9771603dbb47/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/RfE3s6XNMGg6UFXWCq0zWrBAFRpcpnWK2qo7cyP4_kA=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-09</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FMq15lG/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/gOcgWCiayfwxm3RP9pnrQ2O9ZbJfzn4uWDfq1T2wv5Q=452">
<span>
<strong>Accenture Confirms Data Breach After Hacker Claims Source Code Theft (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A hacker on PwnForums claims to have stolen 35 GB of Accenture data, including Azure keys, tokens, configuration files, and source code from a private Azure DevOps repository. Accenture says it contained and remediated the incident and reports no impact on operations or service delivery. The exposed material could help attackers map Accenture's environment and plan followβon intrusions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2F15-year-old-ghostlock-linux-kernel-vulnerability%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/yslAzHdn1WLUN75HuB2YxRGLKv2nJjL36jkjJ-StOFc=452">
<span>
<strong>15-Year-Old GhostLock Linux Kernel Vulnerability Enables Root Access and Container Escape (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GhostLock (CVE-2026-43499) is a stack-based use-after-free in the kernel's rtmutex priority-inheritance path where remove_waiter() clears the wrong task's pi_blocked_on field during FUTEX_CMP_REQUEUE_PI operations, leaving a dangling pointer to freed stack memory that attackers reclaim to achieve near-arbitrary kernel writes. The chain bypasses KASLR with prefetch-timing attacks, hijacks the inet6_protos IPv6 handler for execution control, and flips core_pattern permissions (βDirtyModeβ) for root, reaching 97% reliability and earning over $92,000 in Google's kernelCTF. It needs no elevated privileges or namespaces and enables container escape to the host. Teams should update immediately and layer RANDOMIZE_KSTACK_OFFSET and STATIC_USERMODE_HELPER as defense-in-depth rather than substitutes for the patch.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbeincrypto.com%2Fill-bloom-vulnerability-crypto-wallets%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/RqZruwMDjchkc8ipaDxXk4mckGsFX6JtwybMJRM_nsI=452">
<span>
<strong>Ill Bloom Vulnerability Drains $3.1M From Crypto Wallets (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Coinspect discovered a new vulnerability called Ill Bloom that was exploited by attackers to drain 431 wallets for a total of about $3.1M worth of crypto. The flaw is due to an insecure pseudorandom number generator that generated weak recovery phrases across BTC, ETH, and SOL chains. Coinspect released a tool for users to check if their wallets are affected and urges impacted users to create new wallets and transfer funds.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.exodusintel.com%2F2026%2F07%2F06%2Fmicrosoft-windows-installer-folder-delete-privilege-escalation%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/q_NPGQEl7nE9vw5-memuLjO___kbi1W-VXkALcF9iuE=452">
<span>
<strong>Microsoft Windows Installer Folder Delete Privilege Escalation (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Exodus Intelligence detailed a logic flaw in the Windows Installer service (msiexec.exe), which runs as SYSTEM, where a low-privileged user chains three COM calls to write an arbitrary folder path into the TempPackages registry key and have the service delete it as SYSTEM, since the cleanup routine never verifies the installer created the folder. Attackers escalate this folder-delete primitive to full SYSTEM code execution by targeting C:\Config.Msi: they recreate it with a permissive DACL, let Windows Installer write rollback scripts there, swap in a malicious .rbs, and trigger a failed install whose rollback executes their payload. Microsoft patched it in April 2025 by adding a feature-flag gate in SetEEUIDirectoryAndFilter() that stops the path from reaching TempPackages, so defenders should confirm MSI patch levels and monitor for non-SYSTEM creation of C:\Config.Msi and untrusted writes to HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\TempPackages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fblog%2Ftopics%2Fthreat-intelligence%2Frecovering-active-adfs-signing-keys-machine-dpapi%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/cSQQQKURKX9xAFZcKeEIYmoWIcpUoN3XJFQv99VCuV4=452">
<span>
<strong>The βGhost' in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mandiant documented a Golden SAML variant where, in ADFS environments with AutoCertificateRollover disabled and certificates manually rotated, the WID configuration database holds a stale βghostβ certificate while the live token-signing key sits in the machine-scoped CAPI store protected by Machine DPAPI rather than a user-bound context. An attacker with SYSTEM on the ADFS host recovers that active key via the DPAPI_SYSTEM LSA secret and machine masterkeys, then forges a Global Administrator SAML assertion that Entra ID accepts, all without touching LSASS or the live ADFS process. Defenders should treat ADFS as Tier 0, migrate signing keys to an HSM, set SACL auditing on the MachineKeys and Protect\S-1-5-18 paths, correlate ADFS issuance logs against Entra ID sign-ins, and watch for Event ID 385 as a drift indicator after manual rotation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnesbitt.io%2F2026%2F06%2F03%2Fskills-registry-threat-models.html%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/EpmQRaTAP3pO-6Sa8zzN4AjPEWPNJFMHetyL_Ae-RCA=452">
<span>
<strong>Skills Registry Threat Models (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agent skills registries introduce a new software supply chain that combines traditional package manager risks with novel prompt injection risks. The author highlights several risks, including malicious or compromised registries, poisoned skills, dependency attacks, excessive tool permissions, and semantic manipulation of skill metadata. Some proposed defenses include provenance signing, sandboxing, enforcing the principle of least privilege, and using reputation systems.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fdotenvx%2Fdotenvx%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/0V7hrpXNOdHclJ8E-SC10pf-GzcoAsw_nhyBcb2s4Pk=452">
<span>
<strong>Dotenvx (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Powered up dotenv that reduces the blast radius of secrets by splitting secrets management into two distinct components: an encrypted secrets file and a separate decryption key.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.cotool.ai%2Fresearch%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/WfTZLTVY8DnxBys5RbT2uBnT3grUtS9v4pR12Q2SQdY=452">
<span>
<strong>Cotool Research: AI for the blue team (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cotool published a research hub of defensive-security benchmarks evaluating AI agents across detection engineering, malware analysis, incident response, and threat hunting on real Windows and macOS intrusion samples. This is vendor-published material promoting Cotool's commercial blue-team agents, so treat the benchmark results as marketing-adjacent rather than independent evaluation until the sample sets and scoring are externally reproducible.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkernelstub%2FNox%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/FM9WHxEj6OipC_J6XZhcc8o0T2ukSXo_-HyTZ7ZSQUw=452">
<span>
<strong>Nox (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nox is a modular, Go-based attack surface management and vulnerability scanning framework.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:infosec@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a curator for TLDR Infosec! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 400,000 subscribers read TLDR Infosec to stay on top of the latest in cybersecurity, vulnerabilities, breaches, threat research, and security tools. If you work in security and want to help curate it, send your LinkedIn or resume to <a href="mailto:infosec@tldr.tech" rel="noopener noreferrer" target="_blank"><span>infosec@tldr.tech</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Fgithub-copilot-refuses-harmful-requests.html%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/MRy1KrDw0UkAG3GAnAfufQfbLLFoUoPPnXvz6n2HgAs=452">
<span>
<strong>GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers used GitHub Copilot with Claude and Gemini models to build a test program that scores harmful prompt responses, then asked it to raise that score by adding example Q&A pairs. When told to include harmful examples, the assistant wrote specific, usable banned answers directly into code files, after several normal-looking coding steps and without changing default safety settings. The study shows that chat refusals can hide dangerous outputs in generated code, so users should inspect files, not just trust visible denials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fg5X2Ex/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/ONWYCFVpVF62SyZTIkUeexXXoLBXC5E_ACNpC09VXbk=452">
<span>
<strong>Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A single financially motivated attacker obtained an AWS access key via a vulnerable Internet-facing application and ran it through multiple scripted workflows to harvest secrets, build backdoors, exfiltrate data, and abuse deployment pipelines across the victim's cloud stack. The attacker used reversible actions like denying S3 access and throttling ECS services to prove control and pressure the victim to pay.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F07%2Fhackers-can-use-9-of-the-most-popular-ai-tools-to-assemble-massive-botnets%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/jBb2PtH074bYhHh3oVQbi7FAj0Qtjq6C_TKSNXaghnE=452">
<span>
<strong>Hackers can use 9 of the most popular AI tools to assemble massive botnets (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HalluSquatting is a promptβinjection technique that abuses LLM coding agents' tendency to invent repository names, then register those hallucinated identifiers with code that installs reverse shells. The attack can quietly build large botnets or run ransomware and cryptomining by exploiting agents' highβprivilege terminals when they fetch trending repos or skills from registries.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F07%2F08%2Fanother-massive-data-breach-exposed-millions-of-drivers-license-numbers%2F%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/mpvYqf99vxqh4wvo5-I2DqxhiMYKdiLBGm_hf7cVd9U=452">
<span>
<strong>Another massive data breach exposed millions of driver's license numbers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hackers accessed AssuranceAmerica's systems in March and stole data on about 6.99 million people, including names, contact details, driver's license numbers, policy, and claims information.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F07%2F08%2Fchina-ditch-older-claude-versions-with-backdoor-code%2F5268371%3Futm_source=tldrinfosec/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/eIhY9JsgyjjnMRbPHEWXM1Qm_nypidy_m01l7LF70k8=452">
<span>
<strong>China tells devs to ditch Claude Code over βbackdoor code' fears (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
China's National Vulnerability Database urged organizations to uninstall Claude Code versions 2.1.91 through 2.1.196 over an alleged built-in mechanism it claimed could transmit user location and identity data to remote servers, recommending upgrade to version 2.1.198 or later along with tighter network egress monitoring.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/SqH5FVoO6uGhCX6JV7tOufsdRzFta7zIspCYc5dpWxc=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/Kr-jmakCanqORZ-t6sOj4OJXp7s-fkRWydbShPU1xPM=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/W2yPOwqlccs5O3c6RvECIp1Cgiyud2KziqMTeIAUU8c=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/8MxMxCQj4G_lno7YNxFyr4Ai8YVpH9IiEOB_b_x978k=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/mvMKDdGCRd4TKze-VKXAMER_YHerz3P7QsFWr6iz5SQ=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/L0nDnYiFNc3B_IucsglmGYKqTYyzgVaHNvVSAky70ic=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/uj743WS6nC0Z5baYYc58UzQiUrhT3DL70_0Z2ZdpeKs=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/GH3vwQKssYR1mOuxGftJNWpOa38f7t1Ncd9EKMogems=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/p5_wNjBWE_2Wyxk7MFP4yGCyzdFQlRbxpIazeSKqlD8=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/OvadjteIqRH_XqG1zk1ObNX2eP3L9TpIznveEoRYhFk=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=fe069bc6-7b7f-11f1-ae15-e90765f4e8b3%26pt=campaign%26pv=4%26spa=1783602134%26t=1783602492%26s=7dff59667e1ec7cf1ae5ca2e84c85cd6c8e638016fa8c7ef58f3d07fd54928e3/1/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/-A_GkcQGxJKoZnGHeqWT9f4F-KB6Vyl-_Oj_gb3oBbs=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f46fe337a-40b010cd-f78d-4c70-81e4-d8a0bcad0259-000000/vMMpmAqwQ0e3i7PxjXCOtUFIWt08AuYnHvHjN-DFh7Y=452" style="display: none; width: 1px; height: 1px;">
</body></html>