<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Progress Software ordered ShareFile customers to shut down Windows-based Storage Zone Controllers after detecting a credible external threat </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/jYf13xNWl2b4smCFU--axVpym0xQR02Se3FavZHLIrI=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/xNOKTZd08bO0RdQ0eHCCD_pLBNjU9C6ee8fLY8PZNhw=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f8b374f4-7eaf-11f1-aba7-394cf08903cb%26pt=campaign%26t=1783948180%26s=025a17ee05cfd8dd0812e47e09bb1d4d083b8bdb422effff77f44b77a4e53782/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/RZ_F3Nhzksw_foQWSnU9zlQFELAyDSV9KuxYgO6bc5I=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevents.cyera.io%2Fnewyork2026datasecairegionalsummit%3F_gl=1*wzufzz*_gcl_au*mja0otu4odu4oc4xnzgyotqznzg3%253Futm_medium%253Dreferral%26utm_source=tldr%26utm_medium=newsletter%26utm_campaign=2026-07-13_Primary_Cyera%26utm_content=header_how_aws_snowflake/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/_6XyRM-DYWfxs2RfwOTuOjExaFt3nyWSzo4INV3crZw=452"><img src="https://images.tldr.tech/cyera.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Cyera"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-13</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevents.cyera.io%2Fnewyork2026datasecairegionalsummit%3F_gl=1*wzufzz*_gcl_au*mja0otu4odu4oc4xnzgyotqznzg3%253Futm_medium%253Dreferral%26utm_source=tldr%26utm_medium=newsletter%26utm_campaign=2026-07-13_Primary_Cyera%26utm_content=header_how_aws_snowflake/2/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/2fcq1cc5kUSWtvDBCSwIdR5MK84MyOG-tpLmplghG68=452">
<span>
<strong>How are AWS, Snowflake, and the NFL securing enterprise AI? (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI adoption is accelerating and security teams need practical strategies to keep pace. Join hundreds of security, data, and AI leaders and practitioners for two days of real-world insights, peer networking, and hands-on learning in New York City.<p></p><p><strong>You'll leave with:</strong></p><ul><li><strong>2 industry certifications</strong> and up to <strong>6 CPE credits</strong></li><li>Practical frameworks for securing AI, governing enterprise data, and preparing for AI agents</li><li>Hear directly from security leaders at <strong>AWS, Snowflake, Deloitte, PwC, NFL, Booking Holdings, and more</strong></li><li>Actionable ideas you can bring back to your team</li></ul><p><strong>July 21–22 | Marriott Marquis Times Square | New York City</strong></p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fevents.cyera.io%2Fnewyork2026datasecairegionalsummit%3F_gl=1*wzufzz*_gcl_au*mja0otu4odu4oc4xnzgyotqznzg3%253Futm_medium%253Dreferral%26utm_source=tldr%26utm_medium=newsletter%26utm_campaign=2026-07-13_Primary_Cyera%26utm_content=cta_full_agenda/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/XfEFBwov9nUvcYIyGI8ZspnmkitujiO9Y_T0dlkPchA=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See the full agenda →</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Furgent-progress-tells-sharefile.html%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/KDHW9t69KfI93aLHaBSd0qYYH0paGH5En3svJEQWhzM=452">
<span>
<strong>URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Progress Software ordered ShareFile customers to shut down Windows-based Storage Zone Controllers after detecting a credible external threat, cutting affected systems off from the cloud while it works with security teams to investigate. Only on-prem controllers are impacted. Cloud-only accounts remain online. Customers have been told to keep controllers offline, treat exposed servers as possible incidents, preserve logs, and look for unfamiliar .aspx files.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F07%2F10%2Fmiinto-fesses-up-to-breach-says-customers-open-to-phishing%2F5269891%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/u8Y56cCkmA_121DpyQri1DLU2V5LfCakxFJV18t8cx4=452">
<span>
<strong>Fashion mart Miinto unzips breach details, warns shoppers to watch for phisherfolk (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Danish retailer Miinto reported that an intruder accessed its internal order management system and viewed customer order records, including names, contact details, addresses, and payment method types, but not card or CVV numbers. The company removed the attacker, tightened access controls, notified police and regulators, and warned customers about targeted phishing using stolen data.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsocket.dev%2Fblog%2Fcompromised-injective-sdk-npm-package%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/uNItlogbzw0f_20TdOXKOL8Z2ZR0AtvZNFcTEmP2i7U=452">
<span>
<strong>Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A malicious Injective TypeScript SDK release (@injectivelabs/sdk-ts@1.20.21) logs mnemonics and private key material, then sends them via a POST request to an InjectiveLabs infrastructure endpoint, allowing attackers to rebuild wallet keys. The same version was pushed to 17 related packages, so developers must audit dependencies, move funds from affected wallets, and rotate keys and mnemonics.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresearch.checkpoint.com%2F2026%2Fcavern-manticore-exposing-iran-linked-modular-c2-framework%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/2obgETCkeq4_KZpg9GY15Cq75RfOgGMO0mRInJ9DpmE=452">
<span>
<strong>Cavern Manticore: Exposing Iran-Linked Modular C2 Framework (14 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Check Point Research attributes Cavern Manticore, an Iran MOIS-linked actor tied to the OilRig subgroup Lyceum, to intrusions against Israeli government and IT targets that begin with RMM and SysAid software-update abuse, then sideload a trojanized uxtheme.dll (Cavern Agent) via the legitimate WinDirStat.exe to establish a modular .NET C2 built across three compilation formats for anti-analysis, with per-module AppDomain isolation and startup directory wipes for anti-forensics. Post-exploitation modules pull LDAP/AD enumeration and brute-forcing, SQL database access, DPAPI credential decryption, SMB share/credential attacks, and SOCKS5/WebSocket tunneling, communicating over XOR-keyed (key 0x48) HTTPS/WSS traffic to C2 domains including auth[.]hospitalinstallation[.]com and google[.]com[.]hospitalinstallation[.]com. Defenders should audit for uxtheme.dll sideloading and unsigned binaries under C:\ProgramData, monitor RMM tooling for anomalous deployment activity, and flag the fixed Edge-spoofed User-Agent and X-User-token header pattern as host-based detection points.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurelist.com%2Fmicrosoft-device-code-phishing-attack%2F120350%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/jQcuGiobjKOLPQqvXmxctWp5esYw6w-mNML-2jNGBKg=452">
<span>
<strong>When checking the URL isn't enough: a Device Code Phishing attack via a Microsoft website (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers deliver a password-protected PDF impersonating a law firm, chain it through legitimate open redirects on Microsoft and Cacoo.com domains, and route victims through CAPTCHA gates to a landing page that auto-copies a Microsoft OAuth device_code obtained via the legitimate devicecode endpoint. The victim pastes that code into Microsoft's genuine verification_uri, completes real MFA, and the attacker harvests the resulting access_token, refresh_token, and id_token to read mail, exfiltrate OneDrive files, and access Teams, with refresh_token enabling silent long-term persistence. The same technique has since been observed retargeting Brazilian users. Defenders should disable the Device Code Flow via Conditional Access if unused, monitor DeviceCodeSignIn events and enforce device compliance, alert on anomalous sign-in locations, and train users to never approve unsolicited device code prompts, even when the verification page is a genuine login.microsoftonline.com or microsoft.com/devicelogin URL.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsufield%2Fstave%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/pvr2XVyankyOsHNJI-8KiP1EIzzxqpE4ftN71him7kM=452">
<span>
<strong>Stave (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Open-source cloud configuration verifier. Proves your AWS configuration is correct instead of searching for what's wrong. Offline, credential-free.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecuritylabs.datadoghq.com%2Farticles%2Fguarddog-3-0-release%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/pih2NkjI8_0JLHqe6Loj0pd-GyD3TxX__uMlZQ4-5T0=452">
<span>
<strong>Introducing GuardDog 3.0: A new rules engine, transparent sandboxing, and more (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Datadog released GuardDog 3.0, its open source scanner for malicious PyPI and npm packages, replacing Semgrep with YARA rules run via yara-python for faster, less memory-hungry scans. The new risk engine correlates capability and threat-indicator rules across the attack lifecycle into a 0-10 score, benchmarked at 89.2% precision and 88.3% recall against a TLSH-deduplicated sample of Datadog's 27k-package malicious dataset. Scanning now runs inside a Nono sandbox by default (disable with --no-sandbox), limiting filesystem and network access even if a crafted package exploits GuardDog itself.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fail-project%2Ftempolocus%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/P6ixaYuuh4DX1EE2cePHwryuP5no-08pe4usDBz8z3Y=452">
<span>
<strong>tempolocus (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
tempolocus from the AIL Project infers a threat actor's probable location from time-series activity patterns: weekly hourly buckets, yearly daily buckets, or raw timestamp lists such as PE TimeDateStamp values. It ranks timezone offsets and probable countries from quiet-window analysis, matches yearly activity against public-holiday calendars across 80+ regions (including a public-worker profile covering China and Russia government closure patterns), and classifies activity as work-time, vacation-time, or mixed-time. Output is probabilistic JSON, usable via CLI or as a Python library with detect and analyze_activity entry points, licensed AGPL-3.0.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="mailto:infosec@tldr.tech?utm_source=tldrinfosec">
<span>
<strong>TLDR is hiring a curator for TLDR Infosec! (TLDR Curator, ~5 hrs/week)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Over 400,000 subscribers read TLDR Infosec to stay on top of the latest in cybersecurity, vulnerabilities, breaches, threat research, and security tools. If you work in security and want to help curate it, send your LinkedIn or resume to <a href="mailto:infosec@tldr.tech" rel="noopener noreferrer" target="_blank"><span>infosec@tldr.tech</span></a>!
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F07%2F10%2Fphia-accused-of-cookie-stuffing-taking-affiliate-credit-on-purchases-it-didnt-earn%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/6TlIQJENSdhpmCjHh98B6F1rIYhkSu8phdntk6KhSog=452">
<span>
<strong>Phia accused of ‘cookie stuffing,' taking affiliate credit on purchases it didn't earn (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Phia, a shopping extension backed by celebrity investors, was suspended from the affiliate platform Impact.com after a Bloomberg investigation reported that it injected its own referral codes during checkout, overriding other affiliates' tags and capturing commissions on purchases it did not drive. Phia says it has fixed the behavior, but retailers and partners have not publicly confirmed their position
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FPY7fNC/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/fF1RwWjh56YKNYW34w48zdeWC_uVKHFpVsN1ycc6v-c=452">
<span>
<strong>GigaWiper Combines Multiple Malware for System-Level Sabotage (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GigaWiper is a Go-based backdoor used since October 2025 that combines older wiper and ransomware components into a modular tool with robust command-and-control. It can wipe disks at the physical level, trigger a BSOD, encrypt files with both recoverable and unrecoverable keys, capture screenshots, execute PowerShell commands, and clear logs while maintaining remote control via RabbitMQ and Redis.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Fnsa-revives-tao-name-for-elite-hacking-unit%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/boxYTNWkfocWrQcuwYrll5Bgm3xOWqV-6SE7aoqyyMA=452">
<span>
<strong>NSA revives 'Tailored Access Operations' name for elite hacking unit (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NSA renamed its Office of Computer Network Operations back to Tailored Access Operations under new leadership, with Deputy Director Tim Kosiba at the helm, reversing the 2016 NSA21 restructuring that split TAO's developers and operators into separate directorates. The unit is set to open a dedicated building at Fort Meade next month.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F07%2Fransomware-negotiator-helped-attackers-extort-his-own-clients-gets-6-year-sentence%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/1YYDZigfDEPuQy0E4VW2MA721KiZyR5CgPJTsPkMCZE=452">
<span>
<strong>Ransomware negotiator hired to represent victims was working for the attackers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Angelo Martino, a former ransomware negotiator at DigitalMint, admitted to sharing victims' insurance limits and negotiation strategies with BlackCat operators to inflate ransom demands, taking a cut of payments exceeding $75 million.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fwireshark-4-6-7-released-to-patch-12-vulnerabilitie%2F%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/Y2ZYo0JoaZdaRj4w48FJYLTm9hicalh2a0x7UGxhFJg=452">
<span>
<strong>Wireshark 4.6.7 Released to Patch 12 Vulnerabilities in SSH, TLS, Wi-Fi, and pcapng (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Wireshark 4.6.7 fixes 12 dissector and parser flaws tracked as wnpa-sec-2026-53, -55, -56, -57, -60, and -61 (crashes and infinite-loop denial-of-service risks in pcapng, SSH, TLS ECH, IEEE 802.11, BLF, and other dissectors, none rated for remote code execution), and users who inspect untrusted pcapng, Wi-Fi, TLS, or SSH captures should upgrade promptly.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.asahi.com%2Fajw%2Farticles%2F16703618%3Futm_source=tldrinfosec/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/74ZhDIhc8Ov5BKHxIdU1PfvERfyXavKfTAsHlxEV0Pw=452">
<span>
<strong>Teen accused of using ChatGPT to delete 46,000 anime accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tokyo police arrested a 15-year-old who admitted using ChatGPT to help write code that sent false deregistration commands to Bandai Namco Filmworks' servers, deleting 46,812 Bandai Channel accounts and exposing personal data from up to 1.36 million users.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/DWqdz4mcmMJGpBmRMVhUwcH-RpeGL_3V91RJuGauti0=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/7gQ0LVyNhhOVYFjll6LgcWGNLe41TmTYkVV0oU_8J4Q=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/sDPRwQOHnc349Yr-GohUmLrPdwrq5Oxuuigb9eKXdqU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/4SvEE6olWjB4GewX_sWq0xX_WQxjk9Rifki-SClTgCg=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/p7r29pX0M1-QvftMOmGKunvKHCBCIOXQatEK4bXSwO0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/NAtJYGd-3NEMCk3IHI0XW22_2nN9S8zdmacIPF0LHxA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/ak24tTuhT-MMMxINa3Z_yL_ih786DL_0TnJR7nDLbAE=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/vzO_CeMCekrPQ4_BDlVu2i7y4okyjcahqO_MWziJan0=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/6H5iRyUXQ9blp4Y5TBBHRqRipWIYZZ9fayTqjLWpPag=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/grnUUVCkU5dqzaxtiaTon3UMO8X9MoceSTGT3CtUXVQ=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f8b374f4-7eaf-11f1-aba7-394cf08903cb%26pt=campaign%26pv=4%26spa=1783947733%26t=1783948180%26s=c5216674ea79c7ca03594cccbd150b231808732bc7230d7a322998521940e552/1/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/XuMAhlGDxEQxQWLHGqt7NP3hQNLNtCZhawEWd_J7aSo=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f5b98fd21-968e896f-c27d-4bd6-8fdf-5abf9cdfc54a-000000/tOXahvDNWdHBLAz7jc6p1wXtOYAy93ofxB4nyiLsHL8=452" style="display: none; width: 1px; height: 1px;">
</body></html>