<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Jamf uncovered a new macOS infostealer they dubbed CrashStealer because it impersonates the built-in CrashReporter tool โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ โ </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Jwc5ETGjsuV_UqgUwaNA3Z6hW1uBr8VPsDdJqsunWec=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/XkK_OTb2uNk2VAzUGLBqpaa0h-pJKm8ac6mOVeCeHSo=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=df8c876e-7f49-11f1-90fa-5bd671f97a10%26pt=campaign%26t=1784034602%26s=2b571016ebce0953faa516b0a011a34f6f41c5e10a2e6fed2b2b42b131d87d24/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/KraCZylNQrQxPJ16dfZiIm5-r_qZl-DjB7tnNlnBqk0=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-ultimate-guide-to-network-operations-management%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_campaign=2026-07-14_Primary_Tines%26utm_content=newsletter-primary-1407_header_dollar_50k_per_hour/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/nzjdUSpoCbtpClAenewEIvg1V33-OcRoafDop1dF4n8=452"><img src="https://images.tldr.tech/tines50.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Tines"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-14</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-ultimate-guide-to-network-operations-management%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_campaign=2026-07-14_Primary_Tines%26utm_content=newsletter-primary-1407_header_dollar_50k_per_hour/2/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/GE-cz0RDzAsWHwkhIsfugnlK-Ps17TKKIpr3W4WGTAg=452">
<span>
<strong>The $50K per hour network downtime dilemma (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Network security stakes are high. Like really high. Infrastructure downtime costs teams at minimum $50,000 per hour, according to Business Wire. <p></p><p>Modern network operations are more complex than ever, but the work behind them is still too manual. The result is <strong>slower response</strong>, <strong>more friction</strong>, and <strong>duplicated effort</strong>.</p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Faccess%2Fguide%2Fthe-ultimate-guide-to-network-operations-management%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_campaign=2026-07-14_Primary_Tines%26utm_content=newsletter-primary-1407_Body_tines_guide/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/0MHtMpYZ9Ko7h7tjVoxmtzvdHNUKsTzuGRppSwokcIk=452" rel="noopener noreferrer nofollow" target="_blank"><span>Tines' new guide</span></a> explores how IT and security teams can move faster with clearer audit trails, and better operational visibility. Get a five-step roadmap to build your strategy and examples of pre-built workflows for inspiration.
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7Kk5qo/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/fxY6NdsOGMmT34OiuIkxYc0wD8ohGrNsqRIvKi2OyVE=452">
<span>
<strong>New CrashStealer Malware Poses as Apple Crash Reporting Tool (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Jamf uncovered a new macOS infostealer they dubbed CrashStealer because it impersonates the built-in CrashReporter tool. The malware displays a fake password prompt, verifies the entered password, then uses it to unlock the OS keychain and steal other credentials. CrashStealer focuses on stealth and uses a notarized dropper and AES-256-GCM to encrypt zip archives of stolen credentials before exfiltration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FIEwjVH/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/HJeRliMzVcpB45e9aMa2nnnQalrHS8BV857oXhEtJ6c=452">
<span>
<strong>โGhostcommit' Hides Prompt Injection in Images to Fool AI Agents and Steal Secrets (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers unveiled a new technique to harvest credentials from Git repos by abusing AI agents. The researchers pushed an image to the repo containing instructions to copy the .env file and upload it byte by byte as numbers. Later, a coding agent that runs will read the image and follow the instructions to leak the data. The researchers found that PR review agents skipped images so the PR would be approved, and in their tests, Cursor and Antigravity (with certain models) followed the instructions. However, Opus running in Claude Code detected the social engineering attack.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Fsix-new-u-boot-flaws-could-let.html%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/OsWmIt4595NRWVI5hD3tmOVMD1aUU8a98UdQaz9tz28=452">
<span>
<strong>Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Binarly discovered six new vulnerabilities in the U-Boot bootloader. Two of the vulnerabilities could lead to arbitrary code execution, whereas the other four could be exploited to launch denial-of-service attacks against vulnerable devices. All six bugs (tracked as BRLY-2026-037 through BRLY-2026-042, no CVEs assigned yet) occur when U-Boot parses an untrusted FIT image before checking its signature, and most of the vulnerable code traces back to v2013.07 across 50+ stable releases, plus vendor firmware built on U-Boot. The two RCE bugs (BRLY-2026-037 and BRLY-2026-038) both stem from U-Boot trusting an unchecked null pointer and negative length returned by fdt_get_name, a libfdt lookup shared with the Linux kernel and barebox. The four crash bugs come from unchecked size/offset trust, an unvalidated null pointer from an older image format, and unbounded recursion during validation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐ง </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.miggo.io%2Fpost%2Ffull-broker-takeover-no-login-required-miggo-discovers-critical-rabbitmq-vulnerabilities-putting-application-data-at-risk%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/kFQAk8uGd8euZY5Vv7qZhQayTvQ1FXeNwQfyQvUop70=452">
<span>
<strong>Full Broker Takeover, No Login Required: Miggo Discovers Critical RabbitMQ Vulnerabilities Putting Application Data at Risk (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Miggo's research team found two RabbitMQ bugs introduced in 3.13.0 that let attackers either grab an OAuth client secret without logging in or map tenant queues using a zeroโpermission account. The first flaw exposes the broker's OAuth secret via an unauthenticated /api/auth endpoint, allowing full admin takeover wherever that secret is used with common IdPs. The second lets any loggedโin user passively declare queues and read stats across a shared virtual host. Operators should upgrade to the listed fixed releases, rotate OAuth secrets, lock down port 15672, and separate tenants by vhost.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackernoon.com%2Fattested-tls-was-supposed-to-be-the-last-trust-boundary-it-isnt-formal-methods-show-how%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/d2cKuAsL5XTLIgCkrG9naaZkDdnk6NbR01PC-yT4m4c=452">
<span>
<strong>Attested TLS Was Supposed to Be the Last Trust Boundary. It Isn't. Formal Methods Show How (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at TU Dresden used the symbolic verifier ProVerif to formally analyze seven attestation-to-TLS binding mechanisms shipping in Meta's WhatsApp Private Processing, Edgeless Systems' Contrast, and Cocos AI, and found all seven vulnerable to relay attacks (CVE-2026-33697, CVSS 7.5, CWE-322): an attacker holding the enclave's ephemeral TLS private key can present genuine attestation evidence to a client while terminating the session at their own relay point, passing every cryptographic check while encrypting to the wrong endpoint. Exploitation still requires extracting that key via physical hardware compromise, the same access class as wiretap.fail and TEE.fail, since none of the seven mechanisms bind evidence to application traffic or include a timing/liveness check to rule out relay. Vendors evaluating attested TLS should confirm binding extends to the client's application traffic key rather than just a handshake key or nonce, treat vendor-commissioned manual audits (Trail of Bits' review of the Meta system missed this) as insufficient without formal verification, and track the IETF TLS/RATS/SEAT/LAKE working groups' review of the paper's proposed level-2 mitigation.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fspecterops.io%2Fblog%2F2026%2F06%2F29%2Fllm-powered-edr-analysis%2F%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Gkkq-bhOmLX_koQdWBvZr3cnxWplkTxezMv9x6DqmCI=452">
<span>
<strong>Accelerating EDR Evasion with LLM-Driven Analysis (17 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SpecterOps researchers use LLMs to assist with reverse engineering and analysis of commercial EDRs. This post walks through using GPT-5.5-Cyber to analyze Palo Alto Networks' Cortex XDR agent through in-process DLL review, YARA, behavioral rule extraction, and local model extraction. The researchers then used the LLM to build emulation suites to test EDR evasion techniques against emulated EDRs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐งโ๐ป</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fscanner.dev%2Fblog%2Fwe-indexed-a-petabyte-over-a-weekend%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/xmD_5QpgSzTMch1-dpTSXYteAohtwm5r0C-GoWHzv2k=452">
<span>
<strong>Scan Petabytes in Seconds (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Legacy log search forces a tradeoff between visibility and speed. Indexing security logs straight from S3 cuts costs so it doesn't have to, with fast search built in. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4bsl90a/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/dTrkSE0TvUmqY3tbGXuWSQ3HJlYItUuoc8C4AWhChq0=452" rel="noopener noreferrer nofollow" target="_blank"><span>Scanner indexed 1.4 PiB of logs (</span></a>689 billion events) in 80 hours, unattended, then traced a simulated 8-month attack in under 10 minutes.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4bsl90a/2/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/LMKzGIOpL4wbUQlkM_o72Rs4SOnSEdDqPBNEYdcMVyQ=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the case study</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fyowainwright%2Fpastoralist%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/9djfQn3cNslQODVZOd9kQBpdhYrGPiFFHtxoFeZkIt8=452">
<span>
<strong>Pastoralist (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pastoralist is an audit trail for package manager overrides. It keeps the package-manager instruction where it belongs and adds the missing review record: why the override exists, which packages still need it, which security provider found it, and when it can be removed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fqizsecurity.com%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/rlggDs86J3vw2OwoGV7wq7MkjIJwawSR77B0BcUzwGA=452">
<span>
<strong>QIZ Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
QIZ Security provides a platform that inventories encryption across onโprem, cloud, and hybrid systems, surfaces weak cipher suites and outdated protocols, and generates ranked remediation plans to cut cryptographic and postโquantum risk exposure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fwolfssl%2FwolfIP%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/7KuXFZE87HNeEdn95zmjG-KMKOc7sXUTNleNIfrTnlA=452">
<span>
<strong>wolfIP (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
wolfIP is a TCP/IP stack with no dynamic memory allocation, designed for use in resource-constrained environments.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">๐</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkrebsonsecurity.com%2F2026%2F07%2Flessons-learned-from-cisas-recent-github-leak%2F%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/OuPCYlEoMVVX_UCI0hSB9khI5YITz7ABGy1AMZ1pvMM=452">
<span>
<strong>Lessons Learned from CISA's Recent GitHub Leak (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A contractor left a โPrivate CISAโ GitHub repo public for six months, exposing AWS GovCloud admin keys and plaintext passwords for internal CISA systems. GitGuardian's automated alerts went unanswered, and key rotation took more than 48 hours after external notification. CISA is tightening incident-reporting channels and expanding continuous scanning of public and internal code for secrets to catch similar leaks faster.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Fgoogle-and-microsoft-pull-modheader.html%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/gmvCvVXaBSUasWp7ETe0IJl40pyEEqwc78Ktx7KTBb4=452">
<span>
<strong>Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google and Microsoft removed the ModHeader browser extension for Chrome and Edge after Stripe OLT found dormant code that fingerprints devices, encrypts up to 1,000 visited domains, and can post them to api.stanfordstudies[.]com on a schedule. The allowโlist that would activate collection currently ships empty, but all infrastructure and logic are in place, backed by domains tied to real hosting and ad systems. Defenders should uninstall ModHeader, rotate any secrets used with it, and block the related domains and API paths while hunting for the extension ID and matching POST traffic.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fhacker-extradited-ukraine-guilty%2F%3Futm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Q_MdLq-XqLZ5NU9D7amoz7g9PrdlVRBV_Bt4DAmH6bQ=452">
<span>
<strong>Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Armenian national Karen Serobovich Vardanyan pleaded guilty in a Portland federal court to conspiracy and computer fraud, admitting to deploying Ryuk ransomware against US organizations between November 2019 and April 2020, including a Michigan company that paid 200 bitcoin (over $1.1m at the time) and victims in Oregon and Texas. Vardanyan and co-conspirators collected around 1,610 bitcoin, valued at over $15m at the time of payment, from hundreds of compromised servers and workstations. He faces up to 15 years combined and has agreed to pay $1.1m in restitution. Ryuk disbanded in 2020, with many members reportedly moving to Conti, illustrating the pattern of ransomware crews from former Soviet states outlasting individual brand takedowns even as extraditions like this one become more frequent.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">โก</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fskillgate%3Futm_source=email%26utm_medium=tldr%26utm_campaign=skillgate/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/akEsd--XC0O709ronOXh5bp_P-6T74Qsi_2zTFeCa5w=452">
<span>
<strong>Skillgate: A free security scanner for AI instruction files (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Your AI agent runs whatever's in a skill, hook, or CLAUDE.md file. Who's checking it? Mitiga's scanner applies 80 detection rules and flags anything suspicious. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fskillgate%3Futm_source=email%26utm_medium=tldr%26utm_campaign=skillgate/2/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/rUh7FjW1KQY99IEifXE1SxBADPt7BUfCwZIOnFY6H2M=452" rel="noopener noreferrer nofollow" target="_blank"><span>Free to use, anonymous to browse</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FKDFzvP/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/PQroGwpFRA0xSRjcUFjcZ9dd5DBEiy_xM1RNqzBok7o=452">
<span>
<strong>Centers Laboratory Data Breach Affects 540,000 Individuals (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Centers Laboratory in New Jersey reported that attackers accessed its systems for several days in August 2025, stealing personal and health data for over 540,000 people, including SSNs and medical information.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Ftz7Nvd/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/uCgZXUHYKdGFLE-RQ8IJI12wUUbkbTkUxYls6nzg5v4=452">
<span>
<strong>US and allies warn of Russian critical infrastructure attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NSA, FBI, CISA, and 15 allied agencies attribute ongoing attacks on energy, communications, healthcare, and government networks to FSB Center 16 (Berserk Bear/Static Tundra).
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbugs.debian.org%2Fcgi-bin%2Fbugreport.cgi%3Fbug=1141976%26utm_source=tldrinfosec/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/g5unHVnlpkdAvo641V7y1ToCeCDxBJU8Tliah4apzfk=452">
<span>
<strong>mariadb-server: Upgrading to 10.11.18-0+deb12u1 enables systemd socket activation unconditionally (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Debian bug report indicates that the new [Install] stanza in MariaDB 10.11.18-0+deb12u1 causes dh-installsystemd to enable mariadb.socket by default, silently exposing port 3306 on all interfaces instead of localhost-only.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/ScgcMGbLgKfSgQGkuXYNgRj_HfVJh8QrkaZVWA0v0pM=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/hSDYkIuZXTNP92Kv8lwgmGrW2zEZuSEgorYVmsy82Sw=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? ๐ฐ
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/8QX4MKhIh9CfQRL8_zZRZhEZVDfEOnp47u0D78okLeM=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? ๐ผ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/vItBvYYOs1ja2oqy_OZ3ZPY7HZdRHVd6XtFbYNSzhD8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/DfPrfSFnbh_1_lHENZNzvjN8ymXY6YjVkev3YNo_nps=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Bd0bXn-HELDcJ27vyV84XMKyY6yUKbMdM6EIfpFhWz4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Hl5ouqS4LH0f17KlXe5zTadP13vSZte0kgxmA8tw3kY=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/Ab1RIQ9uEuz6TcKPLDYaOdAwT4YLFvX1_zCayKOH5nM=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/tAjY0f3SptZtWn6HSStg6uFuIJzt4Pd2juDkVuJlyjM=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/mIUVw4zsUY4mZG6N9ahgEwVeU1ERMLPgqSyj5LnXjmQ=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=df8c876e-7f49-11f1-90fa-5bd671f97a10%26pt=campaign%26pv=4%26spa=1784034155%26t=1784034602%26s=e2e05c11f19a022361713c8438cefd56d8ba6fdd7ca01c4726611361aeb917b8/1/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/ETGA8xm-ZwUN9NSVZV0nplSXYE4bZ9ew6lRherM69tg=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f60bfae91-d603ff86-428f-472a-8a37-49597eb7eace-000000/7JMS-KPXbTI5Hlzt0DKbCX39Gs1q4ta88aIzUn4CFZo=452" style="display: none; width: 1px; height: 1px;">
</body></html>