<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Two threat groups abuse OAuth client ID spoofing in Microsoft Entra ID to test stolen usernames and passwords without generating successful sign‑in </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/Vb3ovjybpCKFQk_jQmWG0JV8Up2wFj9EnrI7G3_m2PQ=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/kzTUwRJF9yuvPeuhnV7OWj1R7zoafelisqjK_yoUVRg=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f5d2f2b2-7ffb-11f1-9a9f-eda2350753cf%26pt=campaign%26t=1784121025%26s=d3a8656ff0a6c8511799265d877f1f7d602d59f8a7099554ce1ff226b95cb277/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/w4FVEFp0g0wJMac3b2xhfJbqOvCU5oBCnMjUgsqBuiE=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F0616bb46-1fee-4bdf-8cab-ff41b971eb3d%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=brand_agentic_trust%26utm_content=reg_page_agentic_trust_in_action_header_offense_what_cyber/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/1ELbTxMg0-mxoY8i_KePGG_PwroxGJJGH2bVAB0cmEI=452"><img src="https://images.tldr.tech/human.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Human Security"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-15</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F0616bb46-1fee-4bdf-8cab-ff41b971eb3d%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=brand_agentic_trust%26utm_content=reg_page_agentic_trust_in_action_header_offense_what_cyber/2/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/Dpka6QgxUTtOwJZFtGL22--u_pDR9fEIGHvKdIise6w=452">
<span>
<strong>On the Offense: What Cyber Attackers Revealed During the FIFA World Cup (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
While fans watched football, HUMAN's Satori Threat Intelligence team watched the attackers. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F0616bb46-1fee-4bdf-8cab-ff41b971eb3d%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=brand_agentic_trust%26utm_content=reg_page_agentic_trust_in_action_Body_them_live_conversation/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/oBeViw7lzdJ8Jop4TblvxEyDU34XRDfeeznTUy8nDuc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join them for a live conversation</span></a> on what what they uncovered: emerging bot activity, AI-enabled abuse, fraud campaigns, and dark web operations.
<p></p>
<p>More importantly, learn what these findings reveal about the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F0616bb46-1fee-4bdf-8cab-ff41b971eb3d%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=brand_agentic_trust%26utm_content=reg_page_agentic_trust_in_action_Body_ttps_attackers_likely_use/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/kFE9_mimjyXPC22friyHWRpxHQTUEn8F_DAAx8_F8Yo=452" rel="noopener noreferrer nofollow" target="_blank"><span>TTPs attackers are likely to use next</span></a> and how your team can prepare:</p>
<p>🎯 How attackers exploit high-volume traffic events</p>
<p>🤖 The bot, fraud, and abuse trends that emerged during the World Cup</p>
<p>🛡️ What security teams should do now to prepare for the next surge</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhuman.registration.goldcast.io%2Fwebinar%2F0616bb46-1fee-4bdf-8cab-ff41b971eb3d%3Futm_source=tldr_infosec%26utm_medium=newsletter%26utm_campaign=brand_agentic_trust%26utm_content=reg_page_agentic_trust_in_action_cta_live_july_22/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/iHl1EQCgr78aUE1CXzBKgbvolQ6pdv80POkUGELjZUU=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Join live on July 22 →</strong></span></a></p>
<p>(Don't worry, it's 3 days after the final 😉)
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F07%2Foauth-client-id-spoofing-lets-attackers.html%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/m78aBHkU0z2CQvVVoR18pqkUj0ttybtv6JqUs4YmTsg=452">
<span>
<strong>OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Two threat groups abuse OAuth client ID spoofing in Microsoft Entra ID to test stolen usernames and passwords without generating successful sign‑in events in logs. They send ROPC flow requests with syntactically valid but fake client IDs, then read AADSTS error codes to confirm account and password validity. Campaigns from UNK_pyreq2323 and UNK_OutFlareAZ have already targeted millions of users across thousands of tenants using AWS and Cloudflare infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fia.acs.org.au%2Farticle%2F2026%2Flifeline-confirms-data-breach-.html%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/CE2TzcEaH5NXIA5jU81mdRfpDuTt8sxNLf8CBDZJH-0=452">
<span>
<strong>Lifeline Confirms Data Breach (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Australian national charity Lifeline Australia confirmed a data breach affecting 10,600 data records belonging to volunteers and staff. The breached data includes names, dates of birth, workplace email addresses, phone numbers, and WhatsApp contact numbers. Lifeline stated that no help seeker or financial data was breached.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FxqFwuL/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/vZqDzGg-RqKQfsK0ZCUvwNkyjSrGumxoNpa5D__JhX0=452">
<span>
<strong>SonicWall Warns of SMA1000 Flaws Exploited in Zero-Day Attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SonicWall warned that threat actors are exploiting two vulnerabilities in its SMA1000 appliances. The first vulnerability is a critical (CVSS 10) SSRF vulnerability in the Appliance Work Place interface that allows remote, unauthenticated attackers to force an appliance to make requests to unintended locations. The second vulnerability is a high (CVSS 7.2) post-authentication code injection vulnerability in the Appliance Management Console that could allow remote, authenticated admins to execute arbitrary OS commands.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fslcyber.io%2Fresearch-center%2Fsmashing-the-servicenow-sandbox-pre-authentication-rce%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/J4wtSJSiw9dJW_dCEuMhXeS90eV9bRAXLiGoOzNUxn4=452">
<span>
<strong>Smashing the ServiceNow Sandbox – Pre Authentication RCE (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers found a pre-authenticated remote code execution path in ServiceNow by abusing GlideRecord query filters that accept JavaScript expressions and run inside a JS sandbox. They showed how to escape this sandbox by manipulating script includes and global objects until attacker-controlled code executes in an unsandboxed Rhino context, allowing data exfiltration, admin account creation, and command execution on connected proxy servers. ServiceNow assigned CVE-2026-6875, rolled out mitigations within 24 hours, blocked modification of key JS functions, and introduced Guarded Script to sharply restrict what pre-auth filter code can do.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fagentic.tracebit.com%2Fcontext-bombs%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/1YVJ2wWKYxlkuDUQiYd4JcWfqAUK8B3wqswuLOXAQCs=452">
<span>
<strong>Context Bombs: stopping AI attackers in their tracks (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI agents conducted autonomous red‑team attacks in a simulated AWS account seeded with ten misconfigured attack paths, using leading models such as Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi K2.6. Tracebit embedded short “context bomb” strings within canary secrets. When agents read them, provider safety filters halted further model calls, and the canaries triggered alerts. Across 152 runs, full admin access dropped from 57% to 5%, and complete compromise with persistence fell from 36% to 1%, with no successful path completed without an alert.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F07%2F13%2Fdefending-saas-based-applications-against-shinyhunters-oauth-abuse%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/dYmKNVkHVX_98LpgEkOetkq4l0x6l-ZEtwAciGDzeP4=452">
<span>
<strong>Defending SaaS-based applications against ShinyHunters OAuth abuse (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Between mid‑2025 and mid‑2026, ShinyHunters used vishing and supply‑chain attacks to gain OAuth‑based access to Salesforce environments, posing as IT staff or abusing compromised integrations like Salesloft, Gainsight, and Klue to run high‑volume API queries and exfiltrate CRM data while blending in with normal traffic. Microsoft and Salesforce expanded telemetry and real‑time monitoring, added risk‑scored visibility into connected apps, and published hunting queries and Defender detections so teams can spot suspicious OAuth activity, over‑privileged or unused apps, and large report exports tied to specific identities and infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4winx1z%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/xhtJo-iPx6rymoVsDYxJC7eN4K4CfY3r9Q0kielMFV0=452">
<span>
<strong>Extending Zero Trust principles for the agentic era (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
<strong>“</strong><em>From Zero Trust to Agent Trust,</em>” from Teleport, explains why Zero Trust principles must extend to accommodate agent behaviors. Agents are neither human nor machine, with speed and scale that challenge security frameworks. Learn about Agent Trust principles, common failure modes, and what it takes to operationalize them.<strong> </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ffandf.co%2F4winx1z/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/NDTUnqAOWbzK9O7BRgbXN9DaqtagBRW82gtaN0PZOS8=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>Read more</strong></span></a>.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.valarian.com%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/IhYU13GhICj9Rbkyx7UvSNBFBBQc_V_7WDLiJAnPysk=452">
<span>
<strong>Valarian (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Valarian's ACRA is a control layer on top of Kubernetes that runs workloads in isolated enclaves, enforces strict identity and network policies, and manages short‑lived secrets and logging. It works across cloud, on‑prem, and air‑gapped environments.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fobdev%2Flittlesnitch-linux%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/D9iqgmP6TG9uTru7HiH8LDiR8bhIB2fxXDalk14Pizc=452">
<span>
<strong>Little Snitch for Linux (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This repository contains the open-source portion of the newly released Linux version of the popular macOS network monitor and personal application firewall, Little Snitch.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fcynative%2Fcynative%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/tRNpP2xpywdAbbRLBNSowE1EJXyTotSVPq0o8n-JXeA=452">
<span>
<strong>Cynative (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cynative is a sandboxed, read-only AI agent for querying infrastructure across code, cloud environments, and runtimes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7zhh67/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/mIverpjRFPjW1KW5N67WObYNau2BQAWto0_AwTz4_nM=452">
<span>
<strong>Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ransomware group D1R claims it breached Synopsys, accessed a 40,000‑entry client database, and then used that data to target Bosch's intellectual property. Synopsys says monitoring shows no unauthorized access and calls the claims unfounded. A “proof” document from the group appears to be a publicly available Bosch manual, casting doubt on the credibility of the extortion attempt.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F07%2Fthe-us-government-warns-that-russia-state-hackers-are-coming-after-your-router%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/eOME3cMDHhYdNPcAcVutyecr45D856N84B1UAjQygbc=452">
<span>
<strong>The US government warns that Russian state hackers are coming after your router (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
US authorities flag ongoing Russian FSB campaigns that compromise poorly secured home and small-office routers and then use them as proxy exit nodes for attacks on critical sectors. Attackers scan for SNMP-enabled devices with default credentials, deploy malware through them, and hide behind trusted IPs. CISA urges disabling outdated SNMP versions, strengthening passwords, updating firmware, and disabling unnecessary services such as Cisco Smart Install.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F07%2Fnow-defenders-are-embracing-the-prompt-injection-too%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/-5BDXSvgZ7p_vw4g7w0p6itSZdB0TjecwwK12CQgShE=452">
<span>
<strong>Now, Defenders Are Embracing the Prompt Injection Too (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from TraceBit reported that a new defense, dubbed Context Bombing, has proven effective in preventing agentic attacks. The technique involves placing prompts that request forbidden actions, such as instructions to build nuclear or biological weapons, adjacent to sensitive data. In their tests, they found that using this defense on AWS stopped agentic attacks because the model's guardrails were triggered.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.hipconf.com%2Fwhy-attend%2F%3Futm_medium=pd%26utm_source=tldr/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/4oo8PL1X0ehD1s_8B16ESiI54AlvzKJn3zOeg94DyU0=452">
<span>
<strong>HIP Conf: Where Identity Security Gets Real (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
For cyber defenders, cyber leaders, and everyone serious about identity security: The Hybrid Identity Protection Conference serves up real experiences, real connections, and real tactics to ensure true cyber resilience. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.hipconf.com%2Fwhy-attend%2F%3Futm_medium=pd%26utm_source=tldr/2/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/hX3LE6o-8bNszB5q2Oe7Y40v8P_nXDXYP19KhMUMG0c=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join the community</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.scworld.com%2Fbrief%2Finmate-charged-with-stealing-seized-cryptocurrency-while-serving-prison-sentence%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/xFBQ53BbNMdCeyr_g_DnKHea2iKRnvoaw0v7HoyLP3U=452">
<span>
<strong>Inmate charged with stealing seized cryptocurrency while serving prison sentence (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Rossen G. Iossifov, already imprisoned for laundering millions tied to a mass fraud scheme, was charged with conspiring to steal $290,000 in government-seized cryptocurrency from behind bars.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ftego-ai-finds-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/9DmDdwETe5-jt8GHorkI4GB68fPAkHnqUH1c0mG9AOM=452">
<span>
<strong>Tego AI Finds Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Tego AI disclosed that Anthropic's Claude Tag Slack integration could respond to literal "@Claude" text from bots or automated feeds without a genuine mention, potentially letting untrusted content trigger unauthorized retrieval, posting, and deletion actions in connected systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-july-2026%2F%3Futm_source=tldrinfosec/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/i-heO2LDttazWOTRhBFiGpwKMf9x8uFp2BWUSCSTknw=452">
<span>
<strong>Microsoft discloses 'the mother of all' vulnerability loads, tripling June's previous record (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's July 2026 Patch Tuesday addressed 622 vulnerabilities, including two actively exploited zero-days, CVE-2026-56155 in AD FS and CVE-2026-56164 in SharePoint Server.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/RG1KcBxIrZk-pdosmdrG2IAKuCaXLVo-Fw8sofZivBI=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/qMMyC2YlR8Id8ckNSvBNxaA1llsQBUMD12Tv928lcD4=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/-qg8GSPyRpbm8X2sHTuliJQf0F3k5RENm4eqapw6lsI=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/LTcMLIRgzY12nQJZZBJq1hbcdKMF2AlZrsIXX0irMvw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/_ZVcO_WwUfg33fiwId4w_WzzUNgPSUrYXKjWDSZuHXk=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/hORSu07GXezflTCClw3B5FwaCDbde5_tg9a8vr1r-Sw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/KPMyGCg8kl9uXzHeJ4Odyx4wy6GNmXCpf0YN-qrbcuU=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/vHWyzkvPWzB12zSJ8YA5N7kLgJkwDr81m5UjDZ67PoI=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/SL9Z7oyGx5-Jm3DPG4j2XXS6lgbpcZ2LwxiqZKpCnqc=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/33EtxgBhs8eIVxiWMX0TMTQKfvGOBHKZj_06dXEjKRk=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=f5d2f2b2-7ffb-11f1-9a9f-eda2350753cf%26pt=campaign%26pv=4%26spa=1784120584%26t=1784121025%26s=9cd8bec07ae8802bdb0b2c197dea5a5855c3c5cc4be23eab830d116ef2b0815a/1/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/vbazxQofjSiunZDgClffxY3XJz7VSEI2ROg8Pq-vpaI=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f65e66312-0fb22c96-19cb-43fc-9526-3ce93323e4bc-000000/1AVLiTGqV7JTOTg6xt7UAQIsVXpY1pkp-nHIkzTBrbA=452" style="display: none; width: 1px; height: 1px;">
</body></html>