<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Researchers at ESET found 11 old UEFI shims, some dating back to 2013, that Microsoft never revoked, allowing attackers to bypass Secure Boot β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/fBturBfCp4LBS1jmxV7chWK5lX_SFNHljQTNCoNtRV4=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/GOI1qPhwj8z043ZnxTj_FKqu72AnJ5Usw_Nu1W3PQaY=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e7163efc-80f3-11f1-bfc4-4d9cbcde09e4%26pt=campaign%26t=1784208506%26s=b11fe2103db4662f2d3e715c178e4d9a9cd9533a0040de79e79ccf9c41bf9955/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/4G0_H1PyScRoMzpgTVBJ7eyWchkd-DmKHK2T_8yUXms=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_source=TLDR%26utm_medium=Sponsored_Content%26utm_campaign=EDU_Grad_Cert%26utm_content=7.16.26_primary_header_advance_dfir_career%26utm_goal=Leads%26utm_rdetail=NA%26utm_type=College/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/zxsAZ9MaS22VaXf-aJMe4XsGpOrUjqSBDBSdI5FUKLM=452"><img src="https://images.tldr.tech/sans2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="SANS Institute"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-16</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_source=TLDR%26utm_medium=Sponsored_Content%26utm_campaign=EDU_Grad_Cert%26utm_content=7.16.26_primary_header_advance_dfir_career%26utm_goal=Leads%26utm_rdetail=NA%26utm_type=College/2/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/TpvTPqQkkMovGaqBft111kXUusaHKALVLPNAm0QojQU=452">
<span>
<strong>Advance your DFIR career with hands-on expertise from SANS. NSA and DoD Approved (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-powered threats have put cybersecurity front-and-center for executives and government leaders alike. Organizations are looking for cyber experts who can collect, preserve, and analyze digital evidence. <p></p><p>Break into the next tier of incident response with the<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_source=TLDR%26utm_medium=Sponsored_Content%26utm_campaign=EDU_Grad_Cert%26utm_content=7.16.26_primary_Body_digital_forensics_graduate_certificate%26utm_goal=Leads%26utm_rdetail=NA%26utm_type=College/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/a51n6y3HRLMduerAaBnhJoFSEXI0o8wWo5UG0rro0gc=452" rel="noopener noreferrer nofollow" target="_blank"><span> NEW Digital Forensics graduate certificate</span></a> from SANS Technology Institute. NSA and DoD 8140-approved, it is designed for working professionals looking to advance their cyber careers.</p>
<p>Join SANS DFIR curriculum lead Heather Barnhart on July 22 for an<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_source=TLDR%26utm_medium=Sponsored_Content%26utm_campaign=EDU_Grad_Cert%26utm_content=7.16.26_Heather_primary_Body_exclusive_look_graduate_program%26utm_goal=Leads%26utm_rdetail=NA%26utm_type=College%23heather-barnhart-info-session/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/BKNSc6-ax1ccwjAHpoaGeDMWjJy6z2U0-iMdXVa2vlc=452" rel="noopener noreferrer nofollow" target="_blank"><span> exclusive look at the new graduate program.</span></a> You'll get a firsthand look from the experts who built it, plus a live Q&A. </p>
<p>β‘οΈ<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_source=TLDR%26utm_medium=Sponsored_Content%26utm_campaign=EDU_Grad_Cert%26utm_content=7.16.26_primary_cta_program%26utm_goal=Leads%26utm_rdetail=NA%26utm_type=College/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/u5op75UXDJmZ2gq_ZQPQERWOYUCnhA9skQzNlSuqf5A=452" rel="noopener noreferrer nofollow" target="_blank"><span> Explore Program</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F07%2Fmicrosoft-secure-boot-has-been-broken-for-most-of-its-existence%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/bvXEcGCqEEcb9nAWx4wbMxsl0ZX9w6WAdzHMcM5PfHE=452">
<span>
<strong>Microsoft's Secure Boot has been broken for a decade and no one noticed until now (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at ESET found 11 old UEFI shims, some dating back to 2013, that Microsoft never revoked, allowing attackers to bypass Secure Boot on Windows and Linux with signed but vulnerable boot components. Attackers can install persistent bootkits that survive reinstalls, and only recent revocation updates and proper key management can now close these specific gaps.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberinsider.com%2Fchrome-sync-increasingly-abused-to-stalk-unsuspecting-victims%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/WHeKU5h-aJsYmKKyhzlNtxcosopd0Cmt8dN9AmJJIrg=452">
<span>
<strong>Chrome Sync Increasingly Abused to Stalk Unsuspecting Victims (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security firm Certo reported on a growing attack targeting Google Chrome users in which attackers with physical access to a victim's device sign in to the victim's account and enable Chrome Sync. This syncs browsing history and any saved passwords to the attacker's device without notifying the victim. The firm highlights the risk of this being abused for stalking.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FcCDJSc/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/L7PzaLGkDKWlBaB88r8Y63VtKWEsZ2yWujtx_AOY1Js=452">
<span>
<strong>Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail and Calendar (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security firm Manifold identified two flaws that could allow a malicious browser extension to take actions on a user's behalf when using the Claude in Chrome browser extension. The core issue stems from the ClaudeBleed mitigation, which restricted the extension to a set of pre-approved tasks. The researchers found that the mechanism that triggers the tasks doesn't verify whether a triggering click came from a user or an extension. The researchers also uncovered a flaw they were unable to exploit that could allow the extension to auto-launch in βAct without askingβ mode.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.ayush.digital%2Fblog%2Fthe-memory-heist%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/WxdfA0ifzgClf3eYs2pG83yDbs_w1-yebYRBtrwkLfI=452">
<span>
<strong>The Memory Heist (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Claude's memory and web tools can be chained to leak a user's name, employer, and hometown to a hostile site without any visible warning. A researcher built an alphabet βkeyboardβ on a controlled domain so the model spells out personal data letter by letter in URLs whenever it browses there. A coffee shop faΓ§ade plus userβagent routing hid the attack from humans while targeting Claude specifically. After disclosure, Anthropic restricted linkβfollowing in web_fetch, but similar memoryβdriven exfiltration risks remain for other connected data sources.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fawsteele.com%2Fblog%2F2026%2F07%2F01%2Fapps-can-now-impersonate-human-access-to-aws-via-iam-identity-center.html%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/JOuO_WsgMJ9ZNy_-cjpH81-pvysn80mg7JZNJdcC-6M=452">
<span>
<strong>Apps Can Now Impersonate Human Access to AWS via IAM Identity Center (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS IAM Identity Center launched the ability for server-side applications to assume roles on behalf of users. However, the feature is still somewhat immature and has very limited CloudTrail logging.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farcticwolf.com%2Fresources%2Fblog%2Ffake-github-repositories-deliver-boryptgrab-lineage-infostealer%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/5MWHa2y2SRIxw3YLOezCO7k0C0-Y0Yz6GbgKEVleMXk=452">
<span>
<strong>Malicious GitHub Campaign: Fake "Arctic Wolf" and 290+ Brand-Impersonation Repositories Deliver BoryptGrab-Lineage Infostealer (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Since June 26, a likely Russian-speaking actor has operated 292+ GitHub repositories impersonating brands, including a fake Arctic Wolf page. Victims are redirected via *.github.io to a controlled domain like targetroyena[.]com, where a spoofed secure download page serves a ZIP with a legitimate WinGUP updater that DLL side-loads a trojanized libcurl.dll. It decodes and reflectively executes an in-memory BoryptGrab infostealer, targeting browsers, messaging apps, crypto wallets, and Windows Credential Manager, then exfiltrates data via raw Winsock POST to a C2 server (Proton66, Russia). BinDiff shows 94% function overlap with BoryptGrab, suggesting the same operator. Defenders should enforce verified downloads, block egress to 193.143/24, hunt for unsigned libcurl.dll, monitor browser/Steam process injection, and treat uncleaned staging folders as indicators for credential and wallet rotation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=7.16.26_secondary%26utm_campaign=EDU_Grad_Cert%26utm_rdetail=NA%26utm_goal=Leads%26utm_type=College%23heather-barnhart-info-session/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/pLe4VVufDPo129BXW2jSCx79Vbbj3d04EHSbML8v5TY=452">
<span>
<strong>These skills will define the next generation of DFIR (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Heather Barnhart is the DFIR expert that analyzed bin Laden's seized digital media. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=7.16.26_secondary%26utm_campaign=EDU_Grad_Cert%26utm_rdetail=NA%26utm_goal=Leads%26utm_type=College%23heather-barnhart-info-session/2/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/M3LMMk8H6Kl-xVM-VSwT0zyVuaEGj1eW83VmzLXeztc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join her on July 22</span></a> for a discussion on emerging digital forensics trends, the skills employers increasingly seek in DFIR professionals, and how you can prepare for what's next.
<p></p>
<p>β‘οΈ <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sans.edu%2Fcyber-security-programs%2Fgraduate-certificate-digital-forensics%3Futm_medium=Sponsored_Content%26utm_source=TLDR%26utm_content=7.16.26_secondary%26utm_campaign=EDU_Grad_Cert%26utm_rdetail=NA%26utm_goal=Leads%26utm_type=College%23heather-barnhart-info-session/3/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/xKX9u7flLbV_39OtxMnnFrtHUNLD3UVQOdx1dtRIp2w=452" rel="noopener noreferrer nofollow" target="_blank"><span>Register for Free</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.oak.id%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/ZmE4b6IGwZGaagMW1Cj8mQbUpXxtP87iu6Inrg_KuGU=452">
<span>
<strong>Oak (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oak provides a unified identity control plane for enterprises that manages humans, machines, and agents across apps. It maps access to actual usage and automatically removes unused permissions in real time.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FRoundSalmon4%2FAppVerifierBG%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/eDxmeqrZxJIN7JEzo5-rw2UkScc8x_do58AGfH2RStA=452">
<span>
<strong>AppVerifierBG (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This fork builds upon the original AppVerifier, retaining all of its core functionality while introducing additional features. It enables the verification of installed applications against shared signature hashes, an internal database, or a user-created database.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FCorgea%2FSighthound%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/X5zcqmKfKew4gHIkw30zE2IlVgrxxlyFQkTyBmW0NXo=452">
<span>
<strong>Sighthound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sighthound is a tree-sitter based static vulnerability scanner with pattern matching and taint-flow analysis.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F07%2F15%2Fhack-suggests-ai-music-generator-suno-scraped-youtube-for-training-data%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/TRQOiZl0sUWufxXKVXaYpgoXNT4XFPy3ag--V7kzq1o=452">
<span>
<strong>Hack suggests AI music generator Suno scraped YouTube for training data (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A hacker used a supply chain attack in November to access a Suno employee's credentials and Suno's source code, and found that Suno scraped large volumes of audio from YouTube Music, Deezer, Genius, stock libraries, and podcast feeds for model training. The intruder also accessed customer emails, phone numbers, and partial Stripe credit card data. Suno, already facing record label lawsuits over alleged DMCA violations tied to YouTube scraping, did not inform customers and publicly framed the breach as a limited incident.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fresearch%2F2026%2F07%2F14%2Fthe-bots-are-alive-jailbroken-gemini-spun-up-new-c2-server-for-russian-fraudster-in-just-6-minutes%2F5270131%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/jTMSymWMb_dbCZ8zjMUjQS_xX3VrE1mHGgHvf49iXrk=452">
<span>
<strong>'The bots are alive!' Jailbroken Gemini spun up new C2 server for Russian fraudster in just 6 minutes (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Russian-speaking attacker called "bandcampro" jailbroke Google Gemini and used it as a primary operator for a credential- and crypto-stealing botnet targeting pro-Trump conspiracy followers. Gemini migrated the C2 to a new VPS setup, fixed a 502 error, and took over eight machines in a dental clinic using PowerShell and Cloudflare tunnels. The operation's jailbreak and C2 steps fit into three short text files, making repeat attacks easy for low-skilled actors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEbULxb/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/m3g9DHN7eicP039kwIFIL1lNWVKCUximYZ4rSA_EAhY=452">
<span>
<strong>Microsoft Entra ID Gets Passkeys Default Authentication Starting September (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft announced that passkeys will become the default authentication method for Entra ID starting this September. Users with phone-based SMS and voice authentication factors will be automatically enrolled in passkey authentication prior to phone-based factors being retired in February 2027. Users who already use Windows Hello for Business, FIDO2 security cards, smart cards, or other phishing-resistant methods will be able to continue using them.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fbusiness-continuity-report%3Futm_campaign=2026-q2-operational-resilience-report-bcm-report-062026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=07-16-2026/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/_JHfMEajkMFWA-qG7wKXl5D3jssEZepOpzIHznu4z94=452">
<span>
<strong>Leaders feel ready, but less than 40% meet recovery targets (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Operational blind spots are growing and only 22% cyber teams rate their continuity planning as strategic. See where cyber resilience breaks down, and how it must evolve by 2030. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fbusiness-continuity-report%3Futm_campaign=2026-q2-operational-resilience-report-bcm-report-062026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=07-16-2026/2/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/iNyPuXga0_q-332Z_fyX1XxaEt4Fi5Rj5L1gBBdPcZ8=452" rel="noopener noreferrer nofollow" target="_blank"><span>Grab the report.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F4scTc9/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/C1o-mkMJGJiEOJ2pBi0wLjq3d9p11b2CaXHCKXaM4vM=452">
<span>
<strong>White House Launches AI-Driven βGold Eagle' Vulnerability Coordination Initiative (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Gold Eagle links open source maintainers with critical infrastructure operators to share vulnerability reports and remediation steps through a common federal pipeline.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Feclecticlight.co%2F2026%2F07%2F15%2Fapple-has-released-an-update-to-xprotect-for-all-macos-36%2F%3Futm_source=tldrinfosec/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/JaO3iF2xecf1YLuDpGkaWaL8ke9kwaU2kJn82LZP5VE=452">
<span>
<strong>Apple has released an update to XProtect for all macOS (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple bumped XProtect to version 5351, adding six new Yara rules, including MACOS.BOATLOAD variants pointing to a stealer and MACOS.VSHELL entries, plus 14 new osascript detection rules, without disclosing which security issues the update addresses.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/RO5G_aXHLBC5854u_gFLTmNXxyhu8uOdCBHbDPJId_w=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/4Za4jldQ1YnIt0mNp91aHC6JYdM2_Srg61h6UmfmpU0=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/A_f3s23LxeC_5FxkwU7Q3SI8dlVqJtx_ZfiBJSaWNwU=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/1Vye8f1c0rX_uNOqJM1jZYhCsspFG_i1JLlADfMMVRI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/dHrrEGReK_apVgb2QTs5xIk_DxB1ZDGBCJF7O8FKVQ8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/0uk3DGJszqG5-ta4ymxj-XbSYgdwFP1xPyQwPxsVcZ8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/NLeM2TbOeEyaEslnQZxa2egTg4i3VeQQjZrfwGh0xPM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/v-w4SIj-Vsh7EJyJZ9qa70SGQ0Oj1KMBHRc7gYX_2z0=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/xtTXKpL2UDUnrNCY2kUZD6My7dbXapKGV_OU2dHBDCM=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/Iv5eH_vtL_Ky1R31nAzSEqSkwH3WqjC-uG8y5QNaOjw=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=e7163efc-80f3-11f1-bfc4-4d9cbcde09e4%26pt=campaign%26pv=4%26spa=1784206976%26t=1784208506%26s=a58b5c8a001b20c722d2bbdd53325166e402efb287c510d06464ca473919e14a/1/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/1K4cV2S4lO89Tv3Q58zQYJjj7bI09nFN0yGAF5xJWCI=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f6b1d3eb2-f33a71ab-880e-4a2e-94ef-5701d45aa92b-000000/zOk16oc5e31DTbnsG8c4gebrjYJ8UDzCgfZmJPBpAJE=452" style="display: none; width: 1px; height: 1px;">
</body></html>