<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">ClickLock Stealer is a macOS malware that has been seen since late May, with confirmed victims in at least 33 countries and over half in Europe β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/sJRWissJb4ex-Rd4z-33868up4MS4TM4_VmN8wMC7nk=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/66Jze8M4necPsMQqPbOX7VsBQza1CKa39P4ImBk1hLc=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=671e3c88-81a5-11f1-b2da-c1082bdf68d9%26pt=campaign%26t=1784293697%26s=b513ccd728293245d37cb9c33bb36d5d412dbe28925d3abab296b0fff5dbd0a2/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/iupMBCt0T3K-29Xo6oOZ_XpdyG9s6UuEehR34O0QYqo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-07-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FMjToLY/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/UoQDTuX2jfkqY3FQ1vhA8EOvc40lJ25hcwQ0LT0Lp3M=452">
<span>
<strong>βClickLock Stealer' Bypasses macOS Security With Social Engineering, Process Killing (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
ClickLock Stealer is a macOS malware that has been seen since late May, with confirmed victims in at least 33 countries and over half in Europe. It tricks users into running a bash command that pulls four scripts for credentials, crypto, Keychain data, and a backdoor, then kills visible processes and NotificationCenter for hours to force password entry and hide security prompts. Stolen data is archived and sent to a Telegram bot.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F07%2F16%2Fcyberattack-threatens-utterly-critical-infrastructure-in-japan-kfc%2F5272220%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/PH0Fs2AI9uoXeHUd40T25du0LAtKjK_evRpBjojJGyA=452">
<span>
<strong>Cyberattack threatens utterly critical infrastructure in Japan: KFC (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A cyberattack hit Nichirei Group's logistics systems, blocking frozen food shipments and disrupting operations across its refrigerated warehouses. KFC Japan relies on Nichirei for ingredient delivery, so it halted online ordering and warned of limited menus, shorter hours, and possible store closures. Attackers accessed a server holding personal data, and the company's behavior suggests a ransomware incident with ongoing risk to clients.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FMZKrun/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/qAg_o8ms63eOQBSeSlJeKguT2IBTxaXqQ8PkCayh9o0=452">
<span>
<strong>Zoom Warns of Critical Account Takeover Vulnerability (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Zoom is warning about a critical vulnerability (CVSS score 9.8/10) in its desktop client and SDK for Windows. The vulnerability stems from improper input validation and can be exploited by unauthenticated, remote attackers to take over accounts. Zoom has released updates addressing the vulnerability and has not seen any indicators of its exploitation.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftokay0.com%2Fposts%2Fmillions-of-shark-vacuums-vulnerable-to-rce.html%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/QRSTalrp7Q2_Tfuqinz-GCnnReITshcrC0s4lVM095M=452">
<span>
<strong>No Shark is Safe: Millions of Shark Vacuums are Vulnerable to RCE (9 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher found that all internet-connected Shark robot vacuums can be remotely controlled and used to execute arbitrary code by abusing misconfigured AWS IoT Core MQTT policies and device certificates. By extracting keys from one vacuum, an attacker can subscribe to a wildcard topic, see traffic from over a million devices, and send commands to hundreds of thousands of them. The devices can expose house maps, WiβFi passwords in plaintext, and live camera feeds, turning them into mobile surveillance points inside homes. SharkNinja has been notified, but months later, the flaw remains unpatched.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Foauth-client-id-spoofing-why-fake-client-ids-are-gaining-traction-stealthy%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/eMwmdRKM4SrPT9DvoK0c_KixEv-ZqcPPRAfcgiNNbeY=452">
<span>
<strong>OAuth Client ID Spoofing: Why Fake Client IDs Are Gaining Traction for Stealthy Enumeration (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are abusing Microsoft Entra ID's differential AADSTS error responses, issuing ROPC-flow POST requests to /common/oauth2/token with spoofed or unregistered OAuth client IDs, to enumerate valid usernames and infer password validity via error codes like AADSTS50034, AADSTS50126, and AADSTS700016 without triggering a logged sign-in event or populating an application name for correlation. Proofpoint tracked two independent campaigns using this tradecraft at scale: UNK_pyreq2323 (January-March, AWS infrastructure, python-requests user agent, 700K+ spoofed IDs each reused across up to 12 users, targeting 1M+ accounts across ~4,000 tenants and triggering lockouts for 28% of targets) and the more evasive UNK_OutFlareAZ (December 2025-March 2026, Cloudflare infrastructure, spoofed Outlook user agent, fully randomized UUIDv4 per single-use attempt, targeting 2M+ users via alphabetically ordered common-surname wordlists). Defenders should flag Entra sign-in logs with a populated Application ID but blank Application Name as a spoofing indicator, treat AADSTS700016 responses as potential evidence of valid compromised credentials rather than mere failed logins, and note that Conditional Access policies scoped to specific applications won't catch traffic using spoofed client IDs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Funit42.paloaltonetworks.com%2Ftuxbot-v3-evolution-iot-botnet%2F%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/72HBGe9b-LmVoxcfyqc83y7bp_tFReUerhRL1DiEuxo=452">
<span>
<strong>TuxBot v3 Evolution: Inside an IoT Botnet Framework With LLM-Assisted Development (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Unit 42 traced the TuxBot v3 Evolution kill chain from Telnet brute-forcing across 1,496 credential pairs and largely non-functional native exploits, through seven persistence mechanisms including a disguised sd-pam.service and cron jobs, to an X25519/ChaCha20-encrypted primary C2 channel backed by a DGA and Ed25519-signed P2P fallbacks. The C2 server at 209.182.237[.]133 in Singapore and the dropper at 185.10.68[.]127 in Iceland share a Let's Encrypt certificate that ties them to an Iran-hosted developer and the wider Keksec/Kaitori/AISURU botnet ecosystem. Defenders should block the listed C2 and dropper IOCs, watch for Telnet brute-force attempts and the "Infected By Akiru" console banner, and treat this as a near-term threat since researchers showed the LLM-introduced bugs (XOR key mismatch, exploit VM magic mismatch, and hallucinated Argon2id) are trivially fixable.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0K0Uyv%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/mWp-h_QPGXy6HC2enxC8VikUVHoERsgHZ7cxDG8DEo4=452">
<span>
<strong>3 perspectives from the cutting edge of offensive security: tune in live on July 21 at 10AM EST (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI is collapsing the economics of cyber offense; defenders must urgently evolve past static pentesting. Join this <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0K0Uyv/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/UcYPGyoHfhkkPkv50zxtm_WM-ZPJGmlovwZC6NqB5LQ=452" rel="noopener noreferrer nofollow" target="_blank"><span>must-attend fireside chat</span></a> to make sense of the AI pentesting approach with ideas you won't get anywhere else. Featuring <strong>UiPath CISO Scott Roberts</strong> (practitioner), <strong>IDC's Katie Norton </strong>(analyst), and <strong>Novee's Ido Geffen</strong> (builder). <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0K0Uyv/2/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/TOPJKOqSEJ8h27UuDeajl6YsxSWdwz8iMYshjij70J0=452" rel="noopener noreferrer nofollow" target="_blank"><span>Don't miss out - save your spot</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fhelixmap%2Fsigwood%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/0JzwSf2Cf-E3K8DoBg9OKVNTWzt6_q14K5tJyNOyhn4=452">
<span>
<strong>sigwood (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
sigwood is a local-first, command-line threat-hunting tool for self-hosters. Point it at logs you already have - Zeek, Pi-hole/dnsmasq, syslog, or CloudTrail - and it profiles what's in them, then runs a handful of detectors over them: beaconing, suspicious DNS, port scans, rare syslog events, over-long connections, and unusual CloudTrail activity.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fandreicscs%2FHoneyWire%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/3dEx0YKBiJRLPcliY6YfygsVGWw9atuuL4LFFyokQqs=452">
<span>
<strong>HoneyWire (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HoneyWire is a distributed deception platform that deploys sensor-agnostic tripwires (TCP tarpits, file canaries, ICMP canaries, and web decoys) across internal networks and reports intrusions to a Go-based Hub with syslog/Discord/Slack alerting.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fkrovix-1902%2Fdetectionforge-%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/Kz-RQnpredoogkllwVZsIhSEZx0P1IsDc9sTlJZrP5U=452">
<span>
<strong>DetectionForge (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DetectionForge is an autonomous detection-engineering agent that can turn threat intel into ATT&CK-mapped detection rules.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fnoyvdq/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/0xFJrX2vUJaPIJEIL8iHHN0VPuS5-SEqLiUvPus1LSg=452">
<span>
<strong>Police Disrupt a β¬140M Cyber Fraud Ring in Spain (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Spanish police, working with partners abroad, broke up a gang that ran MitM attacks, CEO fraud, fake invoices, and bogus investment platforms, stealing at least β¬140 million. The group relied on over 70 people, shell companies, and hundreds of bank and merchant accounts to launder funds. Authorities arrested four leaders, seized devices, and recovered part of the money for the victims.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0R0atd/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/EsTNTKMo3xeo4lDTE1mescRD2pOTleczlPmTCsP9Ezw=452">
<span>
<strong>GPTβRed: Unlocking Self-Improvement for Robustness (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI trains GPTβRed to run automated promptβinjection attacks against internal defender models and live agent setups, such as a vending machine controller and a Codex CLI assistant, then uses those attacks to harden GPTβ5.x models against data exfiltration and tool misuse. GPTβ5.6 now shows sharply lower failure rates on direct and indirect injections while keeping normal capabilities intact.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fblog%2Fagent-evals-production%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/3TofnDk_sHi7X_8a3X0TalK75OQMnVPajGz3LOYfbEo=452">
<span>
<strong>Why agents that pass tests fail in production (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mercor co-founder Adarsh Hiremath argues that agents that pass one-shot tests still fail in production because success is measured by output rather than trajectory, and that production-grade eval suites need continuous, representative monitoring rather than one-time validation. He recommends a staged rollout, a personal assistant, sandboxed tools, real users without real data, then phased production, to limit the blast radius, while 1Password's Nancy Wang frames non-human identity governance as the harder, unresolved problem, since agents authenticate via long-lived tokens that don't generate the audit trails security teams rely on.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F07%2F16%2Fuk-cops-say-arrest-of-two-young-hackers-disrupted-the-operations-of-an-infamous-hacking-group%2F%3Futm_source=tldrinfosec/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/t-ttN2GpM7OGAuiD6ovJogtjRPh2WnB7zPPR6hCBsLg=452">
<span>
<strong>UK cops say arrest of two young hackers disrupted the operations of an infamous hacking group (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
UK police jailed Owen Flowers, 18, and Thalha Jubair, 20, linked to Scattered Spider, for the 2024 Transport for London cyberattack that crippled ticketing and real-time train data for weeks and caused about Β£29 million in losses.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQ023uN/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/KY_sxPOwc6rH8uU_ziaeNGd3ow1rQt0D-bgJt_GNIbA=452">
<span>
<strong>Coca-Cola says Fairlife ransomware attack halts US dairy production (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Coca-Cola disclosed in an SEC 8-K filing that a ransomware attack on its Fairlife dairy subsidiary forced a temporary halt to US production.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/N_8u7nyBtVw5MZqBv6R30ltIfWZDwG8dbHYYHmcACj8=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/3zQ00uLhedQq_NxBAr7zXPJV5eWXlDCwkfSMt1g_aNs=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/X1Ksnq_ZI2_IS6nXZa3XpVtBr4JmYsRHG916xvqY2cs=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/qzftaSthWUgR8SJRVcHCm2vEY5NPA7Xuwc7EhlGA9vU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/bhdkCHbf9Kyi1Z6OUsS_W5uyBLCcGRnE1JA33SltLro=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/NRZMWifU7N2At-eaO2JImoiUNejcYqGNNTDVy4qzavI=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/sNBqBOu0-I7a9N4cclRqZuLhc8S05mYCcO3trYly6ZU=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/DvXnStJJvPeR_0Xm_LNeq4S3HB2vqEjDuqM6gzdPiCA=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/Pn5CDa960xJ_l83tmKX9yY9bagj_pdCpf3szTIreZ7g=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/CUq7-rt9EMJetszVSJ-jR8HWGrESvnl5peHBP9Ibu0w=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=671e3c88-81a5-11f1-b2da-c1082bdf68d9%26pt=campaign%26pv=4%26spa=1784293260%26t=1784293697%26s=4a0786145bc2178aa64ee87aa6357b1a88819d78c047f7b6c9f99a3ce5ea5e2b/1/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/Bk76n2sl_3fNpvLRf5MuIQH12sKxdnWK_Vz0XZBctHw=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019f70312673-64099022-7d9d-466d-9541-6e88b78271f2-000000/GNl2lrt8q4iJeJsM-0lCXyYZ1L4wvyjCVTnbY1hN-Os=452" style="display: none; width: 1px; height: 1px;">
</body></html>