<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">SnapSec researchers discovered a stored XSS vulnerability in Atlassian Jira Work Management's custom priority settings. </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/-PEsxa7VhqYlfZlRTIIdr1eG5mC_zdyjafuW2mmboxI=451" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/L9t54Ef2GAzAKpSc7hXYH4uSf6WIlRp2wGK_TUsBFRA=451" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4a8df536-2d90-11f1-a63f-05ced38520a1%26pt=campaign%26t=1775048786%26s=402cee423c4637951f00720ea23034a727c9b953193b896b084e0e8a34f48a1c/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/wep5MsZb48YKCk1c0GLMRPRfg54KsDYJ7IPcSDH7_k4=451"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.ly%2FQ04883GN0/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/uSengGFxtR3WoP5IfPRF3AnrOb49tiJ4d7XjRol1oBI=451"><img src="https://images.tldr.tech/blackpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Blackpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-01</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.ly%2FQ04883GN0/2/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/yYIJBr123jD9tcsrznmlFOlErloc3SaRz8McrloLE-Q=451">
<span>
<strong>You can't predict the future, but you can predict the cloud attacks coming in 2026 (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Blackpoint's 2026 Threat Report called it: attackers no longer need to break in because they can log in. This month's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.ly%2FQ04883GN0/3/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/__KWO5r_TP2mrDJ35Xh0VE8ZMyPTpYZCYuPSIOD5nSU=451" rel="noopener noreferrer nofollow" target="_blank"><span>Inside the SOC</span></a> event brings it to life. EP #002 covers:
<p></p>
<p>✔️ Roadk1ll, a newly identified malware strain traditional tools won't catch</p>
<p>✔️ An MSP-wide compromise that cascaded across an entire client base,</p>
<p>✔️ AiTM attacks that don't break MFA. They wait for it to succeed, then steal what comes next.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.ly%2FQ04883GN0/4/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/O8FdwwTPccOI1PeULwrFyoj9z8_neFb8xBZqI8NDv1A=451" rel="noopener noreferrer nofollow" target="_blank"><span>Join the session</span></a> to see active investigations with real telemetry. No theory. <strong>Register here: </strong><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.ly%2FQ04883GN0/5/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/3fHfH0IlZ-KVM9U0jOmcGqX_aiPnoOyQHxjPAkZUFok=451" rel="noopener noreferrer nofollow" target="_blank"><span>Inside the SOC EP #002 | April 7 @ 10AM MT ></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fstored-xss-vulnerability-in-jira-work-management%2F%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/Pf2dY4m1C6ySWZEUU8MmN3sZ6mlit84YM1A8465vNas=451">
<span>
<strong>Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
SnapSec researchers discovered a stored XSS vulnerability in Atlassian Jira Work Management's custom priority settings, where the Icon URL field lacked backend validation and output encoding, allowing a malicious JavaScript payload to be persisted to the database. A Product Admin, a low-privilege role with no access to Confluence or Service Management, can plant the payload in the priorities configuration panel, where it silently executes in a Super Admin's browser during organic page visits and issues a hidden organization invitation that grants the attacker full multi-product Atlassian access. Organizations should enforce strict input validation and output encoding across all administrative configuration surfaces and audit access-control models to ensure that partially privileged roles cannot influence global application behavior.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJVJx9p/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/Gz9oQIZfjd8hQ4dVb1jBhSwafTbmnCevQKq9m0l19Yg=451">
<span>
<strong>Hackers Compromise Axios npm Package to Drop Cross-Platform Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers compromised the npm account of the main maintainer of the popular Axios JavaScript package to deploy a malicious version. The malicious version loads a new dependency that runs a post-install script that downloads a payload based on the OS it's running on and eventually downloads a RAT. The compromise does not seem related to the recent TeamPCP attacks, but Google Threat Intelligence Group (GTIG) surmises that the attackers are affiliated with North Korea.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FueuX0H/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/TIY-_XUogGMLXTZqJ27_w6sJ7BzJBo8bVR3V9nPyYyo=451">
<span>
<strong>Anthropic Inadvertently Leaks Source Code for Claude Code CLI Tool (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic accidentally published the full source code for Claude Code via a .map file published in their npm repository. While Anthropic quickly removed the source code, many users already posted mirrors on GitHub. Users are actively dissecting the code to understand the tool's inner workings.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.sekoia.io%2Fnew-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1%2F%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/Xw5b80XKQmpbrZnAHEi4x5GbTWe_o3hz7uA8Rx3HkVg=451">
<span>
<strong>New widespread EvilTokens kit: device code phishing as-a-service – Part 1 (20 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EvilTokens is a new Phishing-as-a-Service platform that weaponizes Microsoft's OAuth 2.0 Device Authorization Grant flow, tricking victims into entering attacker-controlled user codes at the legitimate microsoft.com/devicelogin endpoint to harvest access and refresh tokens for Microsoft 365 account takeover. The kit automates post-compromise token conversion to Primary Refresh Tokens (PRTs), enabling persistent MFA-bypassing SSO access across Outlook, SharePoint, OneDrive, Teams, Microsoft Graph, and Azure, with over 1,000 affiliated phishing domains detected across Cloudflare Workers infrastructure by March 23. Defenders should monitor for the distinctive X-Antibot-Token HTTP header, block domains matching affiliate Cloudflare Workers patterns, and hunt via urlscan.io using requests to /api/device/start and /api/device/status/, with YARA rules and IOCs published in the Sekoia Community GitHub repository.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fopensourcemalware.com%2Fblog%2Fteampcp-supply-chain-campaign%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/Z_ZnD14_-seiPqNPwHM6TMPTcXR4hcXwsZ-LBAd2Gpw=451">
<span>
<strong>TeamPCP Supply Chain Campaign: A March 2026 Retrospective (16 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TeamPCP ran a six-phase supply chain attack across five vendor ecosystems in roughly five days. It started with a single Aqua Security PAT stolen via a malicious PR against Trivy's CI pipeline in February — credentials that were never fully revoked. That one token unlocked Trivy, Aqua's internal GitHub org, npm (64+ packages via a self-propagating worm using ICP canisters as C2), LiteLLM's PyPI package, Checkmarx GitHub Actions, and Telnyx. The Telnyx phase hid payloads inside WAV audio files using steganography and meanwhile, a parallel payload wiped filesystems on Iranian infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.calif.io%2Fp%2Fmad-bugs-claude-wrote-a-full-freebsd%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/61il3h1rAs-0mBiofNMvkX4Wuua7N4TY6VkL2Jgq4vY=451">
<span>
<strong>MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers at Calif gave Claude a FreeBSD security advisory (CVE-2026-4747) and, roughly 4 hours of active AI work later, had two working remote kernel exploits which both succeeded on the first try. The bug lives in FreeBSD's RPCSEC_GSS NFS implementation: a stack overflow in an int32_t[] buffer with no canary protection and no KASLR, so kernel addresses are fixed. Claude built the full chain, lab setup, multi-packet shellcode delivery across 15 NFS rounds, ROP construction, clean thread exit via kthread_exit(), De Bruijn offset correction, kernel-to-userland process spawning, and a stale debug register fix which ended up producing a reverse shell as uid=0 (root user).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Ffatedier%2Ffrp%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/4z5nYhNjuV9BKKhts21gdsoL5X5hsbcbkXvdie5S_Hw=451">
<span>
<strong>frp (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
frp is a fast reverse proxy that allows you to expose a local server behind a NAT or firewall to the internet.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Foryxlabs%2FPolarDNS%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/94_dDFxEbYL-vrHDfHUeVP-mab24I7cdcXpy8r5LVUY=451">
<span>
<strong>PolarDNS (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PolarDNS is a Python-based authoritative DNS server built for security testing of DNS resolvers, clients, libraries, and parsers over both UDP and TCP. It exposes over 70 features and 19 response modifiers to generate malformed, RFC-violating, and otherwise pathological DNS responses, enabling research into cache poisoning, resource exhaustion, sloth domain attacks, and resolver crashes. GitHub Actions workflow templates for BIND9, CoreDNS, Dnsmasq, Knot, PowerDNS, and Unbound are included for automated E2E test suite integration.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fp-e-w%2Fheretic%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/FDFM1VJ89cBq4tfMA3OYXQs3Y9aUeE4y5SgG_yEe-1Q=451">
<span>
<strong>Heretic (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Heretic is a tool that removes censorship from transformer-based language models without expensive post-training.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresearch.google%2Fblog%2Fsafeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly%2F%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/bvoOzrtS9WvhGhsIkgs40aQBOSTO_Ieth5j2bWVw6dE=451">
<span>
<strong>Safeguarding cryptocurrency by disclosing quantum vulnerabilities responsibly (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google Quantum AI published updated resource estimates showing that Shor's algorithm can break ECDLP-256, the elliptic curve cryptography underpinning most blockchains and cryptocurrency wallets, using fewer than 500,000 physical qubits and 70 to 90 million Toffoli gates, representing a roughly 20-fold reduction over prior estimates. To disclose the finding without handing attackers a blueprint, Google published a zero-knowledge proof allowing third parties to verify the claims without exposing the underlying quantum circuits. Blockchain operators should begin migrating to post-quantum cryptography now, avoid exposing or reusing wallet addresses that reveal public keys, and follow Google's 2029 PQC migration timeline alongside Coinbase, the Ethereum Foundation, and the Stanford Institute for Blockchain Research.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.implicator.ai%2Fnewsom-signs-ai-safety-order-for-california-state-contracts-defying-trump%2F%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/uk2zsazu-_sSCYDNkKtisa0OpFxMmz4TFGvObSNgHjg=451">
<span>
<strong>Newsom Signs AI Safety Order for California State Contracts (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Californian governor Gavin Newsom has signed a new executive order mandating AI companies to prove that they have safety and privacy protections in place to win government contracts. Companies will need to explain how their technology prevents the exploitation and distribution of illegal contents and demonstrate that their models avoid discriminating bias. The new mandate acts on the state level and can make determinations that are contrary to federal guidelines.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.androidauthority.com%2Fgoogle-drive-ransomware-detection-file-restoration-3653354%2F%3Futm_source=tldrinfosec/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/s7QkIykGB5suhNsuYQ2nl2Ga_mOnD5DrWyz--m9FqWw=451">
<span>
<strong>Google Drive Has Some New Tricks To Help if You Get Hit by a Ransomware Attack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google has announced that ransomware detection and file restore for Google Drive is now publicly available after a period in beta. The new features will warn organization administrators if it detects activity that may be caused by ransomware and allow bulk file restore to a previous point before the attack. The file restore feature is available for all users, even on personal accounts, but ransomware detection is only available for certain accounts like Business and Enterprise.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FZjLmp2/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/SBsz76zShuWPJVuisQ7at701ZPwx9TaKP39A5AATnB8=451">
<span>
<strong>Apple adds macOS Terminal warning to block ClickFix attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
macOS Tahoe 26.4 added an undocumented Terminal safeguard that intercepts and warns users before executing pasted commands, targeting ClickFix social engineering attacks that trick victims into running malicious code.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FXgnnOa/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/deDfuo88pUrwLxGEpnI--ETfe2fKLxz0HXhdbKFP29o=451">
<span>
<strong>Match Group Settles US FTC Claims it Illegally Shared OkCupid User Data (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Match Group has settled a lawsuit with the FTC over sharing nearly 3M photos, demographic information, and location data with the facial recognition company Clarifai without informing users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FStfqz0/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/OzRYDpLzcqsRbBfMPVkfOmdojaMcQRg0xuJNYELaXdM=451">
<span>
<strong>Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Vertex AI's default service agent (P4SA) carries excessive permissions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/HD1AQ_9dwIQ5l7hz_ccJ3lzqArnVf98yPlq5lBbjyVI=451" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/u3i95GdIYxBapoBmzT-zxggspziBiZ3yA0IGn3fcIZI=451" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/4D-snZuUR07Wv2x_nvBx53aEGRBVa4mxVNHHdXSO5Aw=451"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/Zr1pcoRNTwihev6YtavHyKI-qj2VooV9iM--xFYkIAo=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/aaIflHllfLUBha2L36STcejXYMIcVlBpoejkrUrJj1M=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/LPRsKdMMKLq2IEJR3uL9Km9x1_-gwHhUqNuG443jnPc=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/H9gQCc6kK6T-BZFtVQXWvFEUzOOryO3TmSWA0cFTgHM=451"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/pShbqNoVoPamfQDZulcZU9E5FeowylA2x36Qev-y_Ic=451"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/FZMVyZg9YDCanUOTI-PWDJS_mNHqYi8v2u4D1NUHD74=451"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/ilmNdl4yFPJHz2Q37j3TVflTO4aRVTWj7vtik5vC5Js=451">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4a8df536-2d90-11f1-a63f-05ced38520a1%26pt=campaign%26pv=4%26spa=1775048468%26t=1775048786%26s=4fa6f783660eb24c75ab5a5de2b52d0edf0d9c719679ffb6a45fde210e017fd5/1/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/NJj9lJ07XNA4DvpWoatytusglorzJ9nV12JG0rA458A=451">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d492703b2-c07e9063-908f-4e6e-9572-7928507a8af3-000000/y3x2spuQGLMo4wNIkLwVq_aNEr2-2DqUUaevZFCVBs4=451" style="display: none; width: 1px; height: 1px;">
</body></html>