<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Anthropic accidentally published a debug sourcemap for Claude Code v2.1.88 to npm, exposing 512,000 lines of TypeScript code across 1,900 files β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/VqK3diyFQudusUscD22VHdsnkfSRn4KQZpLAPU9JbRQ=451" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/6PRTS5H3p3-JupffuCCXggOAeKOlvy6z6dIoaQ9aIkg=451" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=83910d98-2f46-11f1-af70-a75ea2c6a708%26pt=campaign%26t=1775221624%26s=815c25593d746e388461db7140223fa33e36a3f349b36136b9c4a3856135c9cc/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/dxwxFxlHdl22QT-YM6YUdL-mqqdTgb8O3IvtkCutf_o=451"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/YkqRaCgfroPAV28TT4thc_zKg2PE0U5qSrRvSwuyqpk=451"><img src="https://images.tldr.tech/sysdig.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Sysdig"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/2/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/ToP82OkBO5nFPs6JXmu9hJsHKh2VHo5jSAiSD6BPt9c=451">
<span>
<strong>New Forrester Wave report ranks the top 14 CNAPPs. See why Sysdig is a Leader (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Runtime is becoming the source of truth for real risk. In <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/3/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/a6_WDnmKHdQt2rRGp579pB3Tll7IkPpluNmISS0E6TY=451" rel="noopener noreferrer nofollow" target="_blank"><span>The Forrester Waveβ’: Cloud Native Application Protection Solutions, Q1 2026</span></a>, looks at the top 14 CNAPP vendors in light of this shift. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/4/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/v7hi35JlIoDMnkvGoFC8VTZJMxl4JUxd7zIGZBSHbVI=451" rel="noopener noreferrer nofollow" target="_blank"><span>Read this report</span></a> to learn:
<p></p>
<ul>
<li>How Forrester evaluates CNAPP vendors across current offering, strategy, and customer feedback</li>
<li>The state of the CNAPP market and vendor differentiation</li>
<li>Why <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/5/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/ajRe2QgpX-ONEX50QAQZ6ClqXewuZSmCkGan0Q7pjcY=451" rel="noopener noreferrer nofollow" target="_blank"><span>Sysdig was named a Leader</span></a> for runtime-powered, code-to-cloud CNAPP security - unifying posture, vulnerability insights, and runtime-powered intelligence to help teams prioritize and respond faster.</li>
</ul>
<p>Learn how to protect cloud workloads as AI and Kubernetes reshape modern environments. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sysdig.com%2Fforrester-wave-cloud-native-application-protection-solutions-q1-2026%3Futm_campaign=Primary04032026%26utm_source=tldrai%26utm_medium=primaryplacement/6/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/KOKySqlNTEDht2WJ7VIlPauHntB3kafz5uGOzckTJ00=451" rel="noopener noreferrer nofollow" target="_blank"><span>Get your free copy</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FJPEZ1v/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/t4rdpkS2p4COTcrKFFKqkxVOyx7dwjwfMBPbb3g22lE=451">
<span>
<strong>Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2025-53521, initially disclosed in October 2025 as a DoS bug in F5 BIG-IP APM, was later reclassified as a critical remote code execution (RCE) vulnerability actively being exploited after new details emerged in March. Attackers without authentication are targeting systems with access policies on virtual servers. Shadowserver reports over 17,100 internet-visible BIG-IP APM systems, with more than 14,000 still unpatched, despite CISA including the flaw in its Known Exploited Vulnerabilities (KEV) catalog and instructing federal agencies to fix the issue by Monday. F5 recommends that defenders review disk, logs, and terminal history for indicators of compromise, consider UCS backups from potentially affected systems as untrusted, and rebuild compromised systems from trusted, clean sources.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FQKOs4p/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/_-RpTiCQIGBDzIMFNcOzmGzNhjOno1thWjJak65FB2c=451">
<span>
<strong>Critical Vulnerability in Claude Code Emerges Days After Source Leak (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic accidentally published a debug sourcemap for Claude Code v2.1.88 to npm, exposing 512,000 lines of TypeScript code across 1,900 files, which is now permanently replicated online. Separately, Adversa AI found a flaw in Claude Code's permission system: feeding it a 50+ subcommand pipeline via a malicious CLAUDE.md file silently disables all deny rules, with no user warning. This opens the door to stealing SSH keys, AWS credentials, and GitHub tokens, as well as poisoning CI/CD pipelines.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F02%2Fcanadian-money-transfer-app-duc-expose-drivers-licenses-passports-amazon-server%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/HAJKKiAW1J-JndrTGB-_i7bEGxG7KzdcfGbnU2LOz8M=451">
<span>
<strong>Money transfer app Duc exposed thousands of driver's licenses and passports to the open web (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Toronto-based Duales left an Amazon S3 bucket for the money transfer app Duc publicly accessible, no password required, exposing over 360,000 files, including driver's licenses, passports, selfies, names, addresses, and transaction records dating back to September 2020. Duales CEO Henry Martinez GonzΓ‘lez confirmed it's fixed, but won't say whether access logs exist, and now Canada's privacy regulator is investigating.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.crowdstrike.com%2Fen-us%2Fblog%2Fstardust-chollima-likely-compromises-axios-npm-package%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/553_ldWDie55jnSkJPSYxXEt3f9XmaIoZ4KC9L1bcos=451">
<span>
<strong>STARDUST CHOLLIMA Likely Compromises Axios npm Package (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
On March 31, North Korean threat actor STARDUST CHOLLIMA used stolen maintainer credentials to compromise the Axios npm package, introducing a trojanized version containing cross-platform ZshBucket variants targeting various operating systems. This version featured a JSON-based command-and-control (C2) protocol and enabled payload injection and remote execution. Defenders should audit npm credentials and treat Axios installations from this date onward as potentially compromised, given the actor's focus on currency generation and fintech supply chains.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2026%2F04%2F01%2Fmutation-testing-for-the-agentic-era%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/yMzRBFT1qcRt1EiYbowLxvxaAG6K-SIJz26On6bl0ZU=451">
<span>
<strong>Mutation testing for the agentic era (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MuTON and mewt are open source mutation testing tools built for agentic workflows. MuTON targets TON blockchain languages (FunC, Tolk, and Tact), while mewt provides language-agnostic support for Solidity, Rust, Go, and more. Both use Tree-sitter for AST-aware multi-line mutation and SQLite for persistent, resumable campaign state. The tooling improves on prior approaches like slither-mutate and universalmutator by enabling mutant prioritization, SARIF output, and flexible filtering, making AI-assisted triage token-efficient. Security teams auditing smart contracts should evaluate MuTON and mewt alongside a companion configuration-optimization skill to right-size campaign runtimes and surface blind spots that code-coverage metrics routinely miss.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="http://tracking.tldrnewsletter.com/CL0/http:%2F%2Fsecurity.googleblog.com%2F2026%2F04%2Fgoogle-workspaces-continuous-approach.html%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/damq4h9mGtampc0Bia0LCGMFybumNEk5LDDD7K2XcCg=451">
<span>
<strong>Google Workspace's continuous approach to mitigating indirect prompt injections (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's GenAI Security Team has developed a layered defense approach to combat indirect prompt injection (IPI) in Workspace using Gemini, which includes human red-teaming, automated attack generation, and a centralized vulnerability registry. They expand discovered attack methods into various forms through the Simula synthetic data pipeline to enhance machine learning model training and improve security measures. AI application developers should adopt a similar multi-layered strategy, combining fixed controls with ongoing model retraining and comprehensive assessments to prevent security regressions.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cloudflare.com%2Femdash-wordpress%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/z-M5syslkBSSXWx5eTWDPJs5a9uaOF9Mryl7yXOyG-o=451">
<span>
<strong>Introducing EmDash β the spiritual successor to WordPress that solves plugin security (11 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Cloudflare's EmDash (v0.1.0) is an open source, MIT-licensed CMS built in TypeScript on Astro and Cloudflare Workers designed to replace WordPress' fundamentally insecure plugin architecture. Each plugin runs in an isolated Dynamic Worker sandbox with capabilities declared statically in a manifest, limiting blast radius to only explicitly granted permissions rather than full database and filesystem access as in WordPress. EmDash deploys to any Node.js server or Cloudflare, includes built-in passkey authentication, a remote MCP server, x402 payment support, and WordPress import tooling.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linx.security%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/_v7xMp_JlwDg-Nn6zojR2W_nMGbeI5kzyqa2z6_koEw=451">
<span>
<strong>Linx Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Linx Security offers an identity security platform that maps and monitors human, non-human, and agentic identities across enterprise environments, using real-time detection and automated remediation to cut manual oversight and close lifecycle blind spots.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fafshinm%2Fzerobox%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/D-1EDudPr1sBubkKkPPrauAUSa-PVxsGNpYEK9CC9bI=451">
<span>
<strong>Zerobox (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's runtime. Sandbox any command with file, network, and credential controls. This is a new tool that was created within the last two weeks and should be used with caution.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F8petJE/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/sco5YZ9evay-DMIjnWJrPdO27p2_wbYd5s2Qvnatatk=451">
<span>
<strong>Linx Security Raises $50 Million for Identity Security and Governance (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Linx Security raised a $50 million Series B led by Insight Partners alongside Cyberstarts and Index Ventures, bringing total funding to $83 million for its AI-native identity security and governance platform. Founded in 2023, the New York-based startup maps, monitors, and governs human, non-human, and agentic identities across enterprise environments through its Autopilot AI agent, which provides real-time threat detection and automated remediation with minimal manual oversight. The funding will be directed toward product development, go-to-market expansion, and growing its global footprint.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F02%2Ftrojanized_claude_code_leak_github%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/kNlqFGpKTklUiReAewQR85uarnChpknIaXeP6vXwV8A=451">
<span>
<strong>Fake Claude Code source downloads actually delivered malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
According to Zscaler's ThreatLabz, a GitHub repository from user idbzoomh surfaced as a top Google search result for "leaked Claude Code," masquerading as a leaked TypeScript source for Anthropic's CLI. However, the available .7z downloads actually contained a Rust-based dropper that deployed Vidar v18.7 to harvest browser history, credit card information, and credentials. The infection also included GhostSocks, a tool that repurposes compromised systems into proxy nodes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fobjective-see.org%2Fblog%2Fblog_0x87.html%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/CZfCHZrGCZpvBcbjrMEw5PcVh2ETcJ6wbkE4tQvXmnA=451">
<span>
<strong>No Paste for You! Reverse Engineering Apple's ClickFix Protections (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Patrick Wardle reverse-engineered the ClickFix protection in macOS 26.4, linking it to two undocumented Endpoint Security events and revealing details like source and target processes along with clipboard contents. This protection requires a System Integrity Protection check, which prevents third-party tools from accessing the same kernel-level authentication used by Apple. Without a public Endpoint Security paste event, defenders must rely on less reliable keystroke monitoring methods.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fapple-pushes-rare-ios-18-patch-darksword-exploit%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/U34MtugD0UpOqBCWWrJNmp6QqCIyOdDDERixQLcoZ88=451">
<span>
<strong>Apple Pushes Rare iOS 18 Patch for Devices at Risk from DarkSword Exploit (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple backported iOS 26 defenses to iOS 18 after DarkSword, a publicly leaked zero-click iPhone exploit chain targeting older OS vulnerabilities, was released on GitHub, making it accessible to low-skilled attackers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FVTurZX/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/kDlN56HFInK17LgMes2oGZNq4JpiG4j9jUkLZufLfzo=451">
<span>
<strong>Nacogdoches Memorial Hospital Data Breach More Than 257,000 Individuals (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Nacogdoches Memorial Hospital (NMH) in Texas disclosed a breach affecting 257,073 people, exposing names, SSNs, dates of birth, medical record numbers, account numbers, health plan beneficiary numbers, and facial photographs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fmicrosoft-whatsapp-attachments-backdoor-windows-pcs%2F%3Futm_source=tldrinfosec/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/cmftxjTXuxeVcZuR9U_6xjERbAMykibcDvCB1Jpy8kA=451">
<span>
<strong>Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft Defender researchers warned of an active campaign since late February delivering VBS files via WhatsApp that chain through renamed LOLBins (curl.exe as netapi.dll, bitsadmin.exe as sc.exe), pull second-stage payloads from AWS S3, Tencent Cloud, and Backblaze B2, disable UAC via registry modification, and install unsigned remote access tools such as AnyDesk.msi to establish persistent backdoor access.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/D_DrWtk8IR9cCCfvXSOkYV6aLGdD4UXo5WTqBgBZUAo=451" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/VEKGbD_4abYHQExtO0LT5gC428jblGSbBpUtCmvXVB4=451" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/z_6PdJ1Lybt7SLQtHKxXFlnSpRENUZAjVxrSNHxpsS4=451"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/bPYnin3VDZ7vCXl-FM07rSp4Is4b9qB5LKVHEuY5u4k=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/MKYVRbRW4-Jb4SuQsACEjT999Ci4u04qTAkLFvibqnA=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/AjrC8kRr811I_DRpvQgVwPnIOdRbMlfzMjDPgPAGu0E=451" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/lgHUWRXS06KhCPoMLZp43hf-Jlaigi2wpVtf8CGEdC0=451"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/6XGOfu5UVYVu4e6fZGD0EvYR4BAvj5PuDwswHebp25g=451"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/yDtLV8aAc0jR1NurduCv8z7ASrXcaETUEz7QzwfNqwg=451"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/VmhU-oxM6iklFIlZfIIaL-XBkrIRfMlJbBU6OBBXpUI=451">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=83910d98-2f46-11f1-af70-a75ea2c6a708%26pt=campaign%26pv=4%26spa=1775221305%26t=1775221624%26s=36623a3f173f195213b228dd4ea7104acccb9f94d7828f7279c4875497649734/1/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/6r4ky6ylGs7yoKePKhZMlOoX5JQ3sF4smrjHuZYNo58=451">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d53744ebe-53f0307b-e464-4454-b143-5cb5e06e1045-000000/qCMdzfDMu3HKz3TRZqoaVViQLlDemHn9LpwsiCpxnB0=451" style="display: none; width: 1px; height: 1px;">
</body></html>