<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Hardcoded Google API keys in Android apps now authenticate to Gemini, exposing developer resources on Gemini and any uploaded user content β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/9b7nNA2GKDGZ_DhArpYPiHIdIMw_-0qVCsr61W66WZk=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/Wm_DiM-BugH7m21sWhEhAkKOQAr_citcMUGuk7tbYkU=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ad98382a-349e-11f1-b0c8-390e29d6fb1a%26pt=campaign%26t=1775826449%26s=be692627792367f2fa70017617781d979738390010c021f32727bb75ae42cc06/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/ilcf8gmLfPez3xP3aVVKigMU-uR_N-gfHnUTE-Was6g=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-10</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FxbMz5b/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/L0xTsDrvd3GHmwT4UvpP8Le0pIymzIH9vKtt4Q_UVwM=452">
<span>
<strong>Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Hardcoded Google API keys in Android apps now authenticate to Gemini, exposing developer resources on Gemini and any uploaded user content. Attackers can pull keys from decompiled APKs, access cached files and documents, make arbitrary Gemini calls, and burn through quotas.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F190570%2Fdata-breach%2Feurail-data-breach-impacted-308777-people.html%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/6RSvP1RTRc1lblyRlxZAGgd3FIIkra5ZQIJgAWOnaqw=452">
<span>
<strong>Eurail data breach impacted 308,777 people (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Threat actors breached Eurail B.V. on December 26, 2025, exfiltrating names, passport numbers, dates of birth, IBANs, health data, and travel reservation details belonging to 308,777 customers β including DiscoverEU program participants β with stolen data later surfacing for sale on the dark web and samples shared on Telegram. The two-month gap between breach and victim notification reflects the delayed forensic review timeline, though Eurail confirmed it does not store payment card data or passport scans. Affected customers should rotate the Rail Planner app and linked account passwords, monitor for account anomalies, and alert their bank to potential identity theft risk.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurityaffairs.com%2F190558%2Fhacking%2Fmalicious-pdf-reveals-active-adobe-reader-zero-day-in-the-wild.html%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/Mb03vhQTz9iD7Dhheq5U9XW3VZ5aHQFu7NkXXUv5FHs=452">
<span>
<strong>Malicious PDF reveals active Adobe Reader zero-day in the wild (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Expmon founder Haifei Li uncovered an unpatched Adobe Reader zero-day vulnerability that has been actively exploited in the wild since at least November 2025. The attack exploits privileged Acrobat JavaScript APIs, specifically util.readFileIntoStream() for exfiltrating local files and RSS.addFeed() for beaconing stolen data and retrieving malicious scripts. The malicious documents contain Russian-language content related to the oil and gas sector, and a new variant connects to 188.214.34.20:34123, indicating an advanced persistent threat campaign that profiles targets before choosing between remote code execution or sandbox escape payloads.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Fquantum-computing-industry-timeline-threat-accelerating%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/jRvPGxkyBW0Tn8WOQZxBs5nhoRHL87O0TvtmaF0B4Nc=452">
<span>
<strong>Why is the timeline to quantum-proof everything constantly shrinking? (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Converging research from CalTech/Oratomic and Google's Quantum AI division has slashed the estimated qubit threshold for breaking classical encryption from millions down to as few as 10,000, with a viable machine potentially operational before 2030 β compressing what a theoretical two-decade planning horizon was into an active deployment concern. "Harvest now, decrypt later" operations and China's accelerating quantum investments (including the commercial deployment of the 100-qubit Huanyuan 1 system) are the primary drivers of threat, pushing organizations like Google to accelerate post-quantum migration. Security teams should treat NIST-vetted post-quantum algorithm adoption as an active program rather than a roadmap item, with particular urgency for long-lived encrypted data, blockchain infrastructure, and any systems where key rotation is operationally complex.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.jdsupra.com%2Flegalnews%2Fwhen-geopolitic-events-disrupt-the-5854625%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/W7OC97JsdwTStqxPK48UcpUTHeoLii__NeSrf_Rovtw=452">
<span>
<strong>When Geopolitical Events Disrupt the Cloud: Insurance Coverage for Data Center Supply Chain Losses in a New Era of Conflict (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Geopolitical disruptions β maritime incidents, energy grid instability, and state-linked cyberattacks targeting AI infrastructure β now represent a credible and systemic trigger for data center losses that extend well beyond an operator's own physical footprint. Service interruption and contingent business interruption (CBI) coverage are the primary policy mechanisms at play, but insurers are expected to contest claims by narrowing "dependent property" scope and invoking war or cyber exclusions where attribution to a state actor is alleged. Data center operators should audit CBI provisions for supply chain depth, scrutinize war and cyber exclusion language for ambiguity carve-backs, and frame any geopolitically-linked claims around causation specifics before insurers establish the narrative.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftrent.ai%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/LxLZ4ppdXjpFVKNjOysfNoEG5mJQgyk1fJpxvAaTNaE=452">
<span>
<strong>Trent AI (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Trent AI has built a layered security platform for AI agents that plugs into existing development workflows, scans code and infrastructure for issues, applies patches, tightens configurations, and then rechecks everything while systems run in production
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fislandbytesio%2Fcommit_comprehension_gate%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/FwvE6JJybzbzrvwU0OcOzxQ0KbWOC9Uj9-BqzKyQN1s=452">
<span>
<strong>Commit Comprehension Gate (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Commit Comprehension Gate is a GitHub Action that blocks PR merges until the author demonstrates understanding of the code they're shipping β Claude generates three multiple-choice questions from the actual diff, and the commit status remains pending until all three are answered correctly. Questions are embedded directly in the PR comment, with no external storage required, and pushing new commits regenerates a fresh question set. Draft PRs are skipped automatically, and maintainers can bypass the gate via the GitHub API. Typical cost is $0.05β$0.10 per PR using claude-opus-4-6.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F04%2F08%2Fhack-for-hire-group-caught-targeting-android-devices-and-icloud-backups%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/HDLzsS5bQ5z1kE77TN7mWpgbbSqyhRtjrQ9TXfQRHPc=452">
<span>
<strong>Hack-for-hire group caught targeting Android devices and iCloud backups (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Access Now and Lookout exposed a hack-for-hire campaign targeting journalists, activists, and officials across the Middle East, North Africa, the UK, and potentially the US. Attackers phished Apple ID credentials to access iCloud backups, and deployed spyware called ProSpy disguised as Signal, WhatsApp, and Zoom. The group has ties to BITTER APT and possibly Appin, an Indian hack-for-hire firm.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F04%2Flinkedin-scanning-users-browser-extensions-sparks-controversy-and-two-lawsuits%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/ez9mUUtxR_LXy4soHQYWe11hutJOKZAV9jsoEBvPdGo=452">
<span>
<strong>LinkedIn scanning users' browser extensions sparks controversy and two lawsuits (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LinkedIn scans Chrome and other Chromium browsers for thousands of extensions tied to scraping and competitive tools, triggering two California class actions over undisclosed tracking, data sharing, and sensitive-profile inferences. The company cites anti-abuse defenses and a prior win against Teamfluence, while plaintiffs frame the practice as covert surveillance that bypasses meaningful user consent and privacy protections.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2F2026%2F04%2F09%2Fsecurity_researchers_tricked_apple_intelligence%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/Jlmm6nhar5AIU8DI1YC8oHrO0L2wDDIBQT5DbpdGGmQ=452">
<span>
<strong>Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
RSAC researchers hijacked Apple Intelligence on supported iPhones using a Neural Exec promptβinjection attack plus a Unicode rightβtoβleft override trick. They encoded malicious English output backwards, bypassed Apple's filters, and got 76 of 100 prompts to execute, including abusive replies and silent actions like creating or renaming contacts to gain trust on a victim's device.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FWDPlzS/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/zZk4RWNnpzkW4IwFzNd-Ay4_ipe_b2o8KbHIBzJn-DY=452">
<span>
<strong>AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HackerOne halted new submissions to its Internet Bug Bounty after AI tools flooded programs with low-value reports, outpacing volunteer maintainers' capacity to triage and fix issues.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Firan-attackers-industrial-ot-government-energy-water-censys%2F%3Futm_source=tldrinfosec/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/SOYGN1tPGxBeODVRO0OcDp0q3nxUUEQRb5UW7eY-0KU=452">
<span>
<strong>Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Censys identified 5,219 internet-exposed Rockwell Automation/Allen-Bradley PLCs following a joint FBI/NSA/CISA/EPA/DOE/USCYBERCOM alert.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/0PG43NvZ45mpTFup1IudknXJwYcRRcQodLClj__34c8=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/44_z86FuJra5ih1GAALCMGrzm5RC-ZK4iqKVgFqzkhA=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/3kkgUXdAdtw9xU_pydi7VybcKGVPKd-_oreQP2OxjsE=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/V00eYc1pZNIwhcEd_n5GXOzHWymSrMzTI9ToQhTIfEU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/WYYL4koYk2QJjiPC2bwha3AkEdjT4vS6-md2l48JwZ8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/mUaEh6aTI3sPnIkOV55TlqCVQ5Zz1Z1dT4U6IyB4R-g=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/9td1SA5BKj_PF6EaU8A5a1VCq2hIRwYJ-JE8j95PAcM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/xNYUulxGyxfv0-9t05cNVt45JE2zelFF8-OBLTTjoSI=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/feXJi0pP9fmGiJLWhBPd3Q_YsOQ6CpcKyuidiCr6EAo=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/U6w6LC33WaqOFHUPq68qdqYH0vF1GZnO0XmJBZiXz0Y=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=ad98382a-349e-11f1-b0c8-390e29d6fb1a%26pt=campaign%26pv=4%26spa=1775826121%26t=1775826449%26s=4e629176985e4f26938d51d5d64b8039470f47dae4fbfcff2fd91c452c2a0a59/1/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/F2Dg5ajqeoMCNX4Df0SkjTT8fKSs7sZ85sJaVvel99I=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d7781337d-c85d8656-b8e6-4b81-a5b9-2988de15a58b-000000/6KuJKUjH7I0Byp-s24HUHAgg9498vBdEelLMyW0jMnM=452" style="display: none; width: 1px; height: 1px;">
</body></html>