<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Researchers using Claude AI discovered a flaw in Apache ActiveMQ Classic that had gone undiscovered for 13 years. The flaw allows attackers to force β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/zVBlvoJdrLANSuxfDhbr1LG32isG9szdUdVYSWzD7cM=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/GbUGPld6TU-bo8UwnXZRUOJE-v4nIPzrfiE4CImxZs4=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2583a334-36ec-11f1-88b3-550df3c1879c%26pt=campaign%26t=1776085639%26s=aced0fb8dfeb1a714c4fcc919b41a1ae95b02e51fcaaca5d92d0231af0c9249c/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/VSeWqzsqnoPitZEbGWNdwpJwP8ZTzgA5oiCD4d6CXio=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwhitepaper%2F2026-annual-threat-report%2F%3Futm_campaign=41628690-26q2_annual-threat-report%26utm_source=tldr-newsletter%26utm_medium=email%26utm_content=26_annual_threat_report/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/qXRI0HGET8vkiUsZsseLKUqBhWC7yJoS97JBeiAfwtk=452"><img src="https://images.tldr.tech/blackpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Blackpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-04-13</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwhitepaper%2F2026-annual-threat-report%2F%3Futm_campaign=41628690-26q2_annual-threat-report%26utm_source=tldr-newsletter%26utm_medium=email%26utm_content=26_annual_threat_report/2/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/ELTjMk7cyqARWq2lzEUG0a5dm8HMp5av7_Eo0hC6owk=452">
<span>
<strong>AI is finding zero days... but today's attackers don't need them (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers don't need zero-days to get in. Most start with trusted workflows and exploit human behavior, not software. <p></p><p>Blackpoint Cyber's <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwhitepaper%2F2026-annual-threat-report%2F%3Futm_campaign=41628690-26q2_annual-threat-report%26utm_source=tldr-newsletter%26utm_medium=email%26utm_content=26_annual_threat_report/3/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/TWBb8nMlKiU1HS_DNPQeiL0uhsc1zWfiP8TdLs21u10=452" rel="noopener noreferrer nofollow" target="_blank"><span>2026 Annual Threat Report</span></a> breaks down real-world incident data to show:</p>
<ul>
<li>Why valid credentials are now a primary entry point</li>
<li>How remote access tools are being used as part of the attack chain</li>
<li>The role<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwhitepaper%2F2026-annual-threat-report%2F%3Futm_campaign=41628690-26q2_annual-threat-report%26utm_source=tldr-newsletter%26utm_medium=email%26utm_content=26_annual_threat_report/4/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/bRQlsyPfhEGyhOea8pbuRqjQ1z5tlLfa9ldZrn-UZ6I=452" rel="noopener noreferrer nofollow" target="_blank"><span> fake CAPTCHA and ClickFix attacks</span></a> are playing</li>
</ul>
<p>If your security strategy is still focused on stopping malware, you're missing where attacks are actually happening.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackpointcyber.com%2Fwhitepaper%2F2026-annual-threat-report%2F%3Futm_campaign=41628690-26q2_annual-threat-report%26utm_source=tldr-newsletter%26utm_medium=email%26utm_content=26_annual_threat_report/5/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/Az4c2JL81PplCUnwMM8KpKQZhFisqCWpzokrwlU5c5w=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the full report >></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEI2RA8/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/LVKGKnpDX3_sD31Al0USAOEwhpuAiQqKVfMv2s_vp_k=452">
<span>
<strong>New βLucidRook' Malware Used in Targeted Attacks on NGOs, Universities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
LucidRook is a Lua-based backdoor that targeted Taiwanese NGOs and universities via two October 2025 spear-phishing chains: an LNK-based chain where a password-protected archive drops a decoy government letter alongside a LucidPawn dropper that DLL-sideloads LucidRook via a renamed Microsoft Edge executable, and an EXE-based chain using a fake Trend Micro installer to achieve the same outcome. Once running, LucidRook fetches a second-stage Lua bytecode payloads from C2 (hosted briefly and removed post-delivery to hinder forensics), collects system reconnaissance data, RSA-encrypts it into password-protected archives, and exfiltrates via FTP, while a companion tool LucidKnight abuses Gmail GMTP for data exfiltration. Defenders should hunt for DismCore[.]dll sideloading, outbound FTP from non-server workloads, and anomalous Gmail API traffic from endpoints as initial detection anchors.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fb08sTl/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/G7abSwM9SNuGt3O_6Sozig-wACtz4nX6eDOGLApNRBs=452">
<span>
<strong>13 Year Old Bug in ActiveMQ Lets Hackers Remotely Execute Commands (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers using Claude AI discovered a flaw in Apache ActiveMQ Classic that had gone undiscovered for 13 years. The flaw allows attackers to force the broker to fetch a remote Spring XML file and execute arbitrary commands during initialization. The vulnerability normally requires authentication to exploit, but on versions 6.0.0 to 6.1.1, it can be chained with another vulnerability to achieve unauthenticated RCE.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FP9n6S3/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/gK7ctNd1l1Gh3sgi0mJ3Rb0P1zjLdrqEutWHv7LpLGU=452">
<span>
<strong>Critical Marimo Pre-Auth RCE Flaw Under Active Exploitation (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Python notebook environment Marimo announced a new unauthenticated remote code execution vulnerability affecting versions 0.20.4. The vulnerability arises from the WebSocket endpoint exposing an interactive terminal without authentication. Researchers from Sysdig reported that attackers developed an exploit based on the announcement and began scanning for vulnerable systems and exploiting them within 12 hours.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fintel.breakglass.tech%2Fpost%2Fapt41-winnti-elf-cloud-credential-harvester-alibaba-typosquat%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/f2Ies1sOeghiufu5XBbX8RQzx8dSEFlphesgqrve5a4=452">
<span>
<strong>APT41 Winnti ELF Cloud Credential Harvester: Alibaba Typosquat Infrastructure & 6-Year Lineage (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A zero-detection (0/72 VT), stripped x86-64 ELF backdoor attributed to APT41 (Winnti) targets Linux cloud workloads across AWS, GCP, Azure, and Alibaba Cloud, harvesting IAM/managed identity credentials via metadata APIs, AES-256 encrypting them, and exfiltrating over SMTP port 25 to a C2 server at 43[.]99[.]48[.]196 (Alibaba Cloud Singapore) behind three NameSilo-registered typosquat domains (ai[.]qianxing[.]co, ns1[.]a1iyun[.]top, and ai[.]aliyuncs[.]help) that evade Shodan/Censys via selective EHLO token validation. The implant achieves peer-to-peer lateral movement through UDP broadcasts to 255.255.255.255:6006, representing the latest stage in a 6-year Winnti ELF lineage progressing from PWNLNX (2020) through KEYPLUG (2023) to this purpose-built cloud credential harvester. Defenders should alert on outbound port 25 from non-mail workloads, UDP 6006 broadcast traffic, reads of ~/.aws/credentials and equivalent cloud credential paths from non-standard processes, and enforce IMDSv2 on AWS to block unauthenticated metadata API abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.calif.io%2Fp%2Fclaude-humans-vs-nginx-cve-2026-27654%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/lXr2sslXfLuG0rUp60c0qyiSb0C-efNSlP6OgCdBr0w=452">
<span>
<strong>Claude + Humans vs nginx: CVE-2026-27654 (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-27654 is a heap buffer overflow in nginx's WebDAV module that is triggered when the Destination header is shorter than the location prefix, causing an unsigned underflow. It requires a non-default config with ngx_http_dav_module, alias, and dav_methods COPY or MOVE. Claude found the bug and wrote the initial crash PoC. Three researchers then built two more variants: one achieving arbitrary file write, another reading /etc/passwd with a single COPY request. When the nginx fix went public on March 24, an AI commit-watcher produced a crashing PoC the same day.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsublime.security%2Fblog%2Fhow-we-built-high-speed-threat-hunting-for-email-security%2F%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/Ip6rETa2tHbY8hczeYisyQvgLi_rabhYimUwX3hNANs=452">
<span>
<strong>How We Built High Speed Threat Hunting For Email Security (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sublime Security utilizes a domain-specific language called Message Query Language (MQL) to enable both historical threat hunting and detection backtesting in its email security platform. Sublime splits hunts into a candidate selection phase and an evaluation phase so that cheap MQL operations can be run first, and only after results are pruned are expensive operations run. The article shows how a hunt progresses using a sample query searching for all unsolicited messages with PayPal invoices attached in October 2025.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsalesforce%2Furl-content-auditor%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/fOZlQIQWHQSfKgxkgveJflDKUF8LuMzXukYBh14s5sY=452">
<span>
<strong>url-content-auditor (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Salesforce's url-content-auditor is a Python-based security auditing tool that systematically downloads images, PDFs, and video files from publicly accessible URLs and passes them through Google Gemini (gemini-2.0-flash-lite) to detect exposed PII, credentials, financial records, and confidential documents - outputting findings to a CSV audit report at approximately $0.00013 per image. It handles both direct HTTP downloads and JavaScript-rendered pages via Selenium, with configurable parallel workers, automatic sampling for large URL sets, and support for CSV or plaintext URL lists as input.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fbackbay-labs%2Fhush%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/iEWx7NXfjt8CbOyPCCWso7sYhhPkzn2KrcZYfWl4OU0=452">
<span>
<strong>HushSpec (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
HushSpec is an open policy format for AI agent security rules. It defines what an agent may do at runtime, including filesystem access, network egress, tool usage, secret detection, and more, without prescribing how those controls must be enforced.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FgabrielPav%2Faws-preflight%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/PuVDhjpih1bEWp2R4htFWfM9p5ccnHJmJ-ilk71tIU8=452">
<span>
<strong>aws-preflight (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
aws-preflight is a security linter for AWS CLI commands.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FFwWCu5/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/khGMi8a1poHJKnimhpH3TcMSEI5LkjrHM1akz1xRvRc=452">
<span>
<strong>Google Rolls Out End-to-End Encryption on Mobile Devices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google announced that end-to-end encryption is now available on all Android and iOS devices for enterprise users. After admins enable the feature, users will be able to turn on Advanced Encryption and send encrypted messages directly from the Gmail app.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Ffbi-recover-deleted-signal-messages-iphone-notifications%2F%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/Ej29qTaBAAYzBypwsqu1ehXFcXUV2ebMFFrqxBRfcD4=452">
<span>
<strong>FBI Recovers Deleted Signal Messages Through iPhone Notifications (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In an April 2026 Texas trial, the FBI revealed it used Cellebrite to extract Signal messages from iOS push notification databases, which persist even after the app is deleted. This can be mitigated by setting Show Previews to Never in iOS notification settings and disabling notification content within Signal itself.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FByKNc6/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/Be7urAVJG5EiJzxxNaI2h4RYfbq3cgsW1qAhESu3RHA=452">
<span>
<strong>MITRE Releases Fight Fraud Framework (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
MITRE's Fight Fraud Framework (F3) is a public knowledge base that describes fraudster tactics, techniques, and procedures, including cyber-enabled schemes over online channels. F3 extends ATT&CK with new positioning and monetization tactics, and refines several existing ones.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthetechportal.com%2F2026%2F04%2F12%2Fxs-standalone-chat-app-xchat-listed-on-app-store-expected-to-launch-on-april-17-for-iphone-and-ipad%2F%3Futm_source=tldrinfosec/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/9q2NvgtwLSIi5o-UpLnS9Ck_vqxYOBZvSo3lOClHfiU=452">
<span>
<strong>X's Standalone Chat App βXChat' Listed on App Store, Expected to Launch on April 17 for iPhone and iPad (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
X's forthcoming standalone messaging app XChat has been listed on the App Store ahead of an April 17 iOS launch.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FT3M9yC/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/pm-XAlLrUetxlsFc9WfKdNrG2gAZpkakfcbeDmXkWAU=452">
<span>
<strong>Detection as Code Home-Lab Architecture (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The author of this post built a home lab for practicing detection engineering using two physical Dell servers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/xwBo97cz0binGQKfNzJPAiLTg6CGy6I16JdAtjfqkp0=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/Jgrax1QThme6nrbzeXHjfa8kK6aPi3-QWH4PdwX10RE=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/cCVXS_PJoks4BXBAVvvH4Ls0s8N3uonQrTl1-FMHO2Y=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/OP3tctdv1hYO7ffQ1eq_wQz7BIenMA4OlPpPQiVhFbU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/iw6Kk6eqWvr3AG4VIFQVrRbtXoVq_vDS3P7kpMuMdPA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/oZpARFbZzXuorIBXQMScuoKsXLrJ3pFDaSIpWGCwWN4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/menoxJNSaFlsCT0CjSZG62-zmQ5l1nZxhd3XZNGI4fM=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/MeaTJ-x2FuNyf_63SNAzdjZEp84tvciBCMcpCwdtfH8=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/HWkPqAq08SYgoC8S3cAFzNi4mwVqy3iNE595yfVy0uI=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/jos8GaU8SngNhyaz5Q77r2mQq_Ccaa_vA5oN-YOnQlQ=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=2583a334-36ec-11f1-88b3-550df3c1879c%26pt=campaign%26pv=4%26spa=1776085296%26t=1776085639%26s=ff83b98c9ee8ff02be7126cc3eaad2d00997579ddea514578cd49b9b3d419569/1/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/RIsE9xH5nrZTENoXQWOnxtsxKegJF4tuXcxYL4Yri8o=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019d86f42172-49dd472c-13b8-46fa-b99e-a6079508eec9-000000/gKS8BuTUnC38TLVE8u9tBkECOfO7eiaMflQUHDjv-no=452" style="display: none; width: 1px; height: 1px;">
</body></html>