<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A new Shai-Hulud variant dubbed "Miasma" backdoored 32 packages and 96 versions under Red Hat's @redhat-cloud-services npm namespace β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/XzaMRFFrGGKKcidd5QFrpzVm6VJFwCHNYbY0rWMt6tI=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/3IbP4RMDF-blCMlYSoaetXyZ2JSc5fRPr7TfNiDyWo4=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=564e1dcc-5f0b-11f1-a58e-35a19538953d%26pt=campaign%26t=1780492020%26s=02f10a37e5b866bcc5bd8d79b826cd90dcf779a62275b40a9f3df909132a1f2c/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/VA8lkCiexVeu0xiWGm4HMXt20VUoJsPFZTp73y8GNSo=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsentra.io%2Fdemo%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr-infosec%26utm_content=ai-data-readiness_header_you_cant_stop/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/7kpDfMzPPkccclWUd2i-Ee2yCTEXWO6FH-H91mzN_OM=452"><img src="https://images.tldr.tech/sentra.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Sentra"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-03</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsentra.io%2Fdemo%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr-infosec%26utm_content=ai-data-readiness_header_you_cant_stop/2/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/HyAhJGGcJl9LMODbkJWDgHtVq7VSyE5DBwY1FwoOOE8=452">
<span>
<strong>You can't stop agentic AI - so you'd better secure the data that's feeding it (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security teams are finding out the hard way: when you give AI agents access to data, they inherit years of overpermissioned files, shadow datasets, and unclassified content.<p></p><p>You can't block AI adoption. But you can use <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsentra.io%2Fdemo%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr-infosec%26utm_content=ai-data-readiness_cta_sentra/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/RWZ1BzGbG9lbK7JqtNl3UN_R2gtEsgZ8ZfWKq_ag1Ws=452" rel="noopener noreferrer nofollow" target="_blank"><span>Sentra </span></a>to get a continuous view of the<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsentra.io%2Fdemo%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr-infosec%26utm_content=ai-data-readiness_cta_full_ai_data/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/kFEylvVIlhMejacKAiBFQb9aet9Vpt7DhH0sPXz-qj0=452" rel="noopener noreferrer nofollow" target="_blank"><span> full AI data surface, </span></a>and the tools to secure it:</p>
<p>β <strong>See the data AI systems can access:</strong> cloud, SaaS, on-prem</p>
<p>β <strong>Classify sensitive data at 98% accuracy</strong> (3rd-party validated)</p>
<p>β <strong>Eliminate ROT data</strong> before it reaches training / RAG</p>
<p>β <strong>Data never leaves your environment</strong></p>
<p>β
Trusted by Expedia, Lyft, NestlΓ©, Marqeta</p>
<p>β 4.9/5 on Gartner Peer Insights</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsentra.io%2Fdemo%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=tldr-infosec%26utm_content=ai-data-readiness_cta_ai_data_exposure/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/oIBGAGx8iFbF231ihodxArQpb-e-W2iE_rgC-ekGfFw=452" rel="noopener noreferrer nofollow" target="_blank"><span><strong>See your AI data exposure β</strong></span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fgw5VIA/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/vnBgJy0GoX4-17PnT7oMO3lf0Vcr1Aw4doVccfeFLKE=452">
<span>
<strong>Red Hat npm packages compromised to steal developer credentials (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A new Shai-Hulud variant dubbed "Miasma" backdoored 32 packages and 96 versions under Red Hat's @redhat-cloud-services npm namespace, totaling roughly 117,000 weekly downloads, after attackers compromised an employee's GitHub account and pushed commits that abused a GitHub Actions OIDC token to publish via npm's trusted publishing endpoint. The packages carried a preinstall hook executing a 4.2 MB obfuscated index.js payload that harvests GitHub Actions secrets, AWS, GCP, and Azure credentials, HashiCorp Vault and Kubernetes tokens, npm and PyPI publishing tokens, SSH keys, Docker credentials, GPG keys, and .env files, with 309 GitHub repositories compromised so far. Organizations that installed any affected version should immediately rotate all credentials, secrets, and tokens used on the infected device, as Red Hat states the compromise was confined to internal development tooling and never reached customer-facing console.redhat.com systems.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sentinelone.com%2Fvulnerability-database%2Fcve-2026-31525%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/6IiOYr4HYIpN38tmb5KIbtFIjxTL5a9OIAd2th_a4a8=452">
<span>
<strong>CVE-2026-31525: Linux Kernel Privilege Escalation Flaw (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-31525 (CVSS 7.8) is a Linux kernel BPF interpreter flaw where the sdiv32 and smod32 handlers call the kernel abs() macro on an s32 operand equal to S32_MIN, triggering undefined signed-overflow behavior that diverges from the verifier's abstract interpretation and lets a local attacker who can load BPF programs achieve out-of-bounds BPF map value access (CWE-787) leading to memory corruption and privilege escalation. Exploitation requires the interpreter path, which is active only when the BPF JIT is disabled or unavailable, affecting Linux Kernel 7.0-rc1 through 7.0-rc4. Apply the upstream commits introducing the abs_s32() helper, and as interim hardening set kernel.unprivileged_bpf_disabled=1, enable the JIT with net.core.bpf_jit_enable=1, and restrict CAP_BPF and CAP_SYS_ADMIN to trusted services.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FKSiv7G/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/nlu_wbstuvlVrnaXk_PHzJSuapvc4qvh_F-DudYWN44=452">
<span>
<strong>WordPress Malware Campaign Hides Payloads in Steam Profiles (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GoDaddy detected a new malware campaign that had infected nearly 2,000 WordPress sites. The malware uses Steam Community profile comments that contain hidden Unicode characters containing the malicious payloads. The decoded payload is used to build a malicious JavaScript file that is injected into every frontend page and is used to deploy a PHP backdoor.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farcis-website.pages.dev%2Fblog%2Fposts%2Fxz-utils-and-the-trust-shift%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/N4UzMJanq8b0SaT-S1UCdu3MDMhxGl8wUxAoE4mk0xI=452">
<span>
<strong>xz, two years on: what scanners still cannot catch (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2024-3094 was a maintainer-trust hijack rather than a code flaw, with "Jia Tan" spending two years earning co-maintainer commit rights before slipping a backdoor into the autotools m4 macros that generated xz-utils release tarballs, leaving the git tree clean so that lockfile-versus-CVE scanners returned clean right up until an engineer noticed a 500ms SSH login slowdown. The structural gap is that CVE-driven scanning answers whether a version is known-bad, not whether it is safe, and the same trust-hijack and postinstall-script shape recurred in the lottie-player and Solana web3.js compromises. Defenders should pin direct dependencies, enforce lockfile-diff review on every PR to catch unfamiliar contributor names and cadence changes, subscribe to a real-time feed like OSV, and pause upgrades when a package signals a maintainer shift, such as a new email, signing key, or sudden release burst.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.ammaraskar.com%2Fgithub-token-stealing%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/WUO3eKkRey8jibOzBPTFKqBCpiYY3F2RNqitvxMplkE=452">
<span>
<strong>1-Click GitHub Token Stealing via a VSCode Bug (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GitHub's github.dev editor runs a browser-based VSCode that receives a broad OAuth token from github.com, which can access all repositories the user can reach, including private ones. The token sits inside a large, complex VSCode web app, which makes the environment attractive for bug hunting and token theft. The write-up explains a VSCode webview security issue that lets a crafted link execute code in this environment and exfiltrate that GitHub token with a single user click.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresearch.eye.security%2Fdevice-code-phishing-forensics%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/aEnJlaB7YPPhL_8hJTs1FB0xzoIcNpmXX5uB3DW2fwE=452">
<span>
<strong>Device Code Phishing Forensics: What We Learned Investigating BEC in the Wild (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers describe a surge in device code phishing used for Business Email Compromise, where attackers abuse Microsoft's device code flow so victims enter codes on a real Microsoft domain while attackers capture tokens. They explain why forensics are difficult when attackers and victims share session IDs, and how to use Entra nonβinteractive logs and linkable token IDs to track attacker activity. They cover browserβextension detections for static and JavaScript phishing kits, Entra KQL detections, and Conditional Access policies that block or tightly limit device code signβins.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FSnailSploit%2FClaude-Red%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/n15JevlB-dTC6JLg8u_yUuBBaVbzOilo-HbytPOiji0=452">
<span>
<strong>claude-red (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
claude-red is a library of 58 offensive-security SKILL.md files across 13 categories that prime Claude's Skills system to act as a context-aware red team operator, with skills loading on demand from conversational triggers spanning web (SQLi, SSRF, deserialization), Active Directory (Kerberoast, ADCS ESC1-15), wireless, cloud, EDR evasion, exploit development, fuzzing, and AI attacks like prompt injection and RAG poisoning. The author positions it for authorized engagements, bug bounty triage, CTF prep, and operator training, with a seven-phase roadmap targeting roughly 107 skills.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fomkhar%2Fworkcell%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/zQqqdsK15mGPaOzr_nJLLlMkjcyagII2rMxf0odnWZk=452">
<span>
<strong>Workcell (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Workcell runs coding agents inside a bounded local runtime on Apple Silicon macOS using a harder container inside a dedicated Colima VM.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKingOfTheNOPs%2FTailscalehound%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/_fGhf9f4sJ6q-AYErkWlrlj2Ze6OHMGNIOwrLxeqm2g=452">
<span>
<strong>TailscaleHound (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
TailscaleHound is a BloodHound OpenGraph collector for Tailscale that collects tailnet users, devices, groups, tags, ACLs, grants, SSH rules, routes, and other data.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.securitynewspaper.com%2F2026%2F06%2F01%2Fa-single-web-page-could-spy-on-your-other-tabs-hidden-code-inside%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/UXU46Co25tenSLaywYiUBmsYh1wQVaN73z6xS8nY_Hs=452">
<span>
<strong>A Single Web Page Could Spy on Your Other Tabs β Hidden Code Inside (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
FROST (Fingerprinting Remotely using OPFS-based SSD Timing) is a browser side-channel where a malicious page writes a large file into the Origin Private File System, then uses performance.now() to repeatedly time reads of that file, inferring SSD contention caused by other tabs and applications. By correlating the resulting latency patterns, an attacker-controlled site can guess what else the victim has open, such as a banking session, and time a phishing popup to coincide with it, all using ordinary JavaScript without camera, microphone, or extension access. The technique frames OPFS and high-resolution timers as a privacy-leaking primitive, a reminder that timing side channels reachable from unprivileged web content remain a hard problem for browser sandboxing.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthedreydossier.substack.com%2Fp%2Fi-found-a-second-votegov-and-its%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/ZO5nCms0WIjs_BVSB0phobYKQn0696WLqiI0MfVukys=452">
<span>
<strong>I found a second vote.gov - and it's registered to the White House (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The Drey Dossier investigated the TrumpRx webpage and found a byline stating that it was designed by the National Design Studio, which was created by executive order and staffed by many ex-DOGE employees. National Design Studio is also redesigning many other agency websites, such as passport.gov and login.gov, with control no longer under the appropriate agencies. The report also noted that the TrumpRx page used PostHog to collect analytics, despite the privacy policy stating that it didn't.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FoAYGFi/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/tsd5sAH22u37cQQqXKzRp2M-uGeGAuj9nqHBvTb8ii8=452">
<span>
<strong>How One Line of Code Put Billions of Microsoft Android App Downloads at Risk (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A forgotten debug flag in six Microsoft 365 Android apps (Word, Excel, PowerPoint, Copilot, Loop, and OneNote) let any Android app request and receive Microsoft account access tokens. Attackers only needed about 15 lines of code inside a widely installed or updated app to silently steal tokens and reuse or refresh them over time. Stolen FOCI tokens exposed email, files, documents, communications, and calendars until Microsoft patched the flaws in May and pushed fixes via Patch Tuesday and Google Play.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fgamaredon-worm-ntfs-data-streams%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/-g-5LjKFSFTuNy8o0XCuSSxthJPLaE8_R3B6EQd7TPk=452">
<span>
<strong>FSB Group Gamaredon Hides Worm in Windows Data Streams (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sekoia attributes a fileless VBScript worm dubbed GammaWorm to FSB-linked Gamaredon.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F02%2Fanthropic-scales-claude-mythos-to-critical-infrastructure-in-15-countries%2F%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/gG3s98pw676j9ooH7Pu33O1G0WC7EfiPQVx16j7QK1g=452">
<span>
<strong>Anthropic scales Claude Mythos to critical infrastructure in 15+ countries (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic is extending Project Glasswing and access to its Claude Mythos model to about 150 organizations in over 15 countries.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F06%2F02%2Fmicrosoft-reaches-for-olive-branch-after-public-dustup-with-0-day-researcher%2F5249945%3Futm_source=tldrinfosec/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/tJaFRl-Kxy6F_xEdHE_KdSyGteXjWJeoW0QzOm6Rhkg=452">
<span>
<strong>Microsoft reaches for olive branch after public dustup with 0-day researcher (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft walks back earlier hardline language and says it will not pursue legal action against people who conduct or publish security research, reserving referrals for clearly malicious activity that harms customers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/aC3zMchN284QySW90CNhRoyYmfb1E3xCNYw5dFsKCT0=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/vb9PUIUW5NDO0QDUIuAVP49frOeOzCBoH63r7LExhGI=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/4cFVDY222lj7IHeyye7VzUlMMUwQeVKSSpS1R5k9w6o=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/7WvP4CyO0rCEuI96CNepSfOYQ_Cn5-m8o916mBzpYFs=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/Dw9VFmxWq2jIzN0vKOwddv2XCWsCDeCTF0bHwtrC4FU=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/kv8xAP4zR2OMNac73RuFx7qzqDB-7LBsE1SbPsTnpwY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/tgTi9a0OoEbbR_FfOommkvlI5_s1HTTnOJPiyYvrY_I=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/ALAnCPFsOO9ZovEFt9Ks8fEClLElsM-zIVkGpXm5VDY=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/4_pMab-UAdBLkFYHJAP1N5bDHUEHWTpyqRgvGh37SW0=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/C2w1RrgKgE3Z-dC8utzBmvAuAhUaXpkHP7f2jNuGl10=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=564e1dcc-5f0b-11f1-a58e-35a19538953d%26pt=campaign%26pv=4%26spa=1780491704%26t=1780492020%26s=a877327ee3caaf36f55fafa480ae04fa3cc0f9462cb23ec34e8beb931b55ede7/1/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/e0xJQZxU6mEreouJNZSuXd-x_iev2SBNKnsW1g4erB4=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019e8d982b7c-8ea3a25b-4c5c-4394-ab12-00217da89ae7-000000/Tp55B8zTzzdieZbK1YC05OLx2xlzvzCDf8Ahf630_CU=452" style="display: none; width: 1px; height: 1px;">
</body></html>