<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">C0XMO is a modular Gafgyt variant that propagates by exploiting CVE-2021-27137, an unauthenticated buffer overflow in DD-WRT router firmware </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/hROfw9PuOO8EGSof6knD2qfhEfL9KO_oVllpIRC9YGc=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/Mj5FxCeHutnle3vpqdbQYaMapKcK3ub-4mHHHaxBCik=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4413104e-6326-11f1-957e-7ffc6709c41d%26pt=campaign%26t=1780924035%26s=89147bdc23adb92a35a4483f224021da7058820e846ab97643b23266905bbb0d/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/v9JUY16ASmDL9wMVNSP2kfQRkTUTlQbFrEDa9KYeLAQ=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_header/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/HHP9IzgR-59C1-ZHorihUzsBA23BdNNwpEMrVL3mFmw=452"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-08</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_header/2/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/xIYfVZD37-P3nGEpkGIUggtD3WyT3IbesrRCHvkbwuo=452">
<span>
<strong>Learn how to manage SaaS sprawl with 1Password SaaS Manager. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Between chasing unsanctioned apps and fielding hundreds of tickets daily, it's no wonder IT teams are stretched thin. But 1Password SaaS Manager helps IT take control of their rapidly expanding SaaS landscape.<p></p><p>This on-demand webinar covers how to:</p><ul><li><strong>Gain visibility into apps employees use</strong> - whether IT purchased them or not.</li><li><strong>Control and optimize SaaS spend </strong>by identifying unused licenses and redundant tools.</li><li><strong>Stay ahead of contract renewals</strong> with automated tracking and alerts.</li><li><strong>Streamline user lifecycle management </strong>with automated workflows.</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_medium=paid_newsletter%26utm_source=tldr%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_cta/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/iBBnpqoyX4yawNsDARTgwlRutvq7iiy1U6EnQQyBZ_E=452" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fp0sWSN/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/mTUAbDOSWOcw7uuqwpQENSNIeNt5BdQ_FJj5vCIUnCI=452">
<span>
<strong>C0XMO botnet spreads via DD-WRT router flaw, kills rival malware (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fortinet identified C0XMO, a modular Gafgyt variant that propagates by exploiting CVE-2021-27137, an unauthenticated buffer overflow in DD-WRT router firmware that enables arbitrary code execution, and ships binaries for ARM, MIPS, PowerPC, SuperH, x86, and x86_64 to spread across DVRs, routers, video management platforms, and Android devices. It supports 19 DDoS methods, including UDP/TCP/SYN/ICMP floods, ping of death, NTP/Memcached amplification, and Discord and Valve-specific floods, while a downloaded Python scanner using requests, paramiko, and beautifulsoup4 brute-forces weak SSH and Telnet credentials across ports 22, 23, 80/443, 7547, 8080, 8443, and 8888. Persistence comes via copies hidden in /tmp/.sys, /var/tmp/.sys, and /dev/shm/.sys, plus cron jobs that relaunch every 15 minutes, and it terminates competing botnets, red-team tools, and interfering services before reaching its hardcoded C2 over a custom multi-stage handshake. Defenders should keep devices patched, set unique admin credentials, disable unneeded remote access, and hunt for the listed hidden paths, the 15-minute cron persistence, and unexpected scanning across those ports.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgbhackers.com%2Fcritical-unifi-os-auth-bypass-flaws%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/tVM2XKL1zndKQJf3fPKEqUrEe3bqH8GFRhbclhwzlbk=452">
<span>
<strong>Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ubiquiti's SAB-064 patches three CVSS 10.0 UniFi OS Server flaws (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) that Bishop Fox chained on 5.0.6 for unauthenticated root RCE via an Nginx auth-gateway bypass (raw vs normalized URI handling of %2f) into command injection in the package-update service, but since the patch leaves JWT verification unchanged, stolen signing keys still mint valid owner-scope tokens against patched 5.0.8 consoles, so admins must update (5.1.12 most Cloud Gateways, 5.1.10 UNAS, 5.1.11 Dream Machine Beast, and 4.0.14 UniFi Express), rebuild exposed instances, restrict TCP 11443 to a management VLAN, and rotate the JWT key, TLS keys, tokens, RADIUS secrets, and DB credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberpress.org%2Ffake-security-tools-spread-malware%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/tO9NrljPZxj87iquCZ6lt-Bbu66X41lO8wONwYsSBlE=452">
<span>
<strong>Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Security researchers recently uncovered a new malvertising campaign that uses Google Ads to trick users into downloading malicious versions of popular security software. The download pages are designed to mimic the official pages and even include links to the legitimate releases that, when hovered over, reveal the legitimate releases. However, scripts on the page dynamically redirect the user through a traffic distribution system (TDS) when clicked. Users are redirected multiple times before ending up on a download page for an infostealer.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fkasra.blog%2Fblog%2Fi-spent-1500-seeing-if-llms-could-hack-my-app%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/Kt9oY0zyNtB7lOR5nUffxxwMoGVBnG0XxG0eISZH2UI=452">
<span>
<strong>I built a vulnerable app and spent $1,500 seeing if LLMs could hack it (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher built a deliberately vulnerable Expo React Native book-review app with a Python backend, then ran ~20 LLMs as autonomous agents (via the pi harness with pi-goal-x, and Claude through Claude Code's -p mode) under a $10 and two-hour cap per run to find a flag hidden in private reviews. The intended path required decompiling the APK and pivoting to a misconfigured Firebase backend rather than chasing API IDOR, and solve rates reflected that: gpt-5.5 led at 7/10, deepseek-v4-pro hit 3/10, claude-sonnet-4.6 and claude-opus-4-8 each managed 2/10, and many models scored 0/10. The recurring failure modes are the defender-relevant takeaway, namely, fixating on API IDOR instead of recognizing Firebase, attempting to replay Firebase auth tokens against the API rather than hitting Firebase directly, and refusals (Gemini bailed immediately at ~9k tokens per run while Opus refused late mid-exploit), with the author noting Chinese models were notably more willing to attack the live database.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.pwndefend.com%2F2026%2F06%2F07%2Femail-security-an-enablement-journey-not-a-maturity-ladder%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/yAFxW_o2y-Bryt0cJz5y3ByGM1Ev6-jXlGECeVYr5ho=452">
<span>
<strong>Email Security: An Enablement Journey, Not a Maturity Ladder (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Drawing on Majestic Million data showing 57.1% of mail-enabled domains publish DMARC but only ~26% enforce it (p=reject or quarantine), this piece reframes email authentication as a sequence of capabilities unlocked rather than maturity tiers, and pins the real failure point at the jump from p=none reporting to enforcement, where 74% of organizations stall. The practical guidance is to flip DMARC to p=reject for a 70-85% cut in domain spoofing, then add MTA-STS (just 1.1% adoption despite a few hours of work), plus TLS-RPT and CAA for inbound SMTP encryption and control over certificate issuance, since that is where effort-to-impact peaks for most shops. DNSSEC at 6.75% and DANE at 0.73% are treated as regulatory or specialized-threat-model territory rather than universal requirements, with the closing argument being to fix what you are actually being attacked on, weak passwords, open directories, live spoofing, before defending against CA-compromise MITM that may never have been exploited against you.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEa4oc5/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/R7EqZG7CNNBdYCW3D3gdJo_LraL-P9NReD0kbH4XPz0=452">
<span>
<strong>An Introduction to Module Stomping (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Module Stomping overwrites the .text section of legitimate signed DLLs to hide payload execution within disk-backed memory regions, evading behavioral telemetry and traditional memory scanners. The attack loads a sacrificial DLL, locates an exported function via GetProcAddress, writes shellcode to that address with WriteProcessMemory, and executes via CreateThread, keeping the injection within a legitimate module's address space. Defenders should monitor for in-memory module divergence using verification checks that compare loaded module bytes against their on-disk images. Static API resolution obfuscation and PEB-walking techniques can extend this technique's operational lifespan against mature EDR platforms.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Fwebinars%2F150-hours-saved-in-one-month-inside-jamfs-it-ops-automation-strategy%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-secondary-0806/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/ZsdhH6ObAK4PQ8T19FPemC-mz7gGXQOQT39Ap6UGYC0=452">
<span>
<strong>150 hours saved in one month: Inside Jamf's IT Ops automation strategy (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Managing 500+ SaaS apps, thousands of devices, and a flood of help desk tickets with a lean team of 30 sounds impossible - unless you build smart. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.tines.com%2Fwebinars%2F150-hours-saved-in-one-month-inside-jamfs-it-ops-automation-strategy%2F%3Futm_source=TLDR%26utm_medium=paid_media%26utm_content=newsletter-secondary-0806/2/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/oRhmgj27hiimfdCyVH6idFfTVezogxKtB9wsL57tfRs=452" rel="noopener noreferrer nofollow" target="_blank"><span>Join Jamf's IT team live</span></a> on July 10th to see the real workflows and get the inside scoop on their IT automation program.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fjsmonhq%2Fapiffuf%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/Np9PS1pTalGLoheS457meVde2qoTDcf6UcQO10VnMx0=452">
<span>
<strong>apiffuf (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Go-based API URL fuzzer that cross-joins hosts and paths into normalized URLs (defaulting to https when no protocol is given), probes them over configurable HTTP methods with adjustable threads and rate limiting, and reports only responding endpoints with status code, Content-Type, Content-Length, and page title in text, JSON, or CSV output.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FOWASP%2Fcve-lite-cli%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/-X2Q-GBp1AJdxszN_j1ox9JiPVscDbZo3-ptBWWfI48=452">
<span>
<strong>CVE Lite CLI (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F06%2Fopenai-unveils-lockdown-mode-to-protect-sensitive-data-from-prompt-injection-attacks%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/MBtzhmfEi2V2kJS63Tb1QLY6hxWlyBiLq-6lAp6NJUQ=452">
<span>
<strong>OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenAI is adding Lockdown Mode to limit how ChatGPT handles untrusted content and to reduce the risk of prompt injection for sensitive data. It turns off live web browsing, external image retrieval, deep research, and agent mode.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjoshuasaxe181906.substack.com%2Fp%2Fwhat-it-was-like-working-on-llms%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/89RzB05qVVzxOW9KWl4NNz69dCheSo76XSdYlt76gB0=452">
<span>
<strong>What it was Like Working on LLMs and Security at Meta (2022-2026) (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Joshua Saxe reflects on his time at Meta with mixed emotions, describing it as a place to work with incredibly talented people but also as intensely competitive, where strong personal ambitions outweigh product concerns. Saxe believes that Meta's products, like Llama and AR/VR, are disconnected and lackluster because engineers feel missionless and jump on a bandwagon that will lead to career growth. Overall, Saxe enjoyed his time at Meta and was involved in creating AI security initiatives before leaving to start his own company.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthis.weekinsecurity.com%2Fmeta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/6TkijfIALpkrVrhJiueoOzCET-47fqjkNDKWKdnLlE4=452">
<span>
<strong>Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Meta has notified at least 20,225 people that their Instagram accounts were hijacked through a flaw in its AI-assisted account recovery system. A bug in a separate code path failed to verify that the email address supplied during a password reset matched the one on file, so the chatbot sent reset links to attacker-controlled addresses simply when asked. The campaign ran from roughly April 17 until early June and affected any account without 2FA enabled, granting takeover of the account and access to DMs, posts, contact information, and dates of birth. The incident is a cautionary case for automating account recovery without a human in the loop, with one observer noting the attack amounted to one AI being fooled by AI-generated verification media while no person was positioned to catch it. Meta has since disabled the chatbot, removed the offending code path, and begun auditing its other chatbots.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsecurity.apple.com%2Fblog%2Fformal-verification-corecrypto%2F%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/QZqgyxmOeGmtvfXQh2NfJfp6n8HzVH3teN4QsVb1LHk=452">
<span>
<strong>A Blueprint for Formal Verification of Apple corecrypto (10 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple decided to implement ML-KEM and ML-DSA in corecrypto to support post-quantum cryptography across its products. Apple wrote their implementation in portable C as well as ARM64 assembly to optimize some subroutines. To formally verify their implementation, Apple translated their C implementation into Cryptol and used SAW to verify that the model matches their implementation. The Cryptol model was then translated into Isabelle, along with the FIPS specification, to verify that they were identical. Finally, the assembly optimized subroutines were translated to Isabelle as well and verified to be identical to the C subroutines that they replace.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthreadreaderapp.com%2Fthread%2F2058658244328124562.html%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/4aiGrvwtD2K1wCxvyQNI6YQShxmjtF8M0ZIJstz07Uc=452">
<span>
<strong>Cursor Bypassed Dependency Cooldown (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A user on X shared a screenshot of their LLM using a command line flag to explicitly override a dependency cooldown in pnpm.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.thenews.com.pk%2Flatest%2F1404975-oxford-university-hit-by-second-data-breach-in-a-month%3Futm_source=tldrinfosec/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/ESVToIPkZqhcHvsxKozSa576zMKUmg4-Ra6UHg8-eo8=452">
<span>
<strong>Oxford University hit by second data breach in a month (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Oxford's CareerConnect platform was breached on May 28, exposing full names and email addresses for alumni, research staff, and recruiters.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FjYDjYK/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/ZKVYujW5NDUGnOFuGVmIdJ-ApY8sotIezDQxG7jeu70=452">
<span>
<strong>Silent Ransom Group targets law firms with fake IT support calls (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Silent Ransom Group (UNC3753/Luna Moth/Chatty Spider) has hit dozens of US legal and professional services firms since January using invoice-themed phishing followed by vishing calls impersonating IT staff to deploy AnyDesk, Zoho Assist, Bomgar, or SuperOps.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/VbipjGHU71YOw0jQJf_qguIxh8LYgq7yy_D9jCSc8ng=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/qcLbgOCOkei5roIRl1eCcDtN_477v4ve7I5llV-CgJQ=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/u7MlyPge2dSs4skL8drYcmlNu5ZCywe39GfFGbCAe00=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/XyFpEVa01K0sLY_vy8hklerkS5ANjQCgp-XR9jy0UEg=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/2broYvT97myea5zA38p9cZc0hMfyvar3AxxnrS8Mo_c=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/5XYpa9ATmw5MFktwh_kT-kAiY4ClTdYCzt38258mWTY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/m6nhhiIWSj1OCQcAteQxwtjkue6BfOtV72z39r5k7Cc=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/IlCn73ZHCf13byNWgmAE26HA6vKVdoRpt25Gphb2sJ0=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/rGSBhnnVzxrM1dPOcoY8o0cLi1cKEM0cwKv1Ir6_CYU=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/FWhpO3nsadY421UJNtblckrEli85teZbodYmh5RS51k=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=4413104e-6326-11f1-957e-7ffc6709c41d%26pt=campaign%26pv=4%26spa=1780923692%26t=1780924035%26s=edf075a28ca0c824e80d1d039426134dca80469336e6571d9d194aee99a1d045/1/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/Ew3RwqKCZ7AsM0xHFbYqIH0VjIvjreYSR_jhFuL5LvI=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ea7583025-35cac754-21a3-45dc-a483-46f978678f80-000000/FSOKRx8wFmzjjPOcqUhVNxz4GzttfFv8qccL4Ou1-Fs=452" style="display: none; width: 1px; height: 1px;">
</body></html>