<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-23111 is an nf_tables use-after-free bug in the Linux kernel that lets an unprivileged local user gain root and escape containers β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/Bu2vxhXPHNbnXF2qlNRq3HzWY2N7IIbLKpH8028A9SU=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/zP0WQhYfn8U7uXZzFw2SZ1uz07W-vhdzjnTkohKdRVc=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a43df398-64b7-11f1-84c3-c36ac332b121%26pt=campaign%26t=1781096846%26s=49861d172457165c5a064eb0ddcaf83287b6b6f2e7acc53ab7825dfaece1116c/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/kj737CjjkQQTkNfpFrF30tLVWI6lNe6coLR3aHaUkmA=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fidentity-centric-security-with-bitwarden%2F%3Futm_source=tldr_infosec%26utm_medium=email%26utm_campaign=34103600-TLDR%2B2026%26utm_content=061026_identity-centric-security_header_ai_agents_machines/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/9RWoOjpZEvPWO1ls2p_8ohyv7uNfhlvBYgv4eYuZFmA=452"><img src="https://images.tldr.tech/bitwarden.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Bitwarden"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-10</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fidentity-centric-security-with-bitwarden%2F%3Futm_source=tldr_infosec%26utm_medium=email%26utm_campaign=34103600-TLDR%2B2026%26utm_content=061026_identity-centric-security_header_ai_agents_machines/2/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/eOzdu8z20jakShcRKGrQkjl4ylYbQMrPclEM4KZjJ8k=452">
<span>
<strong>AI agents, machines, and remote clients are silently authenticating into your systems (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Most organizations have no unified view and no controls built to secure this.<p></p><p>Bitwarden changes that. One end-to-end encrypted platform for credential access across every identity in your organization.</p><ul><li>Uncover shadow AI being used without explicit IT approval</li><li>Least-privilege access, password policies, and role-based controls for employees and machines</li><li>Securely and easily share secrets across AI agents and machines. No hardcoded credentials, no exposed .env files</li><li>Just-in-time credential access for AI agents, with human approval every time</li></ul><p>Trusted by NASA, Bitdefender, and over 80,000 businesses worldwide. </p><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbitwarden.com%2Fgo%2Fidentity-centric-security-with-bitwarden%2F%3Futm_source=tldr_infosec%26utm_medium=email%26utm_campaign=34103600-TLDR%2B2026%26utm_content=061026_identity-centric-security_cta_machines_ai_agents/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/C05kQJ0CClFZke3eJkd8aI6BLxL8TmChh4KTbUPEogg=452" rel="noopener noreferrer nofollow" target="_blank"><span>Start a free Bitwarden trial and secure access across employees, machines and AI agents.</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Fone-character-linux-kernel-flaw-enables.html%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/sa2aP3pAc36RuGf8eX-NCT-PD5_T68LrrKUritC7BDA=452">
<span>
<strong>One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-23111 is an nf_tables use-after-free bug in the Linux kernel that lets an unprivileged local user gain root and escape containers on common desktop and server setups with user namespaces enabled. Exploits now exist for Debian, Ubuntu, and RHEL, so admins should prioritize kernel updates and consider restricting unprivileged user namespaces until patched.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FOpZzWh/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/jkc5a6wC-PnmI6tBFLRXj8eTMg3mVtfvI6VhdtpJsNo=452">
<span>
<strong>Check Point Links VPN Zero-Day Attacks to Qlin Ransomware Gang (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Check Point discovered a new critical vulnerability that allows remote attackers to bypass authentication on targeted Mobile Access/SSL VPNs, Remote Access VPNs, or Spark firewalls to establish a VPN connection. The vulnerability only impacts deployments configured to use IKEv1 key exchange, with security gateways that accept legacy Remote Access clients, and don't require a machine certificate for connections. While working on this vulnerability, Check Point uncovered another vulnerability in the IKEv1 certificate validation implementation, which could allow attackers to launch man-in-the-middle attacks.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecuritynews.com%2Fnew-magicad-android-malware-flood-device%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/7HTCpVUfIsTE7HCQ5ZYce9VGbfSybEOW2lTsER_ORAs=452">
<span>
<strong>New MagicAd Android Malware Floods Devices With Ads Bypassing Restrictions (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers have uncovered a new Android malware dubbed MagicAd that bypasses OS protections to flood the user's device with ads. The malware was hiding in more than 50 trojanized games on the Xiaomi and other app stores. Once installed, the malware uses a task scheduler to continuously restart its background service to continuously send messages to built-in apps to display the ads as banners.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.cryptographyengineering.com%2F2026%2F06%2F09%2Fapples-siri-ai-or-more-shouting-into-the-void-about-private-agents%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/hc5IBN0Vzpjb_9z5hRUTsWEUZuCrA5oZEbpyT-W0Gjg=452">
<span>
<strong>Apple's Siri-AI, or more shouting into the void about βprivateβ agents (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple's Siri-AI uses Google Gemini with Apple Private Cloud Compute and Google Confidential Inference. Private context from messages, email, notes, and calendars can improve scheduling and search. Useful agents can leak data when they query search engines or LLMs, and prompt injection in the inbox and on the web can steer an agent into sending private data. A final concern is reporting: an agent with data and messaging access can be configured to flag crimes or pass material to others.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.trailofbits.com%2F2026%2F06%2F03%2Fthe-sorry-state-of-skill-distribution%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/QXS8H-LptlQ6ZlL8w5myJJ6UPQOO61MWyl5zNyaomjA=452">
<span>
<strong>The Sorry State of Skill Distribution (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In an effort to better understand the state of agent skills, Trail of Bits crafted four malicious skills that could bypass the skill security scanners used by Cisco's skill-scanner, Vercel's skills.sh marketplace, and ClawHub. ClawHub's scanner could be defeated by inserting 10,000 new lines between a benign preamble and the prompt injection. The other scanners could be defeated by embedding a malicious payload as a docx or as compiled Python byte code.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhaltingproblems.com%2Fanalysis%2Fhades-cluster-pypi-startup-hook-compromise%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/Bul7e-93ZiGwWgoMNEoVIfx_l2QcnkCzACfInv1gcwE=452">
<span>
<strong>Hades Cluster PyPI Worm Abuses Python Startup Hooks (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
On June 7, Socket disclosed that attackers gained publishing authority over 19 legitimate scientific and deep-learning packages and uploaded 37 malicious wheels that drop a hades-setup.pth file into site-packages. These wheels exploit Python's path configuration hook to automatically execute _index.js via a bootstrapped Bun runtime at interpreter startup, without any explicit import by the developer. The credential stealer harvested AWS, GCP, and Azure cloud tokens, along with GitHub, npm, and SSH keys, exfiltrated data to attacker-created GitHub repositories labeled "Hades - The End for the Damned", and emitted decoy HTTPS traffic to Anthropic API endpoints to obscure the egress channel. Defenders should audit requirements.txt, poetry.lock, and local site-packages for affected package names (including bramin, executor-engine, executor-http, funcdesc, coolbox, dynamo-release, and magique, among others), treat any environment containing a matched version as fully compromised, rotate all reachable cloud and VCS tokens immediately, and hunt for the IOCs hades-setup.pth and _index.js, along with unexpected Bun runtime downloads, in CI/CD process logs.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04jQ3sN0%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/qBdJNa5E-TFsq-UrCDVrKzpbb-b3uZ2S2Osrs5fOxvQ=452">
<span>
<strong>What Picus found when they analyzed 1.1M malicious files (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Malware now does math to spot humans. When Picus analyzed 15.5M actions and 1.1M malicious files, they mapped the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04jQ3sN0/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/drr2DJxN1j51nHjgNfqkGrldLnnZ3St27vFzCHYxiQ0=452" rel="noopener noreferrer nofollow" target="_blank"><span>10 techniques</span></a> attackers use most to MITRE ATT&CK. Learn why target evasion and stealthy command and control account for the supermajority of attacks. Download the <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhubs.li%2FQ04jQ3sN0/2/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/7aggseAxaG6XMabIku0F3otlr1j8l0Q5RQXbUgQ-IVo=452" rel="noopener noreferrer nofollow" target="_blank"><span>Top 10 Attacker Techniques of 2026</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.anthropic.com%2Fnews%2Fclaude-fable-5-mythos-5%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/Ha5asgrr1rUnSAlf7XCf5CcMVzO3Fljg1ccX3v3jNtA=452">
<span>
<strong>Claude Fable 5 and Claude Mythos 5 (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's releases Claude Fable 5 as its most capable generally available model and Claude Mythos 5 for selected cyber defenders with relaxed safeguards. Fable 5 routes sensitive cyber, bio, and distillation queries through Opus 4.8 using hardened classifiers and 30βday log retention. Mythos 5 directly supports Project Glasswing and a gated biology track, with pricing set at $10/M input and $50/M output.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.security%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/ms_l3JVAskcfCzyZf4Wwi_tGQPcYqApxIWuCHGh6BCY=452">
<span>
<strong>A Security (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Security provides an autonomous offensive security platform that runs continuous, scoped attack simulations across enterprise environments, chains real exploit paths, and then triggers targeted remediation and control adjustments to close those paths before attackers use them.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FbI8d0%2FDriverSentinel%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/DxP61Xz0ZEt78j-U722y_LHJWInXwPvh90R2OEj-x1g=452">
<span>
<strong>DriverSentinel (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
DriverSentinel is a security tool that detects malicious and vulnerable drivers by comparing them against LoLDrivers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F06%2F09%2Fsignal-uks-child-nude-block-threat-wont-protect-children%2F5252761%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/3c3HwMizbPBzm0O8U5ACXAFhJ8HHOeiGlU14Lny2h1I=452">
<span>
<strong>Signal says UK plan to scan devices for nude images 'endangers us all' (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Keir Starmer gives tech firms three months to deploy device-level scanning that blocks minors from taking, sharing, or viewing nude images, or face legislation. Signal warns that client-side scanning and age checks create new surveillance and censorship hooks, expand attack surface via updatable abuse databases or models, and break its privacy trust model even if images stay on-device.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F2NnXqP/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/vqhaPjXE4vBPZ2u2ctlC06-sr9vQfCbK3dkU7tSue3E=452">
<span>
<strong>Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A Miasma variant hit 73 Microsoft GitHub repos, mainly in Azure, knocking key Actions like Azure/functions-action offline and breaking CI/CD workflows worldwide. Attackers had earlier compromised Microsoft's durabletask PyPI package with a modular cloud intrusion framework that steals secrets and can deploy a wiper. The worm now abuses AI coding agents via config files, harvesting credentials when developers open tainted repos.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.macrumors.com%2F2026%2F06%2F08%2Fapple-passwords-can-now-automatically-fix-passwords-with-agentic-ai%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/x68W8aGjbUGJVPD4Dp7iu63lH36jJX2Ow3r2Sp3L6YI=452">
<span>
<strong>Apple Passwords can Now Automatically Fix Weak and Compromised Passwords (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple Passwords can now automatically update weak and compromised passwords using Apple Intelligence. This feature expands Apple Passwords' existing weak and compromised password detection by automating the rotation process.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FV3VgrH/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/lKO3Tf4gpEW1k237AYsb0L5mdJwekwRMwf-UPJAKESU=452">
<span>
<strong>OpenSSL Patches High-Severity Vulnerability Found With AI (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
OpenSSL shipped fixes for 18 flaws, including CVE-2026-45447, a heap use-after-free bug in PKCS#7 verification that can lead to remote code execution via crafted PKCS#7 or S/MIME messages.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhackread.com%2Fwhatsapp-blocked-pegasus-spyware-campaign-nso%2F%3Futm_source=tldrinfosec/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/19ubqEBtPwLzdxxiHk3SOaM9HFb-YPbxxtrl4A_SBUw=452">
<span>
<strong>WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
WhatsApp blocked a new NSO Group Pegasus campaign delivered via spear-phishing links rather than a platform vulnerability, removed associated test accounts and groups, and filed for contempt against NSO for violating an existing permanent injunction.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fsukiyn/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/g5WyzvvbfImgWOs18IDyRjrIXy7KIFdHn1Nwd0svZpA=452">
<span>
<strong>Microsoft Patches 200 Vulnerabilities (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Microsoft's June 2026 Patch Tuesday fixed roughly 200 flaws (nearly 40 rated critical across Windows, Azure, Office, Outlook, Exchange, and AI tools).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/krjWGW8vbsbx87pwILcl_gYuLQB1z1rGEoXvUHB73Bw=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/wNCRNNapsRJ3AOybMKFtgTU7XSIMrGiTm-nbjtWrkC8=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/NmCr5eJSH1nUd3xJKqDEWrj1NNcaq9iAK9BHs9omSU4=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/BtyTUoK-oLi470cakz8Ol8Q0uvYQ16zPQNUM9fpj04Q=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/IPCHOAZB42OfkGym7v0U_CSZ2ikYTn6LC35ivUSCeqA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/fOQ9Un88HxlarXmGYM_N7T0aKGddNrFKCAKwz4yg5g8=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/gUrkhIq627DQ8Hp8abmtpzV76m6IzF3y-pXpGs4ckqQ=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/glfXMBRvikUKm35K8vfHbKX7LK7VLYconzbRVy7FP2k=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/if1kloqrIN1onP_ixJ3Zk9f0m57pLkNk5X-huwqMDdY=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/fCcltM2ZeZJewHgC_ACGjCUGwgBArNxovmgs8YTwgDU=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a43df398-64b7-11f1-84c3-c36ac332b121%26pt=campaign%26pv=4%26spa=1781096523%26t=1781096846%26s=f81b403d98cee7a3f72a3059a0cc281bf3647b4e5f7bac9634e729be87de6c95/1/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/7frWVLXNgwygC7m20OToHU5hjIdeO0RyZ7hq4NpV2ZM=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019eb1a51573-0bb6a342-fc33-4c0e-80a4-7811f97d7673-000000/lXz05zmyqFdtXzgTa2S9K2VUrFhU-1E0Ebdbtrvwfec=452" style="display: none; width: 1px; height: 1px;">
</body></html>