<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">CVE-2026-20253 (CVSS 9.8) allows unauthenticated attackers to access Splunk Enterprise's PostgreSQL Sidecar Service via the main web application β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/7ZbNvTKoNIwy22EZea--RKDWJjuFqOuIigan9b9hvNg=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/HD409g3i0emGOSkfQrEnSgzht4-n_uTawXs6gUIziPw=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d65f22fe-689d-11f1-89cb-1f5f2692313e%26pt=campaign%26t=1781528923%26s=ebf89857624166ffc2dbc2a3eb8dd2eb15ca1518bfa01589c024169b8b95a9c8/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/lGpvr6U32Nlzxpllwbp7Grl8RWZA2Cd4P_VPv9GnLLc=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-15</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flabs.watchtowr.com%2Fwhy-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/qS_HEbngUvL1Uk73L3MfIDfp2Qa5ZbXCZGMCcZ45EK8=452">
<span>
<strong>Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) (15 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
CVE-2026-20253 (CVSS 9.8) allows unauthenticated attackers to access Splunk Enterprise's PostgreSQL Sidecar Service via the main web application proxy at /en-US/splunkd/__raw/v1/postgres/recovery/. This vulnerability converts the loopback-bound service on port 5435 into an attack surface accessible over the network without credentials. The exploit involves injecting a connection string into the database parameter to redirect pg_dump to an attacker-controlled host, resulting in a malicious database dump containing a lo_export function that can write arbitrary files during restore. The attacker then locates a plaintext .pgpass file at /opt/splunk/var/packages/data/postgres/.pgpass to authenticate with the local PostgreSQL instance and overwrites the ssg_enable_modular_input.py script, achieving remote code execution as the splunk user. Out-of-the-box, Splunk Enterprise versions 10.0.0-10.0.6 and 10.2.0-10.2.3 on AWS are vulnerable. To mitigate, update to 10.0.7 or 10.2.4 respectively, restrict external access to the /__raw/ proxy path, and handle .pgpass files in Splunk deployments as secret as sensitive as private keys.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F06%2F12%2Fnovo-nordisk-says-hackers-stole-clinical-trial-data%2F5254812%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/3kyrhcP3TdG9X7MATlf4vKc14YgzRWwR_dzMMfvTglU=452">
<span>
<strong>Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Novo Nordisk says attackers accessed pseudonymized clinical trial records, including patient IDs, demographics, biomarkers, and lifestyle data, but not names or direct identifiers. The company reports some internal systems offline and warns trial participants and healthcare partners about targeted phishing via email, phone, and WhatsApp using stolen contact details.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.sonatype.com%2Fblog%2Fatomic-arch-npm-campaign-adds-malicious-dependency%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/-x0cd-k-gxGnsdXLaNd9CvJGlUt4nQZNem1J16vMHB0=452">
<span>
<strong>Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Attackers are taking over abandoned Arch User Repository packages, changing PKGBUILDs to install a malicious npm dependency called atomic-lockfile that drops a native Linux payload with eBPF-based rootkit behavior, credential and token harvesting, anti-debugging, and HTTP exfiltration. The campaign now appears to touch around 1,500 AUR packages across multiple waves using npm and Bun installers.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fresearch.checkpoint.com%2F2026%2Ffrom-sqli-to-rce-exploiting-langgraphs-checkpointer%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/fP25lDb0kCpILj-_TWXYRVjfFBOLKtAlrJNJ3chGDlw=452">
<span>
<strong>From SQLi to RCE - Exploiting LangGraph's Checkpointer (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Check Point Research disclosed three chained vulnerabilities in LangGraph's persistence layer affecting 50M+ monthly downloads: CVE-2025-67644 (SQL injection in SQLite checkpointer when filter parameters lack parameterization), CVE-2026-28277 (unsafe msgpack deserialization via _msgpack_ext_hook that executes arbitrary functions through importlib.import_module and getattr), and CVE-2026-27022 (identical SQL injection in Redis checkpointer). Exploitation requires the application to expose get_state_history() with user-controlled filter input. Attackers inject UNION SELECT statements containing malicious msgpack payloads that deserialize to RCE via os.system() calls during checkpoint processing. Patch to langgraph-checkpoint-sqlite 3.0.1+, langgraph 1.0.10+, and langgraph-checkpoint-redis 1.0.2+. Use parameterized queries for all filter/limit inputs and avoid exposing checkpoint history APIs to untrusted users.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjoshuasaxe181906.substack.com%2Fp%2Fbanning-mythos-represents-a-basic%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/N0coABIGAkFSmXc4VedRhlMGjOJZ4fs6G5qc5zegfHk=452">
<span>
<strong>Banning Mythos Represents a Basic Misunderstanding of AI Cybersecurity (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Shortly after its release, Anthropic's first βMythos-classβ model was banned citing βnational security concerns.β This decision represents a fundamental misunderstanding of AI in the cybersecurity space. While they can be used by attackers, capable models also represent a hope for overburdened teams to be able to fix bugs and remediate vulnerabilities at scale.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frecyclebin.zip%2Fposts%2F2026-05-25-secret-scanning-fleet-bagel%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/SAv3_sYgcQ-7X11cUuJKoDR0UmAZ8P0czqMHig-fMsM=452">
<span>
<strong>Detecting and Removing Dangerous Secrets on Dev Workstations Before Shai-Hulud Does (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This post introduces a workflow for detecting plaintext secrets on developer workstations. The tool utilizes bagel, which functions similarly to TruffleHog but for workstations instead of repos, to scan workstations for secrets and output a JSON containing the location and criticality. fleet then uses osquery to determine if the most recent bagel run succeeded and notifies the developer via Slack if it had any findings.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2F2026-Trends-Report-Pre-Download.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/zlJzMGmoIv_7FiEwtC2DpKNEWiGYOpueAEsLf7VIq4w=452">
<span>
<strong>Cybersecurity in the age of AI: 2026 Trends Report by Arctic Wolf (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Arctic Wolf surveyed 1,350 global security & IT leaders to understand the state of the industry and what's coming next. Now you can be among the first to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2F2026-Trends-Report-Pre-Download.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/2/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/3Ek3g0thGNaey-H5sUc5jDXyIJdvEfeEK6OGOZOTi2Y=452" rel="noopener noreferrer nofollow" target="_blank"><span>get the report</span></a>. Essential reading for anyone wondering where to allocate resources in light of the vulnpocalypse. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcybersecurity.arcticwolf.com%2F2026-Trends-Report-Pre-Download.html%3Futm_source=newsletter%26utm_medium=cpc%26utm_campaign=ADV%2520FY26%2520CPC%2520TLDR%2520Newsletter/3/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/ixOjGYD1FurKbRjEb0NfPQG_Rs9dDBHxpIZdxKDljGY=452" rel="noopener noreferrer nofollow" target="_blank"><span>Reserve your copy</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fsbousseaden%2FEDRUnChoker%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/BKxBlMQ3Y2MWZ6xBJ_fZJoa093aZJXyc88Ba4JggNOo=452">
<span>
<strong>EDRUnChoker (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
EDRUnChoker is a fileless WMI-based defensive tool that counters EDRChoker's QoS abuse by registering a permanent root\subscription event subscription that runs a 5-second VBScript timer to enumerate and remove malicious New-NetQosPolicy throttles targeting known EDR agent processes via WbemContext PolicyStore on both ActiveStore and GPO:localhost, logging each removed policy as Event ID 1002 under source EDRChokerDefense in the Application log.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcloud.google.com%2Fsecurity%2Fai-threat-defense%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/6GtoHXNEPMoyCGajUehwxH1IjvuToAGSDc_VRMpXOR4=452">
<span>
<strong>Google AI Threat Defense (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google AI Threat Defense is an always-on platform that uses Mandiant telemetry, Wiz cloud scanning, and Gemini-based tools to find exploitable exposures, generate and verify patches in developer workflows, and enforce real-time detection across applications and cloud infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Fxuyw-seu%2FPacketPatch%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/OY9oPBc43DXS4FpLKlyd7-LEy8ulCWjW2fbk9OLZcKs=452">
<span>
<strong>PacketPatch (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
PacketPatch generates adversarial perturbations against byte-feature encrypted traffic classifiers under strict black-box conditions, built on ET-BERT and SpanBERT, adding under 10% bandwidth overhead at roughly 10 ms per packet while keeping packets valid and recoverable through a symmetric proxy.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.janestreet.com%2Fformal-methods-at-jane-street-index%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/aMnHzqHodOrAa5nG9H_Pt8S8brnKQGgWHbeCJwwouTI=452">
<span>
<strong>Formal methods and the future of programming (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Jane Street has reversed a 25-year stance against formal methods, having long judged the cost prohibitive (seL4 took 25 person-years to verify 8,700 lines of C, roughly 23 proof lines per code line). Agentic coding flipped that calculus: models lower the cost of constructing proofs while raising the payoff, since agent-generated code still trends toward slop that demands heavy review, and type-level universal guarantees kill entire bug classes like data races and XSS in ways tests cannot. The firm's deep control over OxCaml and a user base already primed for aggressive type-system features position it to bake proof-oriented techniques into the language itself, a bet that formal methods shift from niche assurance work to mainstream tooling as agents reshape where verification effort goes.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.hello.coop%2F2026%2F06%2Fanthropics-zero-trust-for-ai-agents-sets-the-right-test-the-bearer-token-fails-it%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/2wkexz-gjP4Tw2XwD8rN7UmOlJKB5R1L0tyypJBamm8=452">
<span>
<strong>Anthropic's Zero Trust for AI Agents Sets the Right Test. The Bearer Token Fails It (8 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dick Hardt applies Anthropic's own "impossible vs. tedious" standard to the Zero Trust for AI Agents framework's baseline credential recommendation and finds short-lived bearer tokens fail it: a stolen token with a shorter TTL still constitutes an exfiltrable secret, making credential theft tedious rather than impossible. Three deeper gaps are identified: authorization scoped to agent-plus-tool relationships rather than specific call parameters, delegation enforced through telemetry after the fact rather than through structurally narrowing authority at each hop, and agent identity assigned without binding to an accountable human principal. The prescribed remedy is proof-of-possession via non-exportable private keys (HTTP Message Signatures), per-call constrained authorization where parameters themselves are the evaluated artifact, and derived authority that narrows as delegation travels, framed not as a better OAuth but as the deletion of bearer primitives entirely.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftechcrunch.com%2F2026%2F06%2F13%2Fthe-fbi-built-its-own-replica-small-town-to-simulate-real-world-cyberattacks%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/_VgTpp40YGCH5rf8gLeU-G1rbDyGuqBmOo1-_21TB9I=452">
<span>
<strong>The FBI built its own replica small town to simulate real-world cyberattacks (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI runs a 22,000βsquareβfoot fake town in Huntsville, Alabama, to train investigators on live cyberattack scenarios using real consumer and enterprise tech. Houses, a hospital, utilities, and businesses are wired with functioning systems so teams can practice ransomware response, handle lifeβsafety decisions, and work in cramped data centers. The range also supports handsβon digital forensics against encrypted devices and undisclosed exploits.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fcyberscoop.com%2Foutsider-cybercrime-network-takedown-china-fbi-google-lumen%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/ZKLKTBgfWnGt7XNLiiQ9AP5P7XI-EPGkQWk05Tu87Os=452">
<span>
<strong>FBI takes down massive China-based cybercrime network that caused $1.9B in losses (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI, Google, and Lumen dismantled Outsider, a China-based phishing-as-a-service operation active since July 2023 that drove an estimated $1.9 billion in losses across 55 countries by selling AI-assisted phishing kits for as little as $88 per week.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Ftech-policy%2F2026%2F06%2Fcontroversial-fisa-spying-law-expires-tonight-the-spying-will-continue%2F%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/u0XWRGSJEcshK5WCSc7JH_-WSvMxU9rTgXF6VLs0EI8=452">
<span>
<strong>Controversial FISA spying law expires tonight. The spying will continue (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Title VII's Section 702 of FISA technically sunsets at midnight, but existing FISA Court certifications keep surveillance programs running until March 2027.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Finterpol-takes-down-sniper-dz-phishing.html%3Futm_source=tldrinfosec/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/sPJkn-2kDWH1KLWXiOog_2_IwqCrnVfPscbfoIL5MT0=452">
<span>
<strong>INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
INTERPOL's Operation Ramz led to 201 arrests across 13 MENA countries and the takedown of Sniper Dz, a free phishingβasβaβservice platform active since at least 2015.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/6lIWfCIw15F9YqX613rwQma_sYG8T7Ajiv38ZZR0d0E=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/egimqPMW9SASMlsoOqskn9RjHA6aqEoPFQw0pKcLaRI=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/CMVsht9NNmonUblBIXvAzX7xdmKldgGKBorQtuYQ9bg=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/LB5YVkCqL_EajQ6kPN2BMDuvctT6ECqc-rqGsZACEKc=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/KV56Rnkm3IymZw0y97f9YgB_sqvM-SQ0unGRFzWWNE0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/KBfWLh8n4QqWUCqCEtNt5O6H2_0rXhiHsTd0HG-lfh0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/QwT4X5Zav44RGPO9qKSFutqM0AQoxjlgxfIyXs6ZvQ0=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/yu_O5nb9NScS67q0O4UJVGHftMdiTBslrcALSJ0PF0A=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/ZTrRyWzCFWHdriwlGs8C7vNRckiwiqcXhOfAdy2VTew=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/DK72ZrMKrd92tU3uWsMC9s9-NjcR6UqXI-T9gyPcAVQ=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=d65f22fe-689d-11f1-89cb-1f5f2692313e%26pt=campaign%26pv=4%26spa=1781528580%26t=1781528923%26s=183cdd5ed700e68acf9881d7d7cbff54e2ebaa7abdcf3eb2210bba10882961ca/1/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/SHhkD23c0fscvMKaVnHLB5EZKUvmFAFOu-NXc0QBy7U=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ecb660d13-f2e883e1-d6f1-4218-8a10-fd8be62b173a-000000/6hXy4dqL2bIrI2qVahDHa6_Pdg7bvlZzTkpqHksu-eE=452" style="display: none; width: 1px; height: 1px;">
</body></html>