<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">The ShinyHunters ransomware gang claims to have hacked Europeβs leading human rights organization, the Council of Europe β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/UqAU-MCSTal5fn6FLbdy2pE9e8dn-f2YiRA2-J3ww6M=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/eHjxXBEfPYhqdNVTE1numnFSssK9FBBEp74xtJqM9lA=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9f36deb8-695e-11f1-ab13-61e727e5c382%26pt=campaign%26t=1781615303%26s=1ee60feace8869f8144cc80dd544e8ec00cfe4881e39d716ff0415fec556c211/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/rHb0K5lKbODnfAtri8GdbzGkx9Y84p70g8eIe8KnbRE=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackkite.com%2Fblog%2Fvulnerability-deluge-mythos-board-questions%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=fy27-alwayson-tofu%26utm_content=61626_header_board_asking_you/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/4WOtGtlV2w2HYvWLnHJV_JNHD4enk0qb_ZU-We4QvtI=452"><img src="https://images.tldr.tech/blackkite.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Black Kite"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-16</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackkite.com%2Fblog%2Fvulnerability-deluge-mythos-board-questions%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=fy27-alwayson-tofu%26utm_content=61626_header_board_asking_you/2/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/qT3FBpBgFfsVrfeVavPXFzlby0AWbFi4fo_KZBClT10=452">
<span>
<strong>Your board is asking you about Mythos. These are the 5 things they need to hear (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mythos (now Fable), Daybreak, and widely available frontier models have created a dangerous surge of CVE volume that no team can patch its way out of. <p></p><p>Now your board is asking <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackkite.com%2Fblog%2Fvulnerability-deluge-mythos-board-questions%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=fy27-alwayson-tofu%26utm_content=61626_Body_questions_you_need_answer/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/8TnhnHZbMu0Wwwct_PNn2sduoPOITBpVs0RVPUlmXTs=452" rel="noopener noreferrer nofollow" target="_blank"><span>questions you need to answer</span></a>: What's your exposure? Do you have a handle on it? </p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackkite.com%2Fblog%2Fvulnerability-deluge-mythos-board-questions%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=fy27-alwayson-tofu%26utm_content=61626_Body_ungated_black_kite_guide/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/7d5yDxhz-TrdJuFKZULG3PYJIJXQTzsOEhtd7CmnU4g=452" rel="noopener noreferrer nofollow" target="_blank"><span>This (ungated) Black Kite guide</span></a> breaks it down in language they'll understand. They don't have to know what the letters "CVE" mean, but they need to know if they're at risk β and if the company will end up on the front page because of a vendor no one ever worried about.</p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblackkite.com%2Fblog%2Fvulnerability-deluge-mythos-board-questions%3Futm_source=tldr%26utm_medium=newsletter%26utm_campaign=fy27-alwayson-tofu%26utm_content=61626_cta_answers/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/5m_645CsL46o5FeLREWO9d3pg6t9Vtf3tdWiE2G13tI=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get the answers</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FtiPNiY/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/sPL54Yvu6fXiaiGqWnygFDMaI5sYK2RoCDXgsXRZhC4=452">
<span>
<strong>ShinyHunters Claim Council of Europe Hack (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ShinyHunters ransomware gang claims to have hacked Europe's leading human rights organization, the Council of Europe. The group says that they have stolen over 429K files, including payroll data, CVs, contract and purchase records, absence and illness reports, bank account information, and performance evaluations. The data includes sensitive information such as employee names, IDs, addresses, phone numbers, dates of birth, tax and social security information, and medical records.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FhOYL1P/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/Mn5NxKzFufxROw-iDs1OEQEBScOGzvd_WMD8p9isDnQ=452">
<span>
<strong>InfiniteCampus Data Breach Affects 137K School Staff Accounts (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The ShinyHunters ransomware gang has stolen and released data of 137k school staff accounts from a Salesforce instance belonging to the InfiniteCampus EdTech company. Have I Been Pwned analyzed the leaked data and found that the breach exposed names, email addresses, employers, job titles, phone numbers, physical addresses, usernames, and support tickets. InfiniteCampus stated that most of the information is publicly available on school directories.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Flitellm-vulnerability-chain-lets-low.html%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/orMv73R3dvGmIrmrZlbFxAgMU1e3ss_wlNVU6eDPwTo=452">
<span>
<strong>LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A LiteLLM proxy bug chain lets a basic internal user mint overbroad API keys, escalate themselves to proxy admin, and then run arbitrary Python guardrail code for full server takeover. Attackers can dump all AI provider keys, decrypt stored credentials, and read prompts, responses, and other sensitive data flowing through the gateway. With callback hooks, they can silently alter agent responses and spawn reverse shells, and must be stopped by upgrading to v1.83.14βstable or later, auditing admins, callbacks, and rotating exposed secrets.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.varonis.com%2Fblog%2Fsearchleak%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/K2Zxx2PWn4AnzrW_ZktgTTTf9jlLO73jNhyJO4QIfLE=452">
<span>
<strong>SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Varonis Threat Labs found a three-stage bug chain in Microsoft 365 Copilot Enterprise Search that lets an attacker steal data with a single malicious link. The q URL parameter is treated as an instruction, so Copilot can be tricked into searching a victim's email, calendar, SharePoint, and OneDrive, then embedding results inside an image URL. While Copilot streams its answer, an injected image tag briefly renders before sanitization and triggers a request to Bing's image search endpoint, which fetches an attacker-controlled URL containing the stolen data. Microsoft fixed the issue as CVE-2026-42824, but the technique shows how AI-powered search can turn old web bugs into practical data-exfiltration paths.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Fx3tHpF/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/68tlcLDAMWWrs3aPzniu5gJVn2SZb5R3ZPt7NS1QKWc=452">
<span>
<strong>After the VS Code Supply Chain Attack: Is Your Extension Blocking Actually Working? (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
When a user tries to install a VS Code extension from the marketplace, VS Code first contacts marketplace.visualstudio.com to obtain the CDN URL that actually serves the extension and then it is extracted and installed. Many organizations only blocked the marketplace URL when putting in place extension blocks which could be circumvented by an attacker that knows or can reconstruct the CDN URL. Restricting users from installing extensions can also fall short if an attacker were to directly extract the extension into .vscode\extension\.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fen.cryptonomist.ch%2F2026%2F06%2F13%2Fhumanity-protocol-h-token-compromise%2F%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/q_Rtqqi6CwtVZKwhghKT98Io7qjn6SyRBMSTYVM4lxg=452">
<span>
<strong>Humanity Protocol H Token Compromise: One Email, $36M Lost, 89% Crash (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A phishing email impersonating Korean exchange Bithumb carrying a malicious attachment delivered remote-access malware to the Windows machine of director Chong Yee Wai and extracted the private keys he controlled for on-chain operations. With those keys, the attacker simultaneously replaced the implementation of a Hyperlane warp-route proxy on Ethereum to redirect approximately 141.18 million $H tokens, and used three stolen BSC Safe signer keys to seize ProxyAdmin ownership and mint 100 million additional $H tokens, conducting both chains in parallel to foreclose any single-chain defensive response. The attacker liquidated proceeds through Uniswap and PancakeSwap over roughly eight hours, crashing $H by 89% and generating at least $21 million in confirmed ETH proceeds. The breach reinforces that no smart contract audit mitigates an admin keyholder opening a zip file on a personal device, and protocols should enforce hardware security modules, multisig key ceremonies with geographically separated signers, and administrative key isolation from internet-connected endpoints.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fnewcore.com%2F%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/frD1SJcPsq--IQRwUNPuYt_MorxqLafMDZMPykL6xMA=452">
<span>
<strong>NewCore (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
NewCore is an identity security platform that protects human, machine, and AI agent accounts through secure split-key technology, hardware-bound verification, and rapid deployment, replacing risky SAML signing setups and legacy identity infrastructure.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FKeygraphHQ%2Fshannon%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/tflG9MP3flHMTg9NO4XjcZvFEF3XQQgQXcZ_RwwZUTw=452">
<span>
<strong>Shannon (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdocs.cloud.google.com%2Frecaptcha%2Fdocs%2Fhand-gesture-verification%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/2U7YJfQSm9sewb_LHw68Puvj6tPRpu3umaOWGhfrORI=452">
<span>
<strong>Google adds Hand gesture verification for reCAPTCHA (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google added hand gesture verification to reCAPTCHA as part of its Cloud Fraud Defense suite, prompting users to perform gestures on camera while the system extracts 21 hand-knuckle landmark coordinates to confirm that a live human is present. Google states that the videos remain unlinked to any user identity, do not include audio, are deleted once the challenge completes, and never reach third parties. The shift moves bot detection toward camera-based biometric signals, so teams weighing adoption should weigh the camera-permission friction and the privacy optics of capturing hand video against the stated deletion guarantees.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F0Lnvyf/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/T_vuyG3Ma8pO8x89D1y47w0S1jrOS9sFVJYR8Hng13c=452">
<span>
<strong>Chinese Hackers Hijacked Auth Flow, Spy On Isolated Network for a Decade (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Sygnia researchers reported that the Chinese Velvet Ant APT breached a critical infrastructure network for 10 years. The APT breached an internet-facing server, deployed a modified GS-Netcat reverse shell, and set up a SOCKS5 proxy to tunnel to air-gapped systems. It also modified an internet-facing Nginx proxy to forward requests to internal systems by establishing SSH connections via HTTP POST request parameters. Recovery from the breach was particularly complex because the attackers replaced many legitimate tools, such as pam_unix and ssh tools, with trojanized versions.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FcxHQiL/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/ajwxibp6KTcavRNGVZsxcf6Z2KmWa0dMQXTv2Egvh1w=452">
<span>
<strong>Ransomware Attack Shuts Down Mills of Australia's Second-Largest Sugar Producer (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mackay Sugar said a ransomware attack shut down some mills and disrupted cane supply and logistics systems. The company restarted limited manual crushing at one mill, began steam trials, and expected a staged restart later in the week. The Gentlemen claimed the company on its Tor site, but no data leak has appeared and the status of OT systems remains unclear.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fstratechery.com%2F2026%2Fanthropics-safety-superpower%2F%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/EGjNdt50-Xwo9FSJNarZ7P8Vd1hJcPWbkktp9_yDcnA=452">
<span>
<strong>Anthropic's Safety Superpower (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ben Thompson argues that Anthropic's safety messaging aligns a little too neatly with its commercial interests, walking through the release of Fable (a guardrailed cut of the Mythos Preview model the company had deemed too dangerous to ship) alongside its cybersecurity capabilities, the US government's export-control directive suspending access to Fable 5 and Mythos 5 for foreign nationals after a reported jailbreak, and a 30-day data-retention reversal that scrapped zero-retention guarantees even for enterprise plans. He singles out the launch-day plan to silently degrade Fable for frontier LLM development work, later walked back to a disclosed handoff to Opus 4.8, as proof that Anthropic both can and will quietly steer its models toward its own policy preferences. The throughline he draws is that a lab convinced it alone should build frontier AI, and by extension, should hold final say over AI generally, ends up framing every self-serving move as a safety necessity.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F3uZ3f3/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/HJxPC5qdrUoxxWwbhBLUHomggSerd0IaAQivAEgDbSo=452">
<span>
<strong>New attack turned Microsoft 365 Copilot into 1-click data theft tool (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Varonis researchers chained a parameter-to-prompt injection, an HTML rendering race condition, and a Bing SSRF-driven CSP bypass into SearchLeak (CVE-2026-42824, critical), a one-click attack that let a crafted URL direct Microsoft 365 Copilot Enterprise Search to pull mailbox, OneDrive, and SharePoint data and exfiltrate it through a Bing image fetch, since patched by Microsoft with no user action required.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2Ffjxqow/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/kNmeyx35w7Ds_REN0QjBApn8AQtHPgpfxySeqe0CfyA=452">
<span>
<strong>FBI, Google Dismantle βOutsider Enterprise' Phishing Service (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
The FBI's Operation Riptide and a Google lawsuit dismantled Outsider Enterprise, a China-based phishing-as-a-service platform active since 2023 that ran over 9,000 sites across 55+ countries to steal roughly 3.8 million credit cards for an estimated $1.9 billion in losses, seizing administrative-server domains, a Shopify storefront, and about $100,000 in crypto in the process.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdecrypt.co%2F371143%2Fone-indicted-over-crypto-wrench-attack-in-france%3Futm_source=tldrinfosec/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/KSSUhNthSUAMrrNF2ErhqNe36i7XE89QVQzmt6QtV2w=452">
<span>
<strong>One Indicted Over Crypto 'Wrench Attack' in France (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A 32-year-old has been indicted in Nancy after three men posing as police officers beat a couple to steal $20,000 in crypto, traced back to January's Waltio breach that exposed emails, 2024 trading P&L, and balances for roughly 50,000 users whose data attackers used to target holders by physical address.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/SIQ9gg4MM3Km3cMivM_-Jiy0v75qx4_RwdxmWVI0i5o=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/wyvfG88kdp2Mragu9pGV4_QzhoWL_aozPRSIhuL6yW0=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/nlZECarTQmRQw5U_CUqiwNirNxG4hIbtasLv4TOePAo=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/4wulOEdFYOcXgX8eeG8jtQLTfi9MRjNRi3qHML5b-eA=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/uFf3ntmtg5qD8HiwpQP4rmJCKqoxwl61dR1NvlUNPSw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/hPHI6vlNO2OzWHbwQdAiggkbQ6ft4Gu0pzT25tCSRFw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/qnojfkxqztVDEJFSlbwFxLzINpwzv07ulsIq4Q4QyUk=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/ol2_RekTIrQGtIF1eHG4_Os_A_HH4YHhH4MhX7Q7QMU=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/CXn_azdmtCWfo3xX9DZ_xTR7AuXQ2IgqzwSt__3ei4g=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/qRnAZrJksjk0KCHYv-tDd83yLrouK5jNgRgBpB6ZZCw=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=9f36deb8-695e-11f1-ab13-61e727e5c382%26pt=campaign%26pv=4%26spa=1781614979%26t=1781615303%26s=ab3f6101b52e816bf90f7b4204f911d6cd8958361db322ce8f8506e2143fce8a/1/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/P8GVyWNeEBFSRXRSuOgvz42kKL68G6Y83wgxe5TnDVk=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ed08c1c5f-298ee562-304d-4c1d-b1b7-7272a40cf9c6-000000/uiu6v-jVGB-fgZ7wObKueiYpeXonXa8MzffuW_R0UVM=452" style="display: none; width: 1px; height: 1px;">
</body></html>