<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">A criminal contacted cardiac monitoring firm iRhythm on June 9 claiming to have stolen proprietary data, patient health information </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/kE_YNkg2ewwIUWJYJ36-fk2tTJJz5YDrOoNV1JizlnA=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/g53BVsRFOwHbTUv6_H0HwbMskGp9v9JvK4T4eX01hRA=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a8c130e2-6a11-11f1-ac20-ef85449881df%26pt=campaign%26t=1781701918%26s=3f8369d9f1a4d27e32d87bd57be2285fdc55ad79a6013201da7af04325d43fd9/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/jvTcTVIz48BtyY-cOWnFyUuRDd3DJTuVKYhlUDNNEuc=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_header_header_how_manage_saas/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/IF1qm4Eby6701G1N0aSjxaTKpoJz6De0xZBI81Tzsrk=452"><img src="https://images.tldr.tech/1password-2.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="1Password"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-17</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_header_header_how_manage_saas/2/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/iEOzIYs-JqLszKEFNt3i9mew9zo1W1JoC6bUFgnyQaU=452">
<span>
<strong>Learn how to manage SaaS sprawl with 1Password SaaS Manager. (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Between chasing unsanctioned apps and fielding hundreds of tickets daily, it's no wonder IT teams are stretched thin. But 1Password SaaS Manager helps IT take control of their rapidly expanding SaaS landscape.<p></p><p>This on-demand webinar covers how to:</p><ul><li><strong>Gain visibility into apps employees use</strong> - whether IT purchased them or not.</li><li><strong>Control and optimize SaaS spend </strong>by identifying unused licenses and redundant tools.</li><li><strong>Stay ahead of contract renewals</strong> with automated tracking and alerts.</li><li><strong>Streamline user lifecycle management </strong>with automated workflows.</li></ul><p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2F1password.com%2Fwebinars%2Fempower-your-it-heros%3Futm_source=tldr%26utm_medium=paid_newsletter%26utm_campaign=2026q1_saasmanager_wb_empower-your-it-heros_sa%26utm_content=newsletter_060826_cta_cta_watch/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/hEppi83bC38ASWz1KLQurQQ9AHKQgqmZLpgaRDz2tDU=452" rel="noopener noreferrer nofollow" target="_blank"><span>Watch now</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🔓</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2026%2F06%2Fcardiac-patients-medical-data-stolen-and-held-to-ransom%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/czBObW0KCn7zvviFnc9e2oVl9Se8g3SX35Lgm-5ebOM=452">
<span>
<strong>Cardiac patients' medical data stolen and held to ransom (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A criminal contacted cardiac monitoring firm iRhythm on June 9 claiming to have stolen proprietary data, patient health information, and other personal details from third‑party business apps, then demanded payment to keep it private. iRhythm says products and clinical systems were not hit, and it does not store card data, but the data volume is large and may fuel long‑term phishing, fraud, and medical identity theft for affected patients.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fthehackernews.com%2F2026%2F06%2Fgoogle-vertex-ai-sdk-flaw-let-attackers.html%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/hoFPvesu60WdT9w3cqDEaZPqVv7lzqR6J1wQ4-WoZxA=452">
<span>
<strong>Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A bug in the Google Cloud Vertex AI Python SDK allowed attackers to register predictable Vertex staging buckets, capture model uploads from other projects, and replace them with malicious pickle-based models that executed code in Google's serving containers. The payload in Unit 42's test stole OAuth tokens and accessed other model artifacts, logs, and metadata in the same Google-managed tenant project. Google partially fixed the issue in v1.144.0 with randomized bucket names and completed the fix in v1.148.0 with bucket ownership checks, and recommends upgrading and setting an explicit staging_bucket everywhere the SDK runs.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FvgE7SH/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/Mt0Aoou7yAPukuVhC18A8EklVeP83Rp87EBUSi6zYbE=452">
<span>
<strong>Malicious JetBrains Marketplace Plugins Steal AI API Keys From Developers (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Aikido Security detected a new malware campaign that uses plugins for AI coding assistants advertised on the JetBrains Marketplace to steal credentials. The plugins prompt the user to enter their API key when they first download and configure the plugin, and the key is transmitted to a remote server immediately. The plugins also offer a paid tier that provides users with an API key to use. It is unclear where these keys come from, but the researchers hypothesize that they belong to free-tier users.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧠</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FrZbZgD/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/Gh3_-_rYrVvWw9XbpWvb8MMrWCIjy3YH01On2qHsWe4=452">
<span>
<strong>The Beginning of the End of Social Engineering (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AI-native operating systems from Google and Apple, by simultaneously interpreting what users see, hear, and receive across email, voice, calendars, browsing, and device-level behavior, can shift social engineering defense from user vigilance to system vigilance. The three weaknesses that keep phishing, smishing, and impersonation effective: authentication anchored to static credentials, a fragmented context that lets coordinated multi-channel fraud (a spoofed bank call, a verification text, and a credential-reset email) go unseen by any single app, and the speed at which attacks compress cognition before suspicion forms. Billions of persistent on-device AI agents observing behavior and sharing threat intelligence would not eliminate deception but would make it materially costlier, more complex, and less reliable.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbobdahacker.com%2Fblog%2Ffifa-hack%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/DpEZpZiXdQ0ysIRkc_3Lyc0ig5WngHkEsUFoT-8CRI4=452">
<span>
<strong>I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID (13 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher registered as a FIFA player agent and was silently added to FIFA's internal Microsoft Entra tenant, which unlocked access to the live Football Data Platform and Streaming Management panel during World Cup 2026. With a low-privilege “NO_ROLES” account, they could see RTMP ingest URLs, stream keys, and controls to start or stop every live match feed, plus edit live stats, kick-off times, and commentary data used on broadcast systems. They confirmed live access via VLC, then spent the night escalating to FIFA, MediaKind, HBS, CISA, and the FBI until the issue was finally patched the next day, without any acknowledgment from FIFA.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.varonis.com%2Fblog%2Fopenclaw-phishing%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/X_p-zIgpAPIH95_THUCrR3Jb1mA6I5OC1rrMuIE7iJo=452">
<span>
<strong>Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers from Varonis Threat Labs created a test lab with an OpenClaw setup to read a Gmail inbox containing various sensitive credentials, as well as other emails intended to imitate an enterprise email. The OpenClaw failed two case studies: one involving a request for credentials to resolve an emergency outage, and another requesting a CRM export, even when using a strict profile meant to be hardened. The OpenClaw agent partially succeeded in two other case studies: one involving a classic gift card scam and another involving a malicious OAuth flow. In both cases, the agent clicked the phishing link but did not enter credentials.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🧑💻</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbackplanes.com%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/0MtaFyqNW7DhywV4R_teLPH9Tc_bC7uG3JB8Zphcb8w=452">
<span>
<strong>Secure your organization's Claude Code + Codex sessions, without killing the vibe (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
It's not just engineers anymore. Your whole company is vibing with Claude Code and Codex, and security can't see what's actually happening. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbackplanes.com/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/LOJ1R3QNI6MMV2OPDP-KWxVAIyl7BjREYTg9_BYy6Uc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Spotlight by Backplanes</span></a> gives your team an actionable report on risks to address and patterns to adopt so your organization gets faster and safer every day. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbackplanes.com/2/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/D_5N333Dph29SJ9Hzqz13f4QD2tmBUFAobUzWZPUAXg=452" rel="noopener noreferrer nofollow" target="_blank"><span>Get started for free →</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Faws.amazon.com%2Fblogs%2Faws%2Faws-waf-adds-ai-traffic-monetization-capability-to-help-content-owners-charge-ai-bots-for-content-access%2F%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/W21JSy0ZO4lbpsL4NqHqrerOSYUgt6sQjuGzxerQ4eA=452">
<span>
<strong>AWS WAF adds AI traffic monetization capability to help content owners charge AI bots for content access (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AWS WAF Bot Control now lets publishers charge AI bots per request at the CloudFront edge, returning an HTTP 402 Payment Required with a machine-readable x402 price manifest that x402-compatible agent runtimes can settle autonomously in USDC across chains like Base and Solana. The system classifies over 650 bot types, including GPTBot, Claude-Web, and Perplexity-Bot, assigning each a Verified tier (confirmed via Web Bot Auth Ed25519 signatures or documented IP ranges) or Unverified tier (user-agent matching, behavioral fingerprinting, IP reputation), then applies per-tier actions: Monetize, Allow, Block, Count, CAPTCHA, or Challenge. Monetize works only on CloudFront-associated web ACLs, not regional ones. This normalizes 402-based machine-to-machine payment flows at the WAF layer, which means agent runtimes that auto-sign on-chain authorizations become a new request path worth scrutinizing for abuse.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fent.ai%2F%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/60zfYUbNhmKern_VRnTGRJksYJLq-tuVcIFZxeEiOJg=452">
<span>
<strong>Ent (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Ent builds an intent-aware endpoint security platform for enterprises, using lightweight agents on devices to analyze human and AI agent behavior in real time and apply company policies before risky actions are completed.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2Faboutcode-org%2Fvulnerablecode%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/hcVK5P6QZ6sQfKFwN3u8SPUxqPI6husEE_I9UJdo3kU=452">
<span>
<strong>VulnerableCode (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
VulnerableCode provides a Web UI and API to access a database of known software package vulnerabilities, with comprehensive information from upstream and downstream public sources, including packages affected by a vulnerability and those that fix it.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">🎁</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farstechnica.com%2Fsecurity%2F2026%2F06%2Fusers-cry-foul-after-amd-stripped-memory-crypto-from-its-consumer-cpus%2F%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/VqjVOLS3oR7l3F6XRkRm84fuEBAYXCYl01HOenwiqbQ=452">
<span>
<strong>Users cry foul after AMD stripped memory crypto from its consumer CPUs (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
AMD silently dropped Transparent Secure Memory Encryption (TSME) from consumer Ryzen chips starting with AGESA 1.2.7.0, where the internal DfIsTsmeEnabled flag now returns FALSE for consumer SKUs and TRUE only for PRO and EPYC parts, leaving protection against cold boot attacks, DRAM snooping, and memory module removal undetectable on Windows and hard to spot on Linux. A privacy-conscious Linux user traced the regression after HSI flagged “encrypted RAM: not supported,” and MSI engineering confirmed AMD told them TSME is exclusive to PRO processors, though AMD has never publicly clarified whether this is deliberate policy or a firmware bug. That distinction matters operationally since one is a permanent tier restriction and the other is fixable, so anyone relying on TSME on consumer silicon should treat the protection as gone until a firmware audit proves otherwise.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FTbmIEA/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/ZGk3i9MdUE9PFFfGvtrhX6uGauEQgr3LbS2WqDp_NLM=452">
<span>
<strong>White House Issues Memo to Bolster NSS Cybersecurity (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
President Trump signed NSPM-12 to tighten cybersecurity for National Security Systems, including classified and military networks. The memo restores the CNSS, makes the NSA director the National Manager for NSS, and authorizes emergency directives and baseline requirements. Agencies must keep their NSS inventories up to date, while CNSS has 3 months to revise directives, set roadmaps, and clean up legacy policies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.nbcnews.com%2Ftech%2Ftech-news%2Finside-roblox-age-verification-efforts-rcna346973%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/Acnj5G4Btnvlwwuc-fs89Sp61_HnajZ3UncjCRgXz0w=452">
<span>
<strong>How Old Are You Really? Inside Roblox's New Campaign To Verify User Ages (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
In the wake of several lawsuits against the platform, Roblox has announced that it will use age-verification technology to assign users to accounts with limited chat and maturity permissions based on their age. Users can appeal their age placement, and parents can manually change their children's ages on their children's linked accounts. Roblox will also use “continuous age estimation” technology, which will take in signals such as the language a user uses, the times they play, and the kinds of games they play to continuously estimate their age.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">⚡</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2F7rEFTz/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/YI4uK6dmqN3NCndPIKhtY3Ti6cd65kdDnMGc-pCdOOM=452">
<span>
<strong>Copilot 'SearchLeak' Attack Allows 1-Click Data Theft (3 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Researchers found a three‑stage “SearchLeak” flaw in Microsoft 365 Copilot Search that let a crafted link exfiltrate emails, MFA codes, and other Copilot‑indexed business files in one click.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Farseniyshestakov.com%2F2026%2F06%2F16%2Fapple-is-about-to-make-hide-my-email-useless%2F%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/ON597KRLxh5RWTf-ONMBVLz15kHtMqO_Rgyhk_x2_PI=452">
<span>
<strong>Apple is about to make Hide My Email useless (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Apple is moving Sign in with Apple and Hide My Email aliases to the @private.icloud.com subdomain, making it trivial for services to block all relay addresses without affecting regular iCloud mail.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fdiscuss.grapheneos.org%2Fd%2F36469-grapheneos-has-been-ported-to-android-17-and-official-releases-are-coming-soon%3Futm_source=tldrinfosec/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/per5wE71RDwZd0wLWiBf73me-FvTpgl5DLWKLeRGKS8=452">
<span>
<strong>GrapheneOS has been ported to Android 17 and official releases are coming soon (1 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
GrapheneOS has fully ported to Android 17 on release day across all supported Pixel devices (6a, 7, 7a, 8, 10a, 10, and 10 Pro Fold).
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/yDk_cRamXKXAT0QfDb2whDixeLMVxYsQI0GPgeJzAF4=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/LhDa0tZK61WoN6aVyBfgi1hvRyOP2Fs41b8A6OsthEY=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? 📰
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/4VBCn1ncmEtqK3C_b5L9OzbEDuaqQVofToG9hDWhpYM=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? 💼
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/y5-VYwOk3qYE6IKL8SFIuWR6iGDiqls2jJEk6ZpqKXM=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/zBRo8n_3oPYAHxQAdForTkBJUTMbhIksJVEcPqwvaZ4=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/uk2jQRI5wHIwzJjGzWJAryOgqx0ZhVwGYZl4yWbrxBY=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/lrpf1Tx-3xrio1lXbYs3Vt0JTAcI3DfCr58d7oPPvZk=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/z7JxDhQnfUfTLN3Vy36UacRbDT3DpIJlivWBjBTOum0=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/jsHulW8jiVov6DT5a3w9DG8-h2q5fT43rLD60g3jj30=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/WStO2QhKbfkjxxzNUXf1qqKYs6w_KNtYLgVZxEflY-0=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=a8c130e2-6a11-11f1-ac20-ef85449881df%26pt=campaign%26pv=4%26spa=1781701319%26t=1781701918%26s=354c66ccda87fc90e66d2db486b962bdfcfae099f3ff566879172ffab0161d9c/1/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/TGyE3c1NtRt1e8ALS4fDfh4opjx8zYBONbI7as3PYRY=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019ed5b5c016-944327c4-10f7-41eb-ab09-b3befc2ad684-000000/iEES7ojJlY-Kmw9n1pez_Lt081KWTs_9liehXqxLbd8=452" style="display: none; width: 1px; height: 1px;">
</body></html>