<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html charset=UTF-8"><meta charset="UTF-8"><meta name="viewport" content="width=device-width"><meta name="x-apple-disable-message-reformatting"><title>TLDR InfoSec</title><meta name="color-scheme" content="light dark"><meta name="supported-color-schemes" content="light dark"><style type="text/css">
:root {
color-scheme: light dark; supported-color-schemes: light dark;
}
*,
*:after,
*:before {
-webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box;
}
* {
-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;
}
html,
body,
.document {
width: 100% !important; height: 100% !important; margin: 0; padding: 0;
}
body {
-webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; text-rendering: optimizeLegibility;
}
div[style*="margin: 16px 0"] {
margin: 0 !important;
}
table,
td {
mso-table-lspace: 0pt; mso-table-rspace: 0pt;
}
table {
border-spacing: 0; border-collapse: collapse; table-layout: fixed; margin: 0 auto;
}
img {
-ms-interpolation-mode: bicubic; max-width: 100%; border: 0;
}
*[x-apple-data-detectors] {
color: inherit !important; text-decoration: none !important;
}
.x-gmail-data-detectors,
.x-gmail-data-detectors *,
.aBn {
border-bottom: 0 !important; cursor: default !important;
}
.btn {
-webkit-transition: all 200ms ease; transition: all 200ms ease;
}
.btn:hover {
background-color: #f67575; border-color: #f67575;
}
* {
font-family: Arial, Helvetica, sans-serif; font-size: 18px;
}
@media screen and (max-width: 600px) {
.container {
width: 100%; margin: auto;
}
.stack {
display: block!important; width: 100%!important; max-width: 100%!important;
}
.btn {
display: block; width: 100%; text-align: center;
}
}
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
body,
p,
td,
tr,
.body,
table,
h1,
h2,
h3,
h4,
h5,
h6,
div,
span {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
a {
color: inherit !important; text-decoration: underline !important;
}
</style><!--[if mso | ie]>
<style type="text/css">
a {
background-color: #FEFEFE !important; color: #010101 !important;
}
@media (prefers-color-scheme: dark) {
a {
background-color: #27292D !important; color: #FEFEFE !important;
}
}
</style>
<![endif]--></head><body class="">
<div style="display: none; max-height: 0px; overflow: hidden;">Argus disclosed a PAP authentication bypass in OpenBSDβs sppp(4) subsystem, where sppp_pap_input() in sys/net/if_spppsubr.c fed attacker-controlled β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β β </div>
<div style="display: none; max-height: 0px; overflow: hidden;">
<br>
</div>
<table align="center" class="document"><tbody><tr><td valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="container" width="600"><tbody><tr class="inner-body"><td>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr class="header"><td bgcolor="" class="container">
<table width="100%"><tbody><tr><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" style="margin-top: 0px;" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div style="text-align: center;">
<span style="margin-right: 0px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/_mUUhRjh8-3mCMlD4tleTRQcKqWqqgPpHueTLcwyDAc=452" rel="noopener noreferrer" target="_blank"><span>Sign Up</span></a>
|<span style="margin-right: 2px; margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisetopnav/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/e86VLDIGtI_5_mMs6W5xWpO1qlUlfZCelXu6yB4p2Ec=452" rel="noopener noreferrer" target="_blank"><span>Advertise</span></a></span>|<span style="margin-left: 2px;"><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Fweb-version%3Fep=1%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=36195be0-6b02-11f1-b3eb-f3f40b5e8b9d%26pt=campaign%26t=1781788019%26s=9b2b48972a22fff35f0a8416d0254dcaacd27e446d88ec9f6e92126e1cc25af0/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/cVOWb9su_oF35sGUfHjIKszeaoK-us4ouoeFcL_6ZGs=452"><span>View Online</span></a></span>
<br>
</span></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="text-align: center;"><span data-darkreader-inline-color="" style="--darkreader-inline-color:#3db3ff; color: rgb(51, 175, 255) !important; font-size: 30px;">T</span><span style="font-size: 30px;"><span data-darkreader-inline-color="" style="color: rgb(232, 192, 96) !important; --darkreader-inline-color:#e8c163; font-size:30px;">L</span><span data-darkreader-inline-color="" style="color: rgb(101, 195, 173) !important; --darkreader-inline-color:#6ec7b2; font-size:30px;">D</span></span><span data-darkreader-inline-color="" style="--darkreader-inline-color:#dd6e6e; color: rgb(220, 107, 107) !important; font-size: 30px;">R</span>
<br>
</td></tr></tbody></table>
<br>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr id="together-with"><td align="center" height="20" style="vertical-align:middle !important;" valign="middle" width="100%"><strong style="vertical-align:middle !important; height: 100%;">Together With </strong>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fguide-to-infostealers-proactive-defense%3Fsfcampaign_id=701Rc00000hqnNLIAY%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_Infostealers_Guide_2026%26utm_content=header_1_database_149/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/Q0D1QIECVm2wHUuiunXvlb6G5krFuFf6-zdCBeYmpQc=452"><img src="https://images.tldr.tech/flashpoint.png" valign="middle" style="vertical-align: middle !important; height: 100%;" alt="Flashpoint"></a></td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;">
<div style="text-align: center;">
<h1><strong>TLDR Information Security <span id="date">2026-06-18</span></strong></h1>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width:100%;" width="100%"><tbody><tr id="sponsy-copy"><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fguide-to-infostealers-proactive-defense%3Fsfcampaign_id=701Rc00000hqnNLIAY%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_Infostealers_Guide_2026%26utm_content=header_1_database_149/2/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/TndFRQJ405sOio7vp1ynPWbQQic-C3x013KRdRqystY=452">
<span>
<strong>1 Database, 149 Million Stolen Credentials (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
"Identity is the new attack surface" is more than a buzz-phrase. A <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fguide-to-infostealers-proactive-defense%3Fsfcampaign_id=701Rc00000hqnNLIAY%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_Infostealers_Guide_2026%26utm_content=body_intro_single_exposed_database/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/lzDNUHq0p-g2MW10XSxMMXeHNEoZyiOqAuUzE8DoEpw=452" rel="noopener noreferrer nofollow" target="_blank"><span>single exposed database</span></a> surfaced in early 2026 contained more than 149 million stolen login credentials -- gradually harvested from millions of individual devices by info-stealing malware.
<p></p>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fguide-to-infostealers-proactive-defense%3Fsfcampaign_id=701Rc00000hqnNLIAY%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_Infostealers_Guide_2026%26utm_content=body_outro_flashpoints_latest_guide/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/vZu_dvoEpJnskR8oVyUl1wAJjdL1OCiDv6MxBYT0m7M=452" rel="noopener noreferrer nofollow" target="_blank"><span>Flashpoint's latest guide</span></a> breaks down how the Malware-as-a-Service (MaaS) ecosystem has commoditized corporate identities and how security teams can fight back. Readers will learn:</p>
<ul>
<li>How infostealers power modern attack chains</li>
<li>How to manage the expanding identity attack surface</li>
<li>How to operationalize infostealer intelligence</li>
<li>How to evaluate your current capabilities</li>
</ul>
<p><a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgo.flashpoint.io%2Fguide-to-infostealers-proactive-defense%3Fsfcampaign_id=701Rc00000hqnNLIAY%26utm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=Resource_RP_Infostealers_Guide_2026%26utm_content=cta_report/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/hgxXJw-EIRqCyeGTCOwUY7b2ma_tBtcKDFkpx3D6wms=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the report</span></a>
</p>
</span></span></div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr>
<tr bgcolor=""><td class="container">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding: 0px;">
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Attacks & Vulnerabilities</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.argus-systems.ai%2Fblog%2Fopenbsd-pap-27-year-auth-bypass.html%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/zWrN-zCXJLFMrKEK9G48CIMR8GiSOqUUKcG5CNGdSJM=452">
<span>
<strong>A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Argus disclosed a PAP authentication bypass in OpenBSD's sppp(4) subsystem, where sppp_pap_input() in sys/net/if_spppsubr.c fed attacker-controlled length fields straight into bcmp, so a PPPoE peer sending name_len=0 and passwd_len=0 made both comparisons return 0 and complete authentication with no credentials, while oversized lengths triggered a kernel heap over-read. Reachable unauthenticated over the PPPoE data path (pppoe_data_input β pppoeintr β sppp_input β sppp_pap_input), a rogue server in the same broadcast domain can impersonate a legitimate endpoint and route a victim's traffic through it. The flaw dates to the 1999 FreeBSD-derived import and was verified against OpenBSD 7.6 (amd64). The fix, committed by mvs on June 14 (openbsd/src@076e2b1), adds the exact-length pre-check the CHAP handler already used, so administrators running PPPoE links on sppp(4) should pull the patched source and rebuild.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FNIbjOS/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/l9VLqp-jWKxjt7q35bCe3Oof5bN_8wUHjKPHNyv9HJU=452">
<span>
<strong>Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
An automated campaign called FortiBleed is using reused and long-lived credentials to break into over 30,000 Internet-facing Fortinet firewalls and VPN gateways across 194 countries, with more than 30,791 verified device logins tied to 21,108 IPs and 8,316 domains in telecom, government, critical infrastructure, and other sectors. Once a device is accessed, attackers turn it into a listening post to grab more passwords, feeding them back into their scanner. Technical evidence points to Russian-speaking actors prioritizing NATO-country targets.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FEPLJhP/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/tVV5ikD8Fzx1z3j8SSKWVsWsMNBDHOcH28CWOIFnhWI=452">
<span>
<strong>FortiBleed Leak Exposes Fortinet VPN Credentials for 73K Devices (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
A security researcher discovered a server that contained credentials from an ongoing Fortinet bruteforce campaign. The server contained nearly 74K usernames, passwords, and email addresses for Fortinet VPN appliances that the attacker harvested through brute force attacks. The researcher also stated that the attacker also obtained credentials by brute forcing Microsoft SQL Server databases and cracking intercepted SSL VPN hashes.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§ </span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Strategies & Tactics</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fbrandonrozek.com%2Fblog%2Fpost-quantum-security-adoption%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/8lNWirGn5tWPXm3Eu1PDt7HScob9QmiLEngO1YGG9IQ=452">
<span>
<strong>On Post-Quantum Security Adoption (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Citing 2029 quantum-readiness targets from Google and Cloudflare and a 2035 target from the UK's NCSC, Brandon Rozek walks through hardening three everyday protocols against harvest-now-decrypt-later attacks using hybrid classical/post-quantum key exchange. OpenSSH has defaulted to mlkem768x25519-sha256 since April 2022 and warns post-October-2025 clients when connecting to non-PQ servers, while TLS uses X25519MLKEM768 (supported in Firefox since 132 and Chrome since 131), now covering an estimated 70.1% of Internet traffic per Cloudflare Radar. WireGuard, not post-quantum secure by default, can mix a symmetric PresharedKey for basic protection or layer Rosenpass on top to rotate the preshared key every two minutes and preserve post-quantum forward secrecy.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fipurple.team%2F2026%2F06%2F17%2Fqos-policies%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/KdMJ2BL9SZZMwSQiSxOxraetr3MeJkJMz0ZXWGy7iDM=452">
<span>
<strong>QoS Policies (7 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Windows QoS policies can cap outbound bandwidth for specific processes, ports, or protocols, and attackers with admin rights can point these policies at EDR agents to choke their telemetry to the vendor cloud, sometimes down to 8 bits per second so TLS handshakes fail and alerts never arrive. The idea is to create such policies via PowerShell and WMI, highlights the EDRChoker proof-of-concept that mass-creates throttling rules for common EDR processes, and then walks through defensive playbooks: auditing ActiveStore QoS entries with PowerShell cmdlets, enabling detailed PowerShell and WMI logging, watching for NetQosCim-related Event ID 5857, and monitoring both transient (memory) and persistent (registry) QoS policies.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fpluto.security%2Fblog%2Finside-claude-managed-agents%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/hG1JP31WdnuLT4pFKJ9I1L9rLLYIDblBDGo39oRZDu4=452">
<span>
<strong>Inside Claude Managed Agents: Reverse Engineering the Security Boundaries of Anthropic's Hosted Agent Runtime (12 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Pluto Security reverse-engineered Anthropic's Claude Managed Agents hosted-agent runtime to probe its security features and limitations. Pluto found that the runtime uses the same gVisor sandbox as Cloud Cowork, the vault credential proxy provides strong secrets isolation, and network proxy bypasses utilize a multi-layer defense to prevent them. Pluto also noted that while there are strong security configurations, the default configuration is very permissive, and teams should ensure agents are secured thoroughly.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π§βπ»</span></div>
</div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Launches & Tools</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fblog%2Fagentic-runtime-security-when-patching-cant-keep-up%3Futm_source=email%26utm_medium=tldr%26utm_campaign=art-blog/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/u11fQpPlZRtX4iXwJtD5gOeNLfyx8hdjv4C2KVpPGNg=452">
<span>
<strong>Mythos found 10K vulnerabilities in a month. Here's the post-Mythos operating model (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Anthropic's Project Glasswing surfaced 10,000+ critical vulnerabilities in a month, and defenders can't keep up. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fblog%2Fagentic-runtime-security-when-patching-cant-keep-up%3Futm_source=email%26utm_medium=tldr%26utm_campaign=art-blog/2/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/Jw0asvWOiuZcM-L9ElolycPUaZlmOunX7vCtKmcFEQo=452" rel="noopener noreferrer nofollow" target="_blank"><span>Mitiga's analysis</span></a> explains what runtime detection now has to cover. Hint: The average exploit starts a week before patches are released. It's time to update the cyber operating model. <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.mitiga.io%2Fblog%2Fagentic-runtime-security-when-patching-cant-keep-up%3Futm_source=email%26utm_medium=tldr%26utm_campaign=art-blog/3/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/xOdfN7oWOtVUKUkq2apuUY8yUmlv7qiBrpY4av5X_uc=452" rel="noopener noreferrer nofollow" target="_blank"><span>Read the blog</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fchainguard-bny-open-source-athena%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/X9n7JjDtLkrJY0qdrXRBsjr4UaREqtn1O3x2iEeWDrc=452">
<span>
<strong>Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Chainguard launched Athena, an industry coalition (founding members include BNY, Cisco, Cloudflare, Docker, JPMorganChase, Kyndryl, LTIMindtree, and PwC) that pools open-source vulnerabilities surfaced by frontier AI programs like Anthropic's Project Glasswing and OpenAI's Daybreak, patches them privately, and rebuilds affected projects as hardened versions in Chainguard Libraries ahead of coordinated upstream disclosure. Infrastructure-operating members push non-patch mitigations before disclosure so coverage exists even where no clean patch yet does, with the model pitched as the βAI cybersecurity clearinghouseβ the US government was tasked to build under the June 2 executive order. Already operational, Athena has processed over 20,000 findings and shipped more than 2,000 patches across 500 open-source projects, with its first disclosure wave due in July.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fmagnitude.ai%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/qVRLsnEVcwcAr2ydaCh4EcaAGPTC2wWRx5g4buorzSM=452">
<span>
<strong>Magnitude (Product Launch)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Magnitude builds an autonomous workforce of AI agents that manage third-party and Nth-party risk for companies by continuously assessing vendor security, mapping dependencies, and triggering remediation when vulnerabilities or supply chain threats appear.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fgithub.com%2FCarterPerez-dev%2Fexs-cyberjob-scraper%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/f4Y6AkPxEXqOQPntfahjmsudRE7u9O74kIrRFZuY0F4=452">
<span>
<strong>Cybersecurity Certification Demand (GitHub Repo)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
This repository contains a web scraper that pulls cybersecurity job postings from public hiring APIs, filters for genuine cyber roles, and reports which certifications employers most frequently list.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">π</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><strong><h1>Miscellaneous</h1></strong></div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Flinks.tldrnewsletter.com%2FH8J6mT/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/H8TFPP46OBJ8aNFgjU9IyLIOhf06jCtO_vSkqzSYM5o=452">
<span>
<strong>China-Nexus Actor Spies on US Researchers Undetected for a Year (5 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Google's GTIG and Mandiant attributed a year-plus espionage campaign against US medical, academic, and military research institutions to a new China-aligned actor, UNC6508, which used REDCap-specific malware named Infinitered to harvest credentials, then exfiltrated email by abusing domain content-compliance rules rather than malware or living-off-the-land tools. What stands out is the tradecraft signaling a maturation in PRC-nexus operations: an unusually broad collection scope at a single site, malware reverse-engineered to run only on REDCap servers, and an obfuscation network built exclusively from US-based IPs to blend in with normal logins. The episode reframes detection priorities around identity and configuration drift rather than payloads, since the most evasive stage left almost no conventional endpoint or network footprint.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsemgrep.dev%2Fblog%2F2026%2Fhow-we-cut-semgreps-taint-analysis-time-by-75-percent%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/rh0J8mHSTMnWudXnDw7MTk2mKCHwK40F9OG6j08zXNk=452">
<span>
<strong>How We Cut Semgrep's Taint Analysis Time by 75% (6 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
To enable interfile taint tracking, Semgrep Pro historically ran taint analysis twice. With the release of improved multicore support in OCaml 5.0, the Semgrep team was able to rearchitect interfile taint tracking to run only once. Using a custom OCaml profiler, the team recorded speedups of up to 75% with this refactor.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fsan.com%2Fcc%2Fpeter-thiels-dialog-network-was-super-secret-a-data-leak-changed-that%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/zIaa9ovdg1toxiuyZyBjZclgbLp2SYyLxilAH3JGy5Y=452">
<span>
<strong>Peter Thiel's Dialog Network was Super Secret. A Data Leak Changed That (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Dialog is a private, invite-only network of elites from business, academia, and politics that Peter Thiel founded. A security researcher discovered a set of leaked data from Dialog that included 113 names listed on Dialog's private website, as well as βparticipant profilesβ for an upcoming event in Dublin. The participant profiles contain names, employers, locations, email addresses, assistants' contact information, birthdates, phone numbers, emergency contacts, and other questions for attendees.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;"><span style="font-size: 36px;">β‘</span></div></div>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding-top: 0px; padding-bottom: 0px;">
<div class="text-block">
<div style="text-align: center;">
<h1><strong>Quick Links</strong></h1>
</div>
</div>
</td></tr></tbody></table>
<table bgcolor="" style="table-layout: fixed; width: 100%;" width="100%"><tbody><tr><td style="padding:0;border-collapse:collapse;border-spacing:0;margin:0;" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fthe-forrester-wave-governance-risk-and-compliance-platforms-q2-2026%3Futm_campaign=the-forrester-wave-governance-risk-and-compliance-platforms-q2-2026-052026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=06-18-2026/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/I9vFZUhDHZYelSwLbd_q0FMUn5bg003DHw4ox7Qdk3s=452">
<span>
<strong>The Forrester Wave<em>β’ </em>for GRC platforms report (Sponsor)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Looking for a GRC platform? Forrester has done the research for you. The Forrester Wave gave Optro's AI-powered GRC platform the highest scores possible in criteria like AI governance and user experience. Discover why and get your free copy of the report <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Foptro.ai%2Fresources%2Febook%2Fthe-forrester-wave-governance-risk-and-compliance-platforms-q2-2026%3Futm_campaign=the-forrester-wave-governance-risk-and-compliance-platforms-q2-2026-052026%26utm_medium=display%26utm_source=tldr-compliance%26utm_content=06-18-2026/2/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/Y9TpeyB090GzHQZXarl1odPTJYPaDcEZaDr2JWBEqn4=452" rel="noopener noreferrer nofollow" target="_blank"><span>here.</span></a>
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftherecord.media%2Festonia-quarantine-russian-emails%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/P7duLBZxQfSiTohoCXO3rAv-okPBWzAWElf5MHtsTdg=452">
<span>
<strong>Estonia to quarantine emails sent from Russian .ru domain before they reach government officials (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Starting August 31, Estonia will automatically quarantine inbound emails from Russia's .ru top-level domain before they reach public-sector officials, notifying recipients to open isolated messages only with added precautions, a measure justified by the sharp rise since 2022 in phishing and malware traffic from Russian servers.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fblog.jetbrains.com%2Fplatform%2F2026%2F06%2Fmarketplace-ecosystem-security-update-malicious-ai-plugins%2F%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/mnnbMhQM6CCYsYG-wt7WmKOAYTBZfVIuslW5z3OPuzE=452">
<span>
<strong>JetBrains Marketplace Ecosystem Security Update: Addressing Malicious Third-Party AI Plugins (4 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
JetBrains disclosed and purged 15 malicious third-party Marketplace plugins from 7 banned publisher accounts.
</span>
</span>
</div>
</td></tr></tbody></table>
<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block">
<span>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.theregister.com%2Fcyber-crime%2F2026%2F06%2F17%2Fcyberattack-sees-crops-kept-in-the-ground%2F5256321%3Futm_source=tldrinfosec/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/bIlSYw1nWMISuqykoOYoheeA6Iq9cwxQ0vyArC_zAoE=452">
<span>
<strong>Cyberattack sees crops kept in the ground (2 minute read)</strong>
</span>
</a>
<br>
<br>
<span style="font-family: "Helvetica Neue", Helvetica, Arial, Verdana, sans-serif;">
Mackay Sugar in Queensland had to halt most sugar cane crushing after a cyberattack disrupted systems that manage harvesting, mill operations, and logistics.
</span>
</span>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Love TLDR? Tell your friends and get rewards!
</p>
</td></tr>
<tr><td class="container" style="padding: 0px 10px 15px;">
<div class="text-block">
Share your referral link below with friends to get free TLDR swag!
</div>
</td></tr>
<tr><td align="left" style="padding: 10px;">
<div class="text-block">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Frefer.tldr.tech%2F78de0e20%2F8/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/kv-xv57-diyNus3VgdMJ1oCCPuu8CHCdyaKpkpvDg0A=452" style="color: #464ba4; text-decoration: underline;">https://refer.tldr.tech/78de0e20/8</a>
</div>
</td></tr>
<tr></tr>
<tr><td align="left" style="padding:5px 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fhub.sparklp.co%2Fsub_d62447d5a74a%2F8/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/Ma9aMsbrVshzC3YqiQRMbxBMUkvKXkMkaDwiDj4elWo=452" style="font-size: 16px; line-height: 1.6; padding: 10px 0; display: inline-block; text-decoration: underline;"><span style="mso-text-raise:13pt; text-decoration: underline;">Track your referrals here.</span></a>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left" style="word-break: break-word; vertical-align: top; padding: 5px 10px;">
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to advertise in TLDR? π°
</p>
<div class="text-block" style="margin-top: 10px;">
If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fadvertise.tldr.tech%2F%3Futm_source=tldrinfosec%26utm_medium=newsletter%26utm_campaign=advertisecta/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/ArgpsrwdlYyO8lIl8jahKIBf5l6bEowCgCRDKtQT9uM=452"><strong><span>advertise with us</span></strong></a>.
</div>
<br>
<!-- New "Want to work at TLDR?" section -->
<p style="padding: 0; margin: 0; font-size: 22px; color: #000000; line-height: 1.6; font-weight: bold;">
Want to work at TLDR? πΌ
</p>
<div class="text-block" style="margin-top: 10px;">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/yNDDCwK-kGBlCXmtpEqhbPPtbsSSfi_Izn_ZZyft1mk=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Apply here</strong></a>,
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fjobs.ashbyhq.com%2Ftldr.tech%2Fc227b917-a6a4-40ce-8950-d3e165357871/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/1CNMO0s3XNO_T1Fn8TJX603wPcvEmzRyN762XiryIg0=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>create your own role</strong></a> or send a friend's resume to <a href="mailto:jobs@tldr.tech" style="color: #0000EE; text-decoration: underline;">jobs@tldr.tech</a> and get $1k if we hire them! TLDR is one of <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Ffeed%2Fupdate%2Furn:li:activity:7401699691039830016%2F/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/3yCi3kSX-QJSsuWI0ylQIKUMZiVhrhbDpIP7wG7PnVw=452" rel="noopener noreferrer" style="color: #0000EE; text-decoration: underline;" target="_blank"><strong>Inc.'s Best Bootstrapped businesses</strong></a> of 2025.
</div>
<br>
<div class="text-block">
If you have any comments or feedback, just respond to this email!
<br>
<br> Thanks for reading,
<br>
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fprasannagautam%2F/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/Wy9p_EPIF4qyWj0Ai3-bWPTvdsRloogOrhOrCEroGh0=452"><span>Prasanna Gautam</span></a>, <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fericfernandezdelcampo%2F/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/4pE-xPeQxOVVeM0zqIozSdkfq7ryN6thlRU2Hh3U-Uo=452"><span>Eric Fernandez</span></a> & <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fwww.linkedin.com%2Fin%2Fsammy-tbeile%2F/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/zTsrh8ZmJ6oIEywAUGkaoxUZwQdozk028g7nJs7PTSw=452"><span>Sammy Tbeile</span></a>
<br>
<br>
</div>
<br>
</td></tr></tbody></table>
<table align="center" bgcolor="" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td class="container" style="padding: 15px 15px;">
<div class="text-block" id="testing-id">
<a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Ftldr.tech%2Finfosec%2Fmanage%3Femail=silk.theater.56%2540fwdnl.com/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/3kOsZinvdoq5IqNYrqoqGnKT77GcyFbERFoPPQE_-g8=452">Manage your subscriptions</a> to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please <a href="https://tracking.tldrnewsletter.com/CL0/https:%2F%2Fa.tldrnewsletter.com%2Funsubscribe%3Fep=1%26l=8d9cea11-3e94-11ed-9a32-0241b9615763%26lc=156924ca-84b7-11f0-8d58-47c5c04ad337%26p=36195be0-6b02-11f1-b3eb-f3f40b5e8b9d%26pt=campaign%26pv=4%26spa=1781787697%26t=1781788019%26s=3a9fc3111bb6db6699481bcfba6a7e8530b4ffba74285c65b80eababd43f77ef/1/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/IWp1gddMJqAuVp5QyE6icZ9_vYEmu6FHETtzWQgqzUc=452">unsubscribe</a>.
<br>
</div>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
</td></tr></tbody></table>
<img alt="" src="http://tracking.tldrnewsletter.com/CI0/0100019edad789fe-9740bbfc-e8eb-418c-aa41-7902be01e81f-000000/jRovLwYJz3a6OCkis8reyJzUajC8IlDeKFexCYBJThI=452" style="display: none; width: 1px; height: 1px;">
</body></html>