tl;dr sec

tl;dr sec
Topics
Newsletter

Feb 26, 2026

[tl;dr sec] #317 - 100+ Kernel Bugs in 30 Days, Secret Scanning, Threat Actors Stealing Your PoC

$600 finds more 0-days in Windows kernel drivers that you can shake a stick at, secret scanners, benchmarks, and improvements, Cline compromised by someone snooping on a researcher's testing

Clint Gibler

NewsletterNewsletter

Feb 19, 2026

[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools

Extensive guide on being a Claude Code power user, tracking threat actors on GitHub, open source AI-powered pentesting tools

Clint Gibler

NewsletterNewsletter

Feb 12, 2026

[tl;dr sec] #315 - Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs

Minimal OpenClaw alternatives, scanning tools, and hardening guidance, PortSwigger's curated top web hacking techniques, open source GitHub Action to flag commits fixing vulnerabilities before they get a CVE

Clint Gibler

NewsletterNewsletter

Feb 05, 2026

[tl;dr sec] #314 - ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure

ClawdBot vulns, tools, and Skill scanners; measuring security with scorecards; new open-source framework mapping 70+ attack techniques across the SDLC

Clint Gibler

NewsletterNewsletter

Jan 29, 2026

[tl;dr sec] #313 - MCP Security Hub, IDE-Shepherd, Plaid's Security Pipeline as Code

MCP servers for offensive security tools, Datadog's IDE extension to protect against malicious IDE extensions, how Plaid scales security scanning across 100s of services

Clint Gibler

NewsletterNewsletter

Jan 22, 2026

[tl;dr sec] #312 - The Industrialization of Exploit Generation, macOS EDR Evasion, Hacking the AWS Console

Generating 0-day exploits with Opus 4.5 and GPT-5.2, blind spots for EDRs on macOS, supply chain vuln that enabled compromising the AWS Console

Clint Gibler

NewsletterNewsletter

Jan 15, 2026

[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills

Slack's AI agent system to optimize security alert investigations, deep dive into cloud-native detection engineering, ToB's open source Skills for security research, vulnerability detection, and audit workflows

Clint Gibler

NewsletterNewsletter

Jan 08, 2026

[tl;dr sec] #310 - Vulnerable MCP Labs, Pathfinding.cloud, Prompt Injection Taxonomy

9 vulnerable MCP servers to learn how to pen test AI agent infra, a knowledge base of 65+ AWS IAM privilege escalation paths, Jason Haddix's open-source classification system for LLM prompt injection attacks

Clint Gibler

NewsletterNewsletter

Dec 18, 2025

[tl;dr sec] #309 - Winning the AI Cyber Race, SAST at LinkedIn, Detection Engineering

Why AI offense is beating defense and Verifiability is All You Need, how LinkedIn scales SAST to millions of LOC and 10k's of repos, atomic detection rules

Clint Gibler

NewsletterNewsletter

Dec 11, 2025

[tl;dr sec] #308 - MCP Security, AWS re:Invent Recaps, Detecting Malicious Pull Requests with AI

MCP practice labs and securing MCP paper, re:Invent highlights, how Datadog detects malicious PRs at scale

Clint Gibler

NewsletterNewsletter

Dec 04, 2025

[tl;dr sec] #307 - AI Bug Hunting Tools, Shai-Hulud 2.0, Keeping Secrets out of Logs

Three open source AI-powered vulnerability finding tools, a baker's dozen security vendor blogs about the latest supply chain attack, how to keep secrets out yo' logs son

Clint Gibler

NewsletterNewsletter

Nov 20, 2025

[tl;dr sec] #306 - Claude Code's Hacking Campaign, Rust in Android, Secrets Scanners Miss

Claude used by state actors for a hacking campaign + industry weighs in, Rust -> 1000x reduction in memory safety vulns in Android, why your secret scanner is missing valid secrets

Clint Gibler