tl;dr sec logo
tl;dr sec
Guides
Subscribe
  • tl;dr sec
  • Topics
  • Newsletter

Newsletter

NewsletterSummaryBlogPodcast
NewsletterNewsletter
[tl;dr sec] #297 - Self-Propagating NPM Malware, Securely Deploying AI Agents, China's Great Firewall Leaked
13 hours ago

[tl;dr sec] #297 - Self-Propagating NPM Malware, Securely Deploying AI Agents, China's Great Firewall Leaked

Moar backdoored NPM packages (+ how to secure GitHub Actions), agents making sensitive decisions autonomously, source code and internal docs for China's Great Firewall leaked

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #296 - AI Automates CVE -> Exploit, Apple Defeats Memory Corruption, Moar NPM Backdoors
Sep 11, 2025

[tl;dr sec] #296 - AI Automates CVE -> Exploit, Apple Defeats Memory Corruption, Moar NPM Backdoors

AI auto-generating exploits from CVEs for $3, not actually but Memory Integrity Enforcement makes it harder, surprisingly NPM packages were backdoored

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #295 - AI Code Analysis, AWS Detection Engineering, Anthropic Threat Intel Report
Sep 04, 2025

[tl;dr sec] #295 - AI Code Analysis, AWS Detection Engineering, Anthropic Threat Intel Report

Using AI to find vulnerabilities in code, mastering AWS logs for detection engineering, how threat actors are misusing Claude (#4 will surprise you)

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #294 - Nx Backdoored, AI-powered Ransomware, PhrackCTF
Aug 28, 2025

[tl;dr sec] #294 - Nx Backdoored, AI-powered Ransomware, PhrackCTF

Nx malware uses AI CLIs to find secrets, ESET discovers malware sample leveraging OpenAI's OSS model, binary exploitation CTF for Phrack's 40th

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked
Aug 21, 2025

[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked

Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool
Aug 14, 2025

[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool

James Kettle argues HTTP/1.1 can never be fully secured, augmenting static analysis with LLMs, Google's talk + OSS tool for detecting malicious insiders

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review
Aug 07, 2025

[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review

How to build an AI agent that triages GuardDuty alerts, lessons learned scaling Netflix's detection pipelines, Anthropic releases a slash command and GitHub Action for performing secure code review

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels
Jul 31, 2025

[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels

Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS
Jul 24, 2025

[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS

Automatically generating fuzzing harnesses and vulnerability proof-of-concepts, 5 incentives security programs should pursue, it's always DNS

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories
Jul 17, 2025

[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories

Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI
Jul 10, 2025

[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions
Jul 03, 2025

[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions

Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks

Clint Gibler
Clint Gibler
The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

tl;dr sec

The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Home

Posts

Authors

Guides

Guides

ยฉ 2025 tl;dr sec.

Privacy policy

Terms of use

Powered by beehiiv