tl;dr sec

tl;dr sec
Topics
Newsletter

[tl;dr sec] #306 - Claude Code's Hacking Campaign, Rust in Android, Secrets Scanners Miss

Claude used by state actors for a hacking campaign + industry weighs in, Rust -> 1000x reduction in memory safety vulns in Android, why your secret scanner is missing valid secrets

Clint Gibler

NewsletterNewsletter

Nov 13, 2025

[tl;dr sec] #305 - AI SAST, Awesome Annual Security Reports, Block Risky Dependencies

Open source AI SAST tools + vendor comparison, huge list of vendor security reports, GitHub Action to block risky dependencies

Clint Gibler

NewsletterNewsletter

Nov 06, 2025

[tl;dr sec] #304 - OpenAI & DeepMind's AI Security Agents, OSS Malware Database, How Figma Detects Sensitive Data Exposure

Aardvark and CodeMender autonomously find/fix vulnerabilities, open database for tracking malicious open-source packages, how Figma finds authorization issues at scale

Clint Gibler

NewsletterNewsletter

Oct 30, 2025

[tl;dr sec] #303 - MCP Security Scanners, Attacking GitLab CI/CD, AI SOC Benchmarks

Tools to scan MCPs for vulnerabilities, attacking self-hosted GitLab instance runners, benchmarks measuring the performance of AI's SOC and CTI capabilities

Clint Gibler

NewsletterNewsletter

Oct 23, 2025

[tl;dr sec] #302 - LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered Malware

Deceiving attackers with an LLM SSH honeypot, root cause analysis of 2024/2025 supply chain compromises, malware leveraging AI for stealth/better effectiveness

Clint Gibler

NewsletterNewsletter

Oct 16, 2025

[tl;dr sec] #301 - Security Leadership Master Class, DEF CON Cloud Village Talks, AI-Powered Honeypot

Guide to being an effective security leader, 25 talks on cloud, k8s and AI, auto-generating vulnerable honeypots

Clint Gibler

NewsletterNewsletter

Oct 09, 2025

[tl;dr sec] #300 - Security Headcount Ratios + Hiring Plan, MCP Security, Compliance

Plus my reflections on writing 300 issues and seeing Semgrep growing up

Clint Gibler

NewsletterNewsletter

Oct 02, 2025

[tl;dr sec] #299 - The Security Engineer's Guide to MCP, IAM Hound Dog, IMDS Anomaly Detection

Quickly get up to speed in MCP security, tool to identify privilege escalation in AWS, find 0days and attackers via anomalous IMDS calls

Clint Gibler

NewsletterNewsletter

Sep 25, 2025

[tl;dr sec] #298 - Good CISO / Bad CISO, AWS Infra Canarytokens, Protect Yourself from Compromised NPM Packages

How to be an effective CISO, deploy decoy assets that fit in to your AWS environment, tips and tools to minimize the impact of NPM malware

Clint Gibler

NewsletterNewsletter

Sep 18, 2025

[tl;dr sec] #297 - Self-Propagating NPM Malware, Securely Deploying AI Agents, China's Great Firewall Leaked

Moar backdoored NPM packages (+ how to secure GitHub Actions), agents making sensitive decisions autonomously, source code and internal docs for China's Great Firewall leaked

Clint Gibler

NewsletterNewsletter

Sep 11, 2025

[tl;dr sec] #296 - AI Automates CVE -> Exploit, Apple Defeats Memory Corruption, Moar NPM Backdoors

AI auto-generating exploits from CVEs for $3, not actually but Memory Integrity Enforcement makes it harder, surprisingly NPM packages were backdoored

Clint Gibler

NewsletterNewsletter

Sep 04, 2025

[tl;dr sec] #295 - AI Code Analysis, AWS Detection Engineering, Anthropic Threat Intel Report

Using AI to find vulnerabilities in code, mastering AWS logs for detection engineering, how threat actors are misusing Claude (#4 will surprise you)

Clint Gibler