tl;dr sec logo
tl;dr sec
Guides
Subscribe
  • tl;dr sec
  • Topics
  • Newsletter

Newsletter

NewsletterSummaryBlogPodcast
NewsletterNewsletter
[tl;dr sec] #294 - Nx Backdoored, AI-powered Ransomware, PhrackCTF
Aug 28, 2025

[tl;dr sec] #294 - Nx Backdoored, AI-powered Ransomware, PhrackCTF

Nx malware uses AI CLIs to find secrets, ESET discovers malware sample leveraging OpenAI's OSS model, binary exploitation CTF for Phrack's 40th

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked
Aug 21, 2025

[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked

Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool
Aug 14, 2025

[tl;dr sec] #292- HTTP/1.1 must die, AI + SAST, Google's Insider Threat Detection Tool

James Kettle argues HTTP/1.1 can never be fully secured, augmenting static analysis with LLMs, Google's talk + OSS tool for detecting malicious insiders

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review
Aug 07, 2025

[tl;dr sec] #291 - Build a GuardDuty Triage Agent, Scaling Netflix's Threat Detection Pipelines, Claude for Security Review

How to build an AI agent that triages GuardDuty alerts, lessons learned scaling Netflix's detection pipelines, Anthropic releases a slash command and GitHub Action for performing secure code review

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels
Jul 31, 2025

[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels

Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS
Jul 24, 2025

[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS

Automatically generating fuzzing harnesses and vulnerability proof-of-concepts, 5 incentives security programs should pursue, it's always DNS

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories
Jul 17, 2025

[tl;dr sec] #288 - Prompt Injection in Malware, Preventative Security, Top Bug Bounty War Stories

Checkpoint finds malware containing prompt injection, why preventative security is hard, @Rhynorater talk sharing 11 of his most impactful and technically challenging vulnerabilities

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI
Jul 10, 2025

[tl;dr sec] #287 - fwd:cloudsec Talk Recordings, How Figma Only Runs Approved Software, Auditing Code with AI

45 excellent cloud security talks, how Figma rolled out the binary authorization tool Santa, AI bug finding tools and paper

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions
Jul 03, 2025

[tl;dr sec] #286 - Securing Vibe Coding, Finding Secrets "Oops Commits", Backdooring IDE Extensions

Rules files to vibe securely, earning $25K from dangling commits, compromising the extension marketplace of Cursor, Windsurf, and other VS Code forks

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships
Jun 26, 2025

[tl;dr sec] #285 - AI Red Teaming, Detection Engineering Field Manual, Building AppSec Partnerships

Can LLMs red team AI, intro to detection engineering, how to scale security impact via cross-team partnerships

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI
Jun 19, 2025

[tl;dr sec] #284 - Google Cloud CISO Interview, AWS Threat Technique Catalog, Finding Secrets with AI

4 ways Google uses AI for security, catalog of AWS threat actor techniques, training a custom small language model to find secrets

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI
Jun 12, 2025

[tl;dr sec] #283 - Awesome Black Hat Tools, Evading EDR, Disrupting Malicious Uses of AI

Huge list of tools presented at various Black Hat conferences, how attackers evade modern EDR, OpenAI's report on threat actor campaigns they've disrupted

Clint Gibler
Clint Gibler
The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

tl;dr sec

The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Home

Posts

Authors

Guides

Guides

ยฉ 2025 tl;dr sec.

Privacy policy

Terms of use

Powered by beehiiv