tl;dr sec logo
tl;dr sec
Guides
Subscribe
  • tl;dr sec
  • Topics
  • Newsletter

Newsletter

NewsletterSummaryBlog
NewsletterNewsletter
[tl;dr sec] #278 - North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude
May 08, 2025

[tl;dr sec] #278 - North Korean IT Workers, How Sentinel One Defends Itself, How Threat Actors Use Claude

Several posts on DPRK IT workers infiltrating companies, Sentinel One on fighting off threat actors, Anthropic shares how attackers were using Claude

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security
May 01, 2025

[tl;dr sec] #277 - Cybersecurity (Anti)Patterns, $64K from Deleted Files, New from Meta AI Security

How to avoid Busywork Generators, bug bounty story of secrets in deleted files, new AI security tools and evals from Meta

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #276 - AI-created PoC Exploit, Cloud Snitch, Kubernetes Attack Simulation
Apr 24, 2025

[tl;dr sec] #276 - AI-created PoC Exploit, Cloud Snitch, Kubernetes Attack Simulation

AI creating/debugging an exploit for the recent Erlang/OTP SSH vuln, map visualization and firewall for AWS activity, a multi-stage attack simulation tool for k8s

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM
Apr 17, 2025

[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM

Deliberately vulnerable MCP to practice your hacking chops, how Figma's balances usability & security, a new tool to put a leash on naughty AWS permissions

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner
Apr 10, 2025

[tl;dr sec] #274 - Model Context Protocol + Security Part Deux, Securing GitHub Actions, S3 Scanner

More MCP links than you can shake a stick at, GHA runtime monitoring & why pinning is hard, scan S3 buckets for misconfigs and ransomware prevention

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow
Apr 03, 2025

[tl;dr sec] #273 - Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow

MCPs for Ghidra, Semgrep, and SecOps, a CodeQL supply chain issue, using ServiceNow offensively

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #272 - AI Agent Security, Kubernetes Security, ‘State of CloudSec’ Reports: Insights or Self-Owns?
Mar 27, 2025

[tl;dr sec] #272 - AI Agent Security, Kubernetes Security, ‘State of CloudSec’ Reports: Insights or Self-Owns?

Agent authentication & Model Context Protocol Security, k8s for pentesters, a critical look at "state of cloud security" reports

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram
Mar 20, 2025

[tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram

Threat modeling (with) LLMs, tj-actions woes, reading a threat actor's Telegram C2

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #270 - APT Attack Simulation, AWS Phishing, 7 Security Flywheels
Mar 13, 2025

[tl;dr sec] #270 - APT Attack Simulation, AWS Phishing, 7 Security Flywheels

Repo for simulating Russia, China, DPRK APTs, getting phished by CloudFormation or SSM, 7 flywheels for amplifying your security program

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #269 - New AI Security Tools, Ransomware in AWS, How to Hack AI Apps
Mar 06, 2025

[tl;dr sec] #269 - New AI Security Tools, Ransomware in AWS, How to Hack AI Apps

AI-powered web vuln scanner agent and Baby Naptime, 2 tools + guides on preventing ransomware in AWS, detailed guide on hacking AI agents/apps

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #268 - AI-powered Burp Suite, OAuth Vulnerabilities, Subtle LLM Backdoors
Feb 27, 2025

[tl;dr sec] #268 - AI-powered Burp Suite, OAuth Vulnerabilities, Subtle LLM Backdoors

How Burp Suite is adding AI-powered features, understanding and mitigating OAuth vulns, a PoC to subtly backdoor an LLM

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI
Feb 20, 2025

[tl;dr sec] #267 - China on the NSA, Passkeys, Prioritizing CVEs with AI

Insights from Chinese intel reports on the NSA's TTPs, understanding and testing passkeys, how Databricks leverages AI to focus on business critical CVEs

Clint Gibler
Clint Gibler
The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

tl;dr sec

The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Home

Posts

Authors

Guides

Guides

© 2025 tl;dr sec.

Privacy Policy

Terms of Use

Powered by beehiiv