tl;dr sec logo
tl;dr sec
Guides
Subscribe
  • tl;dr sec
  • Topics
  • Newsletter

Newsletter

NewsletterSummaryBlogPodcast
NewsletterNewsletter
[tl;dr sec] #336 - Autonomous Vulnerability Hunting, GuardDog 3.0, Are Bug Bounties Cooked?
Jul 09, 2026

[tl;dr sec] #336 - Autonomous Vulnerability Hunting, GuardDog 3.0, Are Bug Bounties Cooked?

An MCP powered system that's continuously finding and reproducing vulns, improvements to Datadog's OSS malware hunting tool, Hakluke muses on the future of bug bounty

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #335 - Prompt Injection as Role Confusion, PHP Ecosystem Security, New MCP Spec
Jul 02, 2026

[tl;dr sec] #335 - Prompt Injection as Role Confusion, PHP Ecosystem Security, New MCP Spec

Interesting paper, LLM-powered hardening of the PHP ecosystem, security implications of the new MCP spec

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #334 - Thinkst's Package Proxy, OpenAI Daybreak, AI Agents & Canaries
Jun 25, 2026

[tl;dr sec] #334 - Thinkst's Package Proxy, OpenAI Daybreak, AI Agents & Canaries

OSS tool to prevent supply chain attacks without client-side firewalls, OpenAI announces new GPT-5.5-Cyber, Codex Security plugin updates, and more, can AI agents compromise an AWS cyber range without tripping canaries?

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #333 - Perplexity's Bumblebee, Evading Cloud Logging, AI Vuln Hunting Spec
Jun 18, 2026

[tl;dr sec] #333 - Perplexity's Bumblebee, Evading Cloud Logging, AI Vuln Hunting Spec

OSS tool to scan packages, agent configs, editors, and browser extensions for malware, tactics for evading cloud logging, a specification to generate your own custom agentic AI security scanning system

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #332 - I've Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security
Jun 11, 2026

[tl;dr sec] #332 - I've Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security

Why I joined OpenAI to lead Cyber efforts, playlist of the latest cloud security talks, AWS' supply chain best practices

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #331 - How Adversaries Use AI, Skill Issues, Using IDEs for C2
Jun 04, 2026

[tl;dr sec] #331 - How Adversaries Use AI, Skill Issues, Using IDEs for C2

Google's deep dive on how threat actors are using AI, bypassing malicious skill scanning, using VS Code dev tunnels for command and control

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #330 - AWS Pathfinding Labs, Running Codex Safely at OpenAI, Glasswing Updates
May 28, 2026

[tl;dr sec] #330 - AWS Pathfinding Labs, Running Codex Safely at OpenAI, Glasswing Updates

100+ intentionally vulnerable AWS environments for practicing cloud attack paths, how OpenAI deploys Codex internally, Anthropic's update on bugs found and their open sourced harness

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #329 - AI-powered Honeypots, GitHub Action Canaries, Microsoft’s Agentic Security Scanner
May 21, 2026

[tl;dr sec] #329 - AI-powered Honeypots, GitHub Action Canaries, Microsoft’s Agentic Security Scanner

Detecting and deceiving attackers with AI honeypots, detect supply chain attacks with GitHub Action canaries, the latest from Microsoft's new "Autonomous Code Security" team

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #328 - Shai-Hulud's Source Code Leaked, Break Into Buildings for $, Reversing EDRs with AI
May 14, 2026

[tl;dr sec] #328 - Shai-Hulud's Source Code Leaked, Break Into Buildings for $, Reversing EDRs with AI

Teardown of TeamPCP's offensive framework that was briefly published on GitHub, Reddit AMA on a career in physical penetration testing, the end of "opaque defense": AI makes understanding defensive tool implementations easy

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #327 - Finding Zero-days with Any Model, Practical Package Security, Measuring the AI Offense-Defense Gap
May 07, 2026

[tl;dr sec] #327 - Finding Zero-days with Any Model, Practical Package Security, Measuring the AI Offense-Defense Gap

Niels Provos on finding 0-days with public models, a guide to securing your use of third party packages, two open source tools to measure AI hacking vs defense (+ dynamic lab environment)

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #326 - AI Auto Exploiting Vulnerabilities, GitHub RCE, Autonomous Cloud Hacking Agent
Apr 30, 2026

[tl;dr sec] #326 - AI Auto Exploiting Vulnerabilities, GitHub RCE, Autonomous Cloud Hacking Agent

Automatically creating PoCs for vulnerabilities, git push β†’ code execution on github.com, how well can an AI agent system hack your cloud?

Clint Gibler
Clint Gibler
NewsletterNewsletter
[tl;dr sec] #325 - Dissecting Mythos, The $0 Security Stack, GitHub Action Red Team Framework
Apr 23, 2026

[tl;dr sec] #325 - Dissecting Mythos, The $0 Security Stack, GitHub Action Red Team Framework

Replicating Mythos bugs with public models and more, building a useful security program for free, new post-exploitation framework for CI/CD pipelines that can replicate the full TeamPCP attack kill chain

Clint Gibler
Clint Gibler
The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

tl;dr sec

The best way to keep up with cybersecurity research. Join >90,000 security professionals getting the best tools, talks, and resources right in their inbox for free.

Home

Posts

Authors

Guides

Guides

Β© 2026 tl;dr sec.

Privacy policy

Terms of use

Powered by beehiiv