Life doesn't stand still. Neither does cybersecurity. In part, this is because cybersecurity is a concept and concepts can't stand at all—still or otherwise—but that is a concern for another day. If you have a finger on the pulse of the current landscape, you've probably noticed that quite a lot of people have quite a lot to say about AI, its role in cybersecurity, and how the future seems to be changing... and possibly even for the better.

If you're interested in keeping up with this conversation (or you have been living under a rock and need to do some quick catching up), you might like our soon-to-be available newsletter:CyberAI with Packt. We will be riding the currents of the day, diving into the emerging issues and getting to the heart of the problem with our friends working on the front lines and wanting to show their battle scars. Sound like something interesting? Check out the survey below and tell us what you'd like to see.

Welcome to another_secpro!

This week, we've included a PDF resource to help you improve your training sessions and help the non-specialists amongst us to make the right moves in the age of AI. We've also expanded the news we've been pouring over as well as included a few academic essays. Check them out!

- A Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”

- Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025

- Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025)

- Analysis of Publicly Accessible Operational Technology and Associated Risks

- Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited

- Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363)

- Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”

- CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks

- FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”

- Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport Disruptions

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Source: Reddit

A cybersecurity professional's worst nightmare often instead an APT, a skilled hacker, or even a bored script kiddie with time to waste. It's often the most fearsome threat to internal security known to humanity: the average Joe employee.

The kinds of errors that the adversary can seize upon are the kinds of errors that the average Joe makes through ignorance - and, often, it's not entirely his fault that he's ignorant about these things. Due to the nature of cybersecurity and cyberthreats, even a curious layman with a strong sense of responsibility to make sure he understands the newest emergent threats doesn't have enough time to get into the nitty-gritty of what makes a seemingly innocent action into the very thing the adversary needs to get working. Because of that, we've put together a handy little 10-point document to share with your coworkers, staple to walls, and build into your training sessions.

Click below to check it out!

A Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”: This arXiv paper provides a novel geopolitical threat-intelligence-based analysis of cyber threats targeting the energy sector. By applying generative AI to structure raw threat data, the authors map actor origins vs target geographies, assess detection tool effectiveness (especially learning-based), and highlight evolving trends (including supply chain, third-party, and state-actor activity) in the energy domain. Their findings offer actionable insights into risk exposure and resilience for operators and policymakers.

Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025: This report examines threat activity targeting ICS (Industrial Control Systems) in Q2 2025, breaking down external vs internal threats, types of malware detected, and penetration depth across network boundaries. Key findings include that ~20.5% of ICS systems blocked some threats, with malware types including spyware, backdoors, malicious scripts, and rogue documents. The report also analyses “borderline” systems where initial external penetration meets internal propagation, highlighting persistent risks in OT infrastructures.

Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025): A companion to the previous report, this document specifically focuses on industrial automation systems (e.g., HMIs, SCADA, local control networks) and tracks how often these systems are attacked, what types of malware and scripts are used, and the trends in exposure over time. It also discusses implications for segmentation, detection, and response in critical infrastructure settings.

Analysis of Publicly Accessible Operational Technology and Associated Risks: This research quantifies and analyses OT devices exposed on the public internet, identifying nearly 70,000 such systems globally using vulnerable protocols (e.g. ModbusTCP, EtherNet/IP, S7). The authors use automated screenshot analysis to reveal exposed HMIs/SCADA interfaces, outdated firmware, and predictable configurations. The study underscores how misconfigured or publicly accessible OT systems create dangerous attack paths into critical infrastructure.

Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited: Tenable’s research team provides a detailed walkthrough of two zero-day vulnerabilities actively exploited in Cisco’s Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) products (CVE-2025-20333 and CVE-2025-20362). They explain how these flaws can be chained, the attack surface involved (VPN web server), the threat actor attribution (UAT4356 / ArcaneDoor), and mitigation strategies. This is timely given the widespread deployment of Cisco ASA in critical networks.

Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363): This threat research brief gives technical detail on how Cisco ASA vulnerabilities impacting WebVPN and HTTP/HTTPS services are being actively exploited by state-sponsored attackers. It highlights persistent techniques (including firmware and ROM modification), evasion of logging, and the survival of implants across device reboots/updates. Useful for defenders needing to understand the root cause and attack chain.

Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”: Greenbone’s security blog summarises the newly disclosed Cisco CVEs (including CVE-2025-20333 and CVE-2025-20362) and provides context for detection and remediation via their vulnerability scanners. They explain the exploitation risk (especially for unpatched VPN web server configurations) and give guidance for scanning and prioritising vulnerable assets.

CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks: This advisory provides detailed technical description and IOCs (Indicators of Compromise) for the exploitation of Cisco ASA/FTD zero-days by threat actors, particularly focusing on configuration bypass, persistence, and the importance of isolating impacted devices. It also includes recommendations for network segmentation and migration to supported hardware due to end-of-life concerns.

FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”: FortiGuard provides a technical briefing on the ArcaneDoor espionage campaign, tracking its evolution, exploitation patterns, and implications for Cisco firewall deployments. The report discusses how the attackers maintain persistence, perform reconnaissance and lateral movement, and how defenders should respond at scale.

Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport Disruptions: In their weekly digest, Black Arrow highlights several important cyber events: (1) the exploitation of MFA bypass and third-party/supply chain weaknesses contributing to prolonged cyber incidents, (2) disruption at European airports via attacks targeting Collins Aerospace’s Muse software, and (3) increasing sophistication of ransomware groups focusing on data theft. While not a formal academic paper, this briefing is authored by credible threat intelligence analysts and includes incident patterns, risks, and mitigation recommendations.

Ransomware 3.0: Self-Composing and LLM-Orchestrated: introduces a research prototype and threat model for LLM-orchestrated ransomware that uses large language models at runtime to synthesize payloads, perform reconnaissance, and carry out extortion in a closed loop. The paper evaluates this capability across personal, enterprise and embedded environments and presents behavioral signals/telemetry to help build defenses. This work sparked media attention because it shows how low-cost LLMs could materially lower the barrier to generating effective malware (research demonstration, not a deployed criminal campaign).
Author(s): (Md Raz, Meet Udeshi, P.V. Sai Charan, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri.)

A Survey of Attacks on Large Language Models: a systematic survey cataloguing attacks against LLMs and LLM-based agents (training-phase attacks, inference-phase attacks, availability/integrity attacks). The paper reviews representative methods and defenses, organizes threat taxonomies, and highlights open research challenges for securing deployed LLM systems. This is useful background for anyone tracking LLM security trends and countermeasures. (Wenrui Xu, Keshab K. Parhi)

To Patch or Not to Patch: Motivations, Challenges, and Implications for Cybersecurity: a focused review on why organizations delay or avoid applying security patches. The paper synthesizes industry and academic literature to identify incentives/disincentives (resource limits, legacy systems, risk perceptions, vendor relationships, human factors) and discusses implications for vulnerability management and policy. Highly relevant given recurring mass-exploitation incidents (Log4Shell, WannaCry, supply-chain incidents) where delayed patching was critical. (Jason R. C. Nurse, Institute of Cyber Security for Society / University of Kent)

Unraveling Log4Shell: Analyzing the Impact and Response to the Log4j Vulnerability: a comprehensive technical measurement and analysis of the Log4Shell (Log4j/CVE-2021-44228) incident: discovery timeline, exploitation patterns, measured attack volumes, impacted sectors, and mitigation/response strategies. Useful both as a historical case study and as a guide to improving open-source component hygiene and incident response practices.
Author(s): John Doll, Carson McCarthy, Hannah McDougall, Suman Bhunia (Dept. of Computer Science & Software Engineering, Miami University).