SecPro

A look at the issues#202: The First Link in the ChainA look at the issuesWelcome to another_secpro!This week, we're moving onto the Cyber Kill Chain and making it clear how we can apply the framework in the average day-to-day workings of a secpro. We've collected a range of useful insights and academic papers to keep you going, so scroll down and check them out!Check out _secpro premiumCheers!Austin MillerEditor-in-ChiefThis week's articlesUnderstanding the Cyber Kill ChainAnd here we go ahead! Now that we're done with MITRE ATT&CK, we're moving onto Lockhead Martin's Cyber Kill Chain. This week, a general introduction before we move onto the important moving parts of the approach.Set up to startCyberUK 2025: Building Resilience in a Shifting Cyber LandscapeIn case you missed it last week...A retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”Get up to speedAI GRCJoin Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up for premium on Substack and find out everything we have to offer!Check it out now!News BytesCheck out Krebs' coverage of this month's Patch Tuesday!“EchoLeak” zero-click vulnerability in Microsoft 365 Copilot:A first-of-its-kind “zero-click” exploit, dubbed EchoLeak, was discovered in Microsoft 365 Copilot. It allows attackers to exfiltrate sensitive data without any user interaction—fully weaponizing AI agents. Microsoft has since issued a patch. Aim Security confirms this is the first weaponizable zero-click AI attacker chain.GreyNoise uncovers coordinated brute‑force campaign targeting Apache Tomcat: GreyNoise Intelligence observed a sharp rise in brute-force login attempts—over hundreds of malicious IPs—aimed at Apache Tomcat Manager interfaces since June 5, indicating a likely precursor to exploitation.Bruce Schneier exposes covert Android tracking via browser–app leaks: Schneier highlights research showing how Meta and Yandex leveraged unintended browser-app communication to covertly track Android users, converting ephemeral web tags into persistent app-level IDs. Both companies ceased the practice after disclosure.Schneier testifies on AI-data exfiltration risks in U.S. government: During a House Oversight hearing on AI’s role in government, Schneier warned about “DOGE” agency affiliates exfiltrating large datasets from federal systems to feed AI tools—raising serious national security concerns.Brian Krebs survives a record ~6.3 Tbps DDoS via Aisuru IoT botnet: Krebs reports an unprecedented DDoS attack—peaking at ~6.3 Tbps over 45 seconds—on his site, orchestrated by a new IoT botnet dubbed “Aisuru,” marking one of the largest volumetric attacks to date.Race-condition flaws CVE‑2025‑5054 & CVE‑2025‑4598 leak core dump data: Qualys TRU uncovered two local info-leak bugs in Linux crash-report tools—Apport (Ubuntu) and systemd-coredump (RHEL/Fedora). Both can expose sensitive data (even /etc/shadow) via race conditions. Users are urged to patch or disable SUID core dumps.This week's academiaImpact of AI on the Cyber Kill Chain: A Systematic Review (Heliyon, 2024): A systematic literature review of 62 studies (2013–2023) examining how AI tools bolster attackers in early kill‑chain stages and highlighting defense gaps, with suggestions for AI‑aware defenses.Technical Aspects of Cyber Kill Chain (arXiv, 2016): A foundational paper outlining methodologies, tools, and techniques attackers use at each of the seven stages of the Cyber Kill Chain—helpful for researchers developing defensive strategies.A Cyber Kill Chain Based Taxonomy of Banking Trojans (arXiv, 2018): This study develops a CKC‑based taxonomy specifically for banking Trojans and validates it using 127 real-world samples, aiding the design of stage‑targeted detection and mitigation strategies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Looking back and looking forward to 2026Most teams dread FedRAMP—until they switch to Paramify. We make the process faster, clearer, and far more efficient by pairing smart automation with experts who help you exactly where you need it most. Come see how fun compliance can actually be, and grab a free gift when you join us for a demo.Schedule your demo here!#228: See You Soon!Winding up for the year, looking forward to 2026Welcome to another_secpro!We're done with social engineering for now, but if you'd like to find out how the adversary moves in the age of AI then make sure to check out the articles link in this introduction:here, here, here, here, and here.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefPE Monthly: The #1 Platform Engineering NewsletterThe platform landscape evolves weekly- new tooling, practices, architectures, and real-world lessons from teams building internal developer platforms at scale. Subscribe now and stay ahead with deep dives on IDPs, golden paths, Kubernetes platforms & DevEx strategy.Book Your Pass Now!This week's articleA quick look back at the 2025A quick retrospective to take stock of a year of huge upheavals and change. Jump in to see what we've identified as "the big themes" of 2025 and leave your comments on Substack!Check it out todayAnd, as a little bonus, here are top 5 most popular articles from over the last year. Take a look and tell us what you think!Mastering Palo Alto NetworksReflecting on the Cyber Kill ChainScattered Spider: an in-depth technical and contextual reportUnit 42 on non-phishing vectorsData Privacy Program and PrinciplesNews Bytes“Trend Micro Warns of ‘Vibe Crime’ as Cybercriminals Automate Attacks”: Trend Micro’s recent report highlights the emergence of “vibe crime,” a new class of fully automated cyberattacks powered by agentic AI. Instead of traditional manual schemes, these attacks use coordinated AI agents to execute phishing, fraud, and infiltration at scale without human oversight. The article details how AI-driven criminal automation drastically increases attack volume and represents a new paradigm for cyber threats — and outlines defensive strategies that leverage AI for resilience.“OpenAI Warns New Models Pose ‘High’ Cybersecurity Risk”: OpenAI has publicly cautioned that forthcoming advanced AI models could introduce significant cybersecurity risks, including the potential automatic generation of zero-day exploits and automated intrusions. The company outlines defensive steps it is taking — such as building integrated defensive tooling, access controls, and monitoring practices — and announces the formation of a Frontier Risk Council focused initially on cyber threats.“UK MPs Face Surge in Phishing Attacks via Messaging Apps”: This piece reports a sharp increase in targeted phishing attacks against UK Parliament members and officials through encrypted messaging platforms like WhatsApp and Signal. Russian-linked actors are leveraging SIM-based brute techniques and deceptive support messages to gain access credentials or install malware — prompting cybersecurity advisories from the UK’s National Cyber Security Centre.“Smarter Holiday Scams Emerge as Criminals Tap AI Tools”: Cybercrime expert Eric O’Neill examines how criminals are leveraging AI to craft sophisticated holiday-season scams. The article describes personalisation techniques using AI-generated voice cloning, fake texts, and simulated delivery alerts, which significantly elevate the success rate of social engineering attacks. It also provides defensive recommendations, including multi-factor authentication and vigilant verification processes.“Top Cybersecurity Trends From 2025: Rapid AI Adoption and Ransomware Risks”: This industry article outlines the most impactful cybersecurity trends of 2025 — especially the expanding use of AI and agentic automation, heightened ransomware activity, and the need for secure software development practices. It explores how organisations are adapting to these combined pressures through risk management strategies and investment in automated defenses.Into the blogosphere...“Cybersecurity predictions for 2025”(Frankly Speaking): A forward-looking analysis of how cybersecurity will evolve in 2025, with an emphasis on the impact of artificial intelligence, security budgets, SOC transformation, and how organisations integrate AI into defensive strategies. The author highlights deeper systemic shifts, such as moving security teams toward engineering-centric practices and the changing role of tooling and talent.“New Security Strategies, Spyware & Surveillance” (International Cybersecurity): A recent weekly analysis covering rapid developments in cyber policy, state-linked attack vectors, and national cybersecurity strategies. It discusses how legislation, geopolitics, and surveillance tools are shaping national cyber postures. The post highlights newly identified exploits and persistent threats such as advanced spyware targeting global networks.“Cyber & Cognitive Conflict Compass: Evolving Threats & Policy Dynamics” (International Cybersecurity): This article outlines a nuanced view of how cyber and cognitive operations interconnect—exploring zero-day exploit disclosures, geopolitical information operations, and multi-jurisdictional policy responses that affect the global threat landscape. It’s particularly valuable for understanding the intersection of cyber, intelligence, and statecraft.This week's academiaGenerative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations fromArtificial Intelligence Review: This open-access comprehensive review explores how generative artificial intelligence (GenAI) is reshaping cybersecurity. It examines GenAI’s contributions to threat intelligence, automated defenses, and operational analytics, alongside the risks posed by adversarial use of generative models. The paper synthesizes recent research on AI-enabled detection, automated response mechanisms, and predictive security operations, offering a broad view of GenAI’s dual role as both a defense multiplier and a vector for sophisticated attacks.Neuromorphic Mimicry Attacks Exploiting Brain-Inspired Computing for Covert Cyber Intrusions (Hemanth Ravipati): This paper introduces Neuromorphic Mimicry Attacks (NMAs), a novel class of cyber threat targeting neuromorphic computing architectures inspired by biological neural systems. Ravipati outlines how attackers can exploit the probabilistic operation of neuromorphic chips to evade traditional intrusion detection systems, presenting a theoretical framework, simulated evaluations, and tailored countermeasures such as neural anomaly detection and secure learning protocols.Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation (Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo, Huansheng Ning): This systematic review examines the dual role of Generative Adversarial Networks (GANs) in cybersecurity — as both offensive tools (e.g., for generating adversarial samples) and defensive mechanisms that enhance threat detection accuracy. The authors deploy a PRISMA-guided review across major cybersecurity domains (intrusion detection, malware analysis, IoT security), develop a taxonomy of GAN applications, and provide a roadmap for future work addressing training instability, benchmarking, and explainability.From Texts to Shields: Convergence of Large Language Models and Cybersecurity (Tao Li, Ya-Ting Yang, Yunian Pan, Quanyan Zhu): This interdisciplinary report explores the integration of large language models (LLMs) into cybersecurity workflows. It focuses on how LLMs are applied to network and software security, vulnerability analysis, and generative security engineering. The work also discusses socio-technical challenges — such as interpretability, safety, and ethical deployment — and proposes strategies like human-in-the-loop oversight and proactive robustness testing to mitigate risks.A decade of cybersecurity research in internal auditing: bibliometric mapping and future research agenda fromDiscover Sustainability (Springer): This bibliometric study maps nearly 4,000 Scopus-indexed cybersecurity research outputs related to internal auditing over ten years. It identifies publication trends, key authors and institutions, evolving thematic clusters, and citation dynamics. The article highlights areas of concentrated research activity and proposes future directions to strengthen cybersecurity integration within internal audit practice and governance frameworks.Building a Cybersecurity Culture in Higher Education: Proposing a Cybersecurity Awareness Paradigm (Reismary Armas & Hamed Taherdoost): Recognizing the human factor as a critical cybersecurity frontier, this research proposes a structured paradigm for cultivating cybersecurity awareness in higher education institutions. The authors analyze current gaps in awareness, outline key cultural and behavioural components, and recommend institutional strategies to embed sustainable cybersecurity practices among students, faculty, and administrative stakeholders.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}