More than 50% of enterprises are experimenting or building with the Model Context Protocol (MCP). They useMCP to connect their AI agents to data and systems behind their corporate firewall, providing agents with the context they need to deliver real value: better code, richer responses, deeper insights, etc. The technical leaders who help their companies deploy MCP in production will create huge competitive advantages.

So, how do you get out in front of MCP?

With this model in hand, you will know where you are today and how to take the next step. The model includes a simple process and technology indicators for every stage and best of all, there are no forms - it’s yours to freely access and share.

The MCP Maturity Model was created by Stacklok, who have built an MCP platform and are working with enterprises to put MCP into production. Their Applied AI Engineers work hands-on with leaders to curate trusted registries, deploy advanced security measures and light up AI agents. You can learn more about the company atstacklok.com, or just drop them an email atenterprise@stacklok.comto start a conversation.

Welcome to another_secpro!

If the last week has felt unusually loud in cybersecurity, you’re not imagining it. The threat landscape rarely sits still, but the volume and velocity of activity over the past several days have been particularly notable — from fresh zero-day disclosures to the continued industrialization of ransomware operations.

Several incidents reinforced a now-familiar pattern: adversaries are moving faster between initial access and lateral movement, compressing dwell time and forcing defenders to detect and respond in near real time. We’ve seen renewed exploitation of edge devices and VPN infrastructure, alongside opportunistic abuse of newly published proof-of-concept code. Patch latency remains a decisive risk factor.

Ransomware groups, meanwhile, continue to evolve their business models. Double-extortion is table stakes; data theft without encryption is resurging as affiliates look to reduce operational friction while maintaining leverage. Law enforcement pressure has fragmented some major crews, but the ecosystem remains resilient — smaller operators are filling the gaps quickly.

Another theme this week: the expanding role of AI in offensive tradecraft. Security teams are tracking more convincing phishing pretexts, better-localized lures, and automated reconnaissance workflows. While not revolutionary on their own, these incremental gains are compounding attacker efficiency.

On the defensive side, there’s cautious optimism. Organizations accelerating identity hardening, network segmentation, and telemetry aggregation are seeing measurable gains in detection fidelity.

In this issue, we break down the most consequential events, extract the technical lessons that matter, and outline practical mitigation steps you can operationalize immediately. Let’s get into it.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Is your team struggling to balance security requirements with user experience? Join us on February 24 at 4 PM CET / 10 AM ET for a webinar discussing how leading financial services teams are shifting to data-driven, risk-based mobile security for more precise responses.

In 2025, cybersecurity experts continued to track an evolving landscape of financially motivated and geopolitically aligned threat groups whose operations grew in scale, coordination, and technical sophistication. Among the most prevalent were Cl0p, known for large-scale data-extortion campaigns exploiting zero-day vulnerabilities in managed file transfer platforms, and Qilin, a ransomware-as-a-service operation that refined double-extortion and partner affiliate models.

If you'd like to find out about our series on social engineering, start here: the adversary moves in the age of AI, then make sure to check out the articles link in this introduction: here, here, here, here, and here.

Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks (Google Threat Intelligence Group): State-backed and criminal actors are operationalizing Gemini for recon, payload development, phishing lure generation, and automation across intrusion lifecycles.

Palo Alto Soft-Pedals China Attribution in Global Espionage Campaign (Reuters – Christopher Bing et al.): Unit 42 reporting tied activity to a China-aligned cluster but public attribution was reportedly toned down due to geopolitical and business risk considerations.

GTIG Analysis Exposes Growing Cyber Threats to Military Infrastructure (Google Threat Intelligence Group): Defense industrial base entities face escalating intrusion attempts, with targeting focused on logistics, contractors, and operational support systems.

CrashFix Campaign Deploys ModeloRAT via Browser Extension Abuse (Cyware Threat Intelligence): ClickFix evolution uses malicious ad-blocker extensions to crash browsers, coercing victims into executing commands that deploy a remote-access trojan.

React2Shell Exploitation Surges Following Public Tooling Release (Cyware Research): CVE-2025-55182 exploitation exceeded 1.4 million attempts in a week, enabling unauthenticated RCE and deployment of reverse shells and XMRig miners.

GlassWorm Supply-Chain Malware Targets OpenVSX Extensions (Cyware / Threat Briefing): Attackers hijacked developer accounts to push trojanized updates using invisible Unicode obfuscation and persistent macOS backdoors.

OpenClaw AI “Skill” Ecosystem Weaponized for Credential Theft (Cyware / Jamieson O’Reilly research): Over 230 malicious skills delivered infostealers via fake tooling, harvesting API keys, wallets, and browser credentials.

BYOVD Intrusion Uses Revoked EnCase Driver to Kill EDR (Acumen Cyber / Huntress-linked research): Attackers leveraged a signed but revoked kernel driver for privilege escalation and direct termination of endpoint security controls.

European Commission MDM Platform Breach Disclosure (Acumen Cyber Threat Digest): Unauthorized access to centralized mobile device management infrastructure exposed staff contact metadata but not enrolled devices.

Security for AI-Native Companies: The 6 Shifts You Can’t Ignore (Gradient Flow): This article examines structural security changes required for organizations building AI-first products. It argues that perimeter security is obsolete and must be replaced with identity-centric controls governing humans and AI agents alike. The piece highlights risks such as model impersonation, agent privilege escalation, and dataset poisoning, emphasizing Zero Trust architectures adapted for autonomous systems.

LLMs + Coding Agents = Security Nightmare (Gary Marcus): Marcus explores how large language models integrated into coding agents introduce systemic vulnerabilities. He outlines risks including insecure code generation, exploit scaffolding, and accelerated malware development. The article frames LLMs as amplifiers of existing AppSec failures—particularly when deployed without human review or secure SDLC guardrails.

How Hackers Turned Claude Code Into a Semi-Autonomous Cyber Weapon (Ben Dickson): This piece analyzes adversarial misuse of AI coding systems. It documents how attackers decomposed malicious objectives into benign prompts, bypassing safety filters. The article details attack chaining, guardrail evasion, and autonomous exploit iteration—illustrating how generative AI can operationalize cyberattacks at machine speed.

Capital, Competition, and the Business of Cybersecurity (Ross Haleliuk): This article analyzes macro-economic and venture dynamics shaping the cybersecurity sector. It explores consolidation pressures, platformization of security tooling, and the funding gap between early-stage innovators and incumbents. The post is frequently cited in operator and VC circles for its market intelligence and strategic forecasting.

Federated Learning-Driven Cybersecurity Framework for IoT Networks with Privacy-Preserving and Real-Time Threat Detection Capabilities (Milad Rahmati): This paper proposes a decentralized cybersecurity architecture tailored to IoT ecosystems using federated learning. Instead of aggregating sensitive telemetry in a central repository, models are trained locally on edge devices and securely aggregated using homomorphic encryption. The framework leverages recurrent neural networks to detect anomalies such as DDoS attacks while preserving data privacy. Reported detection accuracy exceeds 98%, with improved energy efficiency relative to centralized approaches. The study addresses scalability, privacy preservation, and real-time detection—three persistent bottlenecks in IoT security.

Adaptive Cybersecurity: Dynamically Retrainable Firewalls for Real-Time Network Protection (Sina Ahmadi): This research introduces machine-learning firewalls capable of continual retraining in production environments. Unlike static rule-based systems, these firewalls adapt to emergent threat signatures using reinforcement and continual learning pipelines. The architecture supports distributed micro-services deployments, integrates with Zero Trust models, and optimizes latency and throughput. The work frames adaptive perimeter defense as essential given polymorphic malware and AI-assisted intrusion techniques.

Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation (Tharcisse Ndayipfukamiye; Jianguo Ding; Doreen Sebastian Sarwatt; Adamu Gaston Philipo; Huansheng Ning): This systematic review analyzes 185 peer-reviewed studies on the dual use of Generative Adversarial Networks in cyber offense and defense. It proposes a four-dimensional taxonomy covering GAN architectures, defensive roles, threat models, and cybersecurity domains. Findings show GANs improve intrusion detection, malware classification, and synthetic threat simulation but suffer from training instability, explainability deficits, and computational overhead. The paper outlines a research roadmap emphasizing hybrid GAN models and defenses against LLM-driven cyberattacks.

Algorithmic Segmentation and Behavioral Profiling for Ransomware Detection Using Temporal-Correlation Graphs (Ignatius Rollere; Caspian Hartsfield; Seraphina Courtenay; Lucian Fenwick; Aurelia Grunwald): This article presents a graph-analytics framework for ransomware detection based on temporal-correlation modeling of system behaviors. By mapping encryption activity, process lineage, and anomaly timing, the system distinguishes malicious from benign operations in real time. Experimental evaluations show superior precision and recall compared to signature-based and heuristic tools, particularly against polymorphic ransomware strains. The architecture is designed for enterprise scalability and modular SOC integration.

Generative AI Revolution in Cybersecurity: A Comprehensive Review of Threat Intelligence and Operations (Mueen Uddin; Muhammad Saad Irshad; Irfan Ali Kandhro; et al.): This review examines how generative AI is transforming cyber threat intelligence, SOC automation, and attack simulation. It surveys applications including automated phishing detection, malware generation analysis, vulnerability discovery, and incident response orchestration. The authors also evaluate risk externalities—such as AI-enabled social engineering and autonomous attack tooling—positioning generative models as both defensive accelerants and threat multipliers.

Keeping Up with the KEMs: Stronger Security Notions for KEMs and Automated Analysis of KEM-based Protocols (Cas Cremers; Alexander Dax; Niklas Medinger): Focused on post-quantum cryptography, this award-winning paper advances formal security models for Key Encapsulation Mechanisms (KEMs), a foundational primitive in hybrid and quantum-resistant encryption schemes. The authors introduce stronger security definitions and automated symbolic analysis techniques to validate KEM-based protocols. The work is highly relevant as governments and critical infrastructure sectors prepare for quantum decryption threats.