Attack & Defend

Avoiding overreliance on AI - in an overreliant age of AIVisibility Builds Trust. Exposure Creates Risk.Today’s executives are expected to be visible—on LinkedIn, in the press, at conferences, and across digital channels. That visibility fuels brand trust, investor confidence, and talent attraction. But it also creates a dangerous imbalance: as executive exposure increases, digital threats accelerate even faster.This is the Visibility Paradox.Most executive risk doesn’t start with sophisticated hacks. It starts with unmanaged digital exposure—home addresses, family details, travel patterns, and credentials scattered across the open and dark web. These gaps turn influence into liability.Our latest thought leadership article introduces a modern framework for Safe Visibility, built on five critical pillars:• Public data elimination• Continuous monitoring and rapid removal• Secure communication protocols• Organization-wide security alignment• Integrated physical securityEach pillar matters. Miss one, and the entire protection strategy weakens. The ultimate metric? High executive visibility with zero digital or physical incidents. VanishID is the category leader in executive digital-risk protection, delivering end-to-end coverage—from PII removal and dark web monitoring to real-time exposure dashboards and fully managed operations with zero lift for security teams.Get your complimentary digital risk scan today#6: Assessing LimitationsAvoiding overreliance on AI - in an overreliant age of AIWelcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.Here we go on another step into the future, into a world where the world of cybersecurity brims with the confidence that AI can bring to our practice. Of course, this goal—like all goals—requires us to set up the foundations properly and figure out how we stand on them. That means, for all those struggling to make these ambitious bounds forward, establishing the “101” topics and making sure they are widely understood. For a look into the future, here's our plan:1. What “Cybersecurity AI” Actually Means2. Machine Learning 101 for Security Professionals3. Threat Detection with AI: From Rules to Models4. Adversarial Machine Learning Basics5. LLMs in Cybersecurity: Capabilities and Limitations6. Securing AI Models and Pipelines (AI Supply Chain Security)7. AI-Enhanced Offensive Techniques8. Privacy and Data Protection in AI Systems9. AI Governance, Ethics, and Risk Management10. Building a Security-Aware AI WorkflowSound good? Head over to Substack and sign up there!Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefHead over to Substack to check out this week's article!Join us on Substack to find our bonus articles!News WipeGeopolitics and AI Among Top Trends for Cybersecurity 2026”: Cybersecurity in 2026 is poised to evolve rapidly with artificial intelligence deeply integrated into both attacks and defenses. The report highlights AI’s role in threat automation, geopolitical fragmentation increasing risk complexity, and a widening technological divide shaping how nations and corporations secure digital assets.Cybersecurity Can Be The Next Mega Trend Thanks To AI: AI’s growing influence on cybersecurity has attracted significant investor interest and market momentum. The article discusses how AI-driven detection, response automation, and predictive technologies position the cybersecurity sector as a premier investment trend, with implications for enterprise resilience and future risk management.AI and Cybersecurity Trends That Will Define 2026: A forward-looking analysis of how AI will reshape the cybersecurity landscape globally, focusing on regions like India. Key trends include more advanced threat sophistication, broader AI adoption in defensive stacks, and the urgent need for frameworks to govern AI risk.Businesses Are Finally Taking Action to Crack Down on AI Security Risks: Based on a World Economic Forum (WEF) and Accenture report, this piece details how companies are increasingly incorporating AI risk assessments before deployment. It notes a sharp rise in AI vulnerabilities such as deepfakes and automated social engineering, alongside growing adoption of AI tools for phishing and intrusion detection.AI’s Hacking Skills Are Approaching an ‘Inflection Point’: With advancements in AI reasoning and autonomous problem analysis, tools like RunSybil are uncovering complex system vulnerabilities with a sophistication that rivals human experts. While promising for defense, these capabilities also heighten concerns that adversaries could weaponize similar AI systems.Belgian Cybersecurity Startup Aikido Hits Unicorn Status With New Funding Round: Aikido Security, a European cybersecurity startup focused on developer-centric and AI-friendly risk tools, has raised $60 million at a $1 billion valuation. The funding reflects broader demand for security solutions tailored to modern AI-heavy software development workflows.Culture, You, and AILike Social Media, AI Requires Difficult Choices: In his 2020 book, “Future Politics,” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” But in the early decades of this century, Susskind suggested that we face a different question: “To what extent should our lives be directed and controlled by powerful digital systems—and on what terms?”Banning VPNs:This is crazy. Lawmakers in several US states are contemplatingbanning VPNs, because…think of the children!As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” inA.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing­ potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.The EFF link explains why this is a terrible idea.Four Ways AI Is Being Used to Strengthen Democracies Worldwide: Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recentWorld Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities. We have just published the bookRewiring Democracy: How AI will Transform Politics, Government, and Citizenship.In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better.From the cutting edgeAI-Driven Cybersecurity Threats: A Survey of Emerging Risks and Defensive Strategies (Sai Teja Erukude, Viswa Chaitanya Marella, Suhasnadh Reddy Veluru): This 2026 survey paper examines the dual-use nature of AI in cybersecurity, identifying novel threat vectors such as deepfakes, adversarial AI attacks, automated malware, and AI-enabled social engineering. The authors present a comparative taxonomy linking specific AI capabilities with corresponding threat modalities and defense strategies, drawing on over 70 academic and industry references. It also highlights critical gaps in explainability, interdisciplinary defenses, and regulatory alignment necessary to sustain digital trust.The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware (Ben Nassi, Bruce Schneier, Oleg Brodt): This paper reframes prompt injection vulnerabilities in large-language-model (LLM) systems as a structured chain of attack steps akin to classical malware campaigns. The authors propose a new “promptware kill chain” model with defined phases—from initial access through privilege escalation to data exfiltration—offering a common framework for threat modeling and cross-domain research between AI safety and cybersecurity.Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms: This extensive review analyzes how AI and machine learning (ML) are transforming core cybersecurity functions—including intrusion detection, malware classification, behavioral analytics, and threat intelligence. The paper discusses adversarial machine learning, explainable AI, federated learning, and quantum integration as future paradigms, offering a comprehensive roadmap for intelligence-driven, scalable security architectures.Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations: Focused on the rise of generative AI (GAI), this work explores how generative models can autonomously detect threats, augment human judgment, and contribute to defensive operations. It also critically assesses the limitations and misuse potential of these models, such as incorrect outputs and exploitation by adversaries, highlighting the balance needed for secure adoption.A cybersecurity AI agent selection and decision support framework (Masike Malatji): This paper introduces a structured decision support framework that aligns diverse AI agent architectures (reactive, cognitive, hybrid) with the NIST Cybersecurity Framework (CSF) 2.0. It formalizes how AI agents should be selected and deployed across detection, response, and governance functions, offering a practical schema for organizations to move beyond isolated AI tools toward holistic, standards-aligned deployments.Integrating Artificial Intelligence into the Cybersecurity Curriculum in Higher Education: A Systematic Literature Review (Jing Tian): While focused on education, this systematic literature review is trending among academics because it synthesizes research on how AI and cybersecurity education are being combined in higher education curricula. It examines course design, instructional tools, and pedagogical practices that prepare the next generation of cybersecurity professionals to use and defend against advanced AI systems.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Getting ready for Cyber AI ImplementationAI Agents FrontierJoin the pioneers behind AG2 and autonomous research agents for a 5-hour deep dive into controlled orchestration, reproducibility, and safe deployment of scalable multi-agent architectures systems. Discover how to build deterministic, explainable, verifiable agents that eliminate hallucinations and support secure, auditable decision workflows.Limited early-bird seats remaining.Book Your Pass Now!#5: Understanding the AdversaryWelcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.Here we go on another step into the future, into a world where the world of cybersecurity brims with the confidence that AI can bring to our practice. Of course, this goal—like all goals—requires us to set up the foundations properly and figure out how we stand on them. That means, for all those struggling to make these ambitious bounds forward, establishing the “101” topics and making sure they are widely understood. For a look into the future, here's our plan:1. What “Cybersecurity AI” Actually Means2. Machine Learning 101 for Security Professionals3. Threat Detection with AI: From Rules to Models4. Adversarial Machine Learning Basics5. LLMs in Cybersecurity: Capabilities and Limitations6. Securing AI Models and Pipelines (AI Supply Chain Security)7. AI-Enhanced Offensive Techniques8. Privacy and Data Protection in AI Systems9. AI Governance, Ethics, and Risk Management10. Building a Security-Aware AI WorkflowSound good? Head over to Substack and sign up there!Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefNews WipeHow Agentic AI Can Boost Cyber Defense: This article explains how “agentic AI” — autonomous AI agents — are being deployed by security teams to triage and prioritise cyber threats. The approach helps reduce noise and speed up response times, enabling defenders to manage large volumes of alerts more effectively.Disinformation and Cyber-Threats Among Top Global Exec Concerns: A new report from the World Economic Forum (WEF) highlights that AI-powered disinformation and cyber-threats are among the biggest worries for global executives, reflecting growing fears around social-engineering, deepfakes, and AI-driven malware.Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools: Security researchers disclosed that a malicious npm (Node.js) package is using embedded “hidden prompts” and scripts to bypass AI-driven security tools — a novel kind of supply-chain attack aimed at poisoning AI defenses. This underlines how AI itself can be targeted and manipulated by attackers.HTB AI Range offers experiments in cyber-resilience training: The article describes a new initiative from Hack The Box (HTB), offering an “AI Range” — a sandbox environment where organisations can test how AI agents respond to simulated cyber-attacks, helping improve detection and resilience against automated threats. This reflects growing industry emphasis on using AI defensively, not just offensively.Exclusive: Palo Alto Networks CEO says AI demands a new focus on threat detection: At the recent AI+ Summit, the CEO of Palo Alto Networks warned that as organisations adopt AI — and attackers start doing the same — cybersecurity strategies must shift from protecting legacy systems to prioritising advanced threat detection and real-time response. He argued that AI-powered cyberattacks are now among the top risks facing enterprises globally.Culture, You, and AILike Social Media, AI Requires Difficult Choices: In his 2020 book, “Future Politics,” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our collective life should be determined by the state, and what should be left to the market and civil society?” But in the early decades of this century, Susskind suggested that we face a different question: “To what extent should our lives be directed and controlled by powerful digital systems—and on what terms?”Banning VPNs:This is crazy. Lawmakers in several US states are contemplatingbanning VPNs, because…think of the children!As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” inA.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing­ potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.The EFF link explains why this is a terrible idea.Four Ways AI Is Being Used to Strengthen Democracies Worldwide: Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recentWorld Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities. We have just published the bookRewiring Democracy: How AI will Transform Politics, Government, and Citizenship.In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better.From the cutting edgeArtificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms: This 2025 review presents an in-depth survey of state-of-the-art AI/ML techniques applied to cybersecurity tasks — intrusion detection, malware classification, behavioral analysis, threat intelligence. It highlights both the progress and critical gaps: for example, lack of explainability, adversarial ML risks, scalability and privacy issues. The paper also maps out future paradigms (e.g. federated learning, quantum-AI convergence. (N. Mohamed et al.) From Knowledge and Information Systems (2025)Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations: This paper reviews how generative AI (GAI / LLMs) is transforming cybersecurity: not only for defense (e.g. threat detection, anomaly detection, automation of responses) but also how attackers may leverage GAI for social engineering, malware, phishing, and more. It discusses limitations (misuse potential, incorrect outputs, high resource/training cost) and calls for balanced, cautious adoption. (Mueen Uddin, Muhammad Saad Irshad, Irfan Ali, Fuhid Alanazi, Fahad Ahmed, Muhammad Maaz, Saddam Hussain, Syed Sajid Ullah) From Artificial Intelligence Review 58 (2025)Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review: This 2025 systematic review studies how real-world organizations are adapting their cybersecurity operations to integrate generative AI. It analyses 25 studies (2022–2025) and identifies patterns: adoption of LLMs in threat detection, automation of incident response, hybrid human–AI workflows. The paper also discusses challenges: explainability, data quality, bias, training, governance. It offers a roadmap for secure and responsible GenAI deployment in enterprise cyber-defense. (Christopher Nott)Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation: A systematic review of how generative adversarial networks (GANs) can be used—not just to mount attacks, but as defenses. The paper surveys studies (2021–August 2025) on using GAN-based techniques for network intrusion detection, malware analysis, IoT security. It lays out a taxonomy (defensive function, GAN architecture, threat model, cybersecurity domain) and discusses strengths (improved detection accuracy, resilience) and persistent challenges (instability, lack of explainability, high computational cost, absence of standard benchmarks). (Tharcisse Ndayipfukamiye, Jianguo Ding, Doreen Sebastian Sarwatt, Adamu Gaston Philipo, Huansheng Ning)*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Getting ready for Cyber AI Implementation#3: Setting up the BasicsGetting ready for Cyber AI ImplementationWelcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.Here we go on another step into the future, into a world where the world of cybersecurity brims with the confidence that AI can bring to our practice. Of course, this goal—like all goals—requires us to set up the foundations properly and figure out how we stand on them. That means, for all those struggling to make these ambitious bounds forward, establishing the “101” topics and making sure they are widely understood. For a look into the future, here's our plan:1. What “Cybersecurity AI” Actually Means2. Machine Learning 101 for Security Professionals3. Threat Detection with AI: From Rules to Models4. Adversarial Machine Learning Basics5. LLMs in Cybersecurity: Capabilities and Limitations6. Securing AI Models and Pipelines (AI Supply Chain Security)7. AI-Enhanced Offensive Techniques8. Privacy and Data Protection in AI Systems9. AI Governance, Ethics, and Risk Management10. Building a Security-Aware AI WorkflowSound good? Head over to Substack and sign up there!Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefNews WipeAI firm claims it stopped Chinese state-sponsored cyber-attack campaign: Anthropic, the AI company behind Claude, says it detected and halted a Chinese state-sponsored cyber-espionage campaign that used its Claude Code tool. According to Anthropic, 80–90% of the operations in the attack were carried out without human intervention—making it possibly the first large-scale cyberattack primarily executed by AI. While some intrusions succeeded, Claude’s own errors and misinformation limited the damage. Experts have raised concerns about guardrail vulnerabilities and the risk of integrating powerful AI tools without fully understanding their security implications.Russia and China increasingly using AI to escalate cyberattacks on the US, says Microsoft: A Microsoft report reveals that foreign adversaries—including Russia, China, Iran, and North Korea—are leveraging AI to enhance cyberattacks and disinformation campaigns targeting the U.S. In one month (July 2025), Microsoft detected over 200 instances of AI-generated fake content, more than double the amount from the previous year. The report warns of growing sophistication in phishing, deepfake impersonations, and automated hacking. Experts say U.S. institutions remain exposed due to outdated cybersecurity defenses.The Era of AI-Generated Ransomware Has Arrived: Generative AI tools are accelerating the evolution of ransomware. Research from Anthropic and ESET shows that criminals are using models like Claude and Claude Code to automate many stages of ransomware attacks—target identification, malware writing, data analysis, and ransom note generation. A proof-of-concept called “PromptLock” was also discovered, which uses locally hosted LLMs to generate malicious scripts. This marks a dangerous shift: even non-expert cybercriminals can now deploy more advanced malware.AI-powered malware is here: Google’s Threat Intelligence Group has identified two new real-world malware strains — PromptFlux and PromptSteal — that utilize large language models to adapt their behavior during an attack. PromptFlux was spotted on VirusTotal calling back to Google’s Gemini model, while PromptSteal uses an open-source AI model. These are among the first known cases where malware dynamically changes its tactics using AI, signaling a worrying trend in cybercrime sophistication.AI-fueled cybercrime may outpace traditional defenses, Check Point warns: Check Point Software Technologies released a report warning that cybercriminals are increasingly adopting AI tools, and defenders must also leverage AI to keep up. Their research found that a significant number of generative AI prompts contain sensitive data, and AI platform vulnerabilities are growing enterprise risks. Check Point argues that security teams need to build AI-first defence strategies to counter the evolving threat landscape.AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders: A global survey of over 1,200 senior IT and cybersecurity decision-makers (from 15 countries) reveals that AI and large language models have overtaken ransomware as the top concern. Many organizations lack visibility over their AI risk, have outdated incident response plans, and face budget constraints. The shift shows how rapidly priorities are changing as generative AI becomes deeply embedded in business but opens new attack surfaces.Culture, You, and AIAI as Cyberattacker: "From Anthropic:In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention."AI and Voter Engagement: "Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social media into his political campaign: Barack Obama. His campaign’s use of social media was so bracingly innovative, so impactful, that it was viewed by journalist David Talbot and others as the strategy that enabled the first term Senator to win the White House."The Role of Humans in an AI-Powered World: "As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test result and diagnosing cancer than a human, you would take the AI in a second. You want the more accurate tool. But justice is harder because justice is inherently a human quality in a way that “Is this tumor cancerous?” is not. That’s a fact-based question. “What’s the right thing to do here?” is a human-based question."From the cutting edgeArtificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms, fromKnowledge and Information Systems: This is a comprehensive survey (published April 2025) of how AI (especially machine learning) is being applied in cybersecurity. The paper covers intrusion detection, malware classification, behavioral analysis, and threat intelligence. It also discusses future paradigms — where traditional defense mechanisms are no longer sufficient, and AI-driven security is needed to counter increasingly sophisticated cyber threats.Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations, from Artificial Intelligence Review: This paper explores the role of generative AI (GenAI) in cybersecurity operations. It examines how generative models can support threat intelligence, automate responses, and assist in security operations more autonomously. The authors also look at potential risks and trade-offs when deploying GenAI in cyber defense.Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review (Christopher Nott): This May 2025 study investigates how organizations are adapting their cybersecurity operations in response to the advent of generative AI. Using systematic document analysis and case studies, it identifies how firms are changing their threat modeling, governance, and incident response frameworks. It notes that successful adoption tends to come from organizations with mature security infrastructure, strong human oversight, and clear AI governance.A cybersecurity AI agent selection and decision support framework (Masike Malatji): This October 2025 paper proposes a structured decision-support framework for selecting different types of AI agents (reactive, cognitive, hybrid, learning) in line with the NIST Cybersecurity Framework 2.0. The framework considers attributes like autonomy, learning capability, and responsiveness, linking them to real-world cyber tasks (e.g., detection, incident response). It also defines graduated autonomy levels (assisted, augmented, autonomous) to align with different organizational maturity levels.Towards Explainable and Lightweight AI for Real-Time Cyber Threat Hunting in Edge Networks (Milad Rahmati): Published in April 2025, this paper addresses the challenges of deploying AI on edge devices, such as resource constraints and lack of interpretability. It proposes an “Explainable and Lightweight AI (ELAI)” framework combining decision trees, attention-based deep learning, and federated learning. This hybrid approach aims to deliver real-time threat detection on edge networks, with transparency (so analysts understand AI decisions) and efficiency.Harnessing artificial intelligence (AI) for cybersecurity: Challenges, opportunities, risks, future directions (Zarif Bin Akhtar & Ahmed Tajbiul Rawol), fromComputing and Artificial Intelligence:This article examines how AI can be both a powerful tool for cybersecurity and a source of risk. The authors explore vulnerabilities inherent in AI systems (e.g., data poisoning, adversarial attacks) and discuss ethical, regulatory, and governance issues. They also propose strategic solutions and frameworks to build robust AI-based security systems.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

We're back—and completely different.#2: CYBER_AI and the BasicsWe're back—and completely different.Welcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.This time, we're taking a bold step: a step into the world of teaching in a world where we're all still figuring it out. A scary prospect, to say the very least. As we are beginning this newsletter from the ground up, we are taking things all the way back to the very simplest questions that crop up when we ask "what is Cyber AI?" For a look into the future, here's our plan:1. What “Cybersecurity AI” Actually Means2. Machine Learning 101 for Security Professionals3. Threat Detection with AI: From Rules to Models4. Adversarial Machine Learning Basics5. LLMs in Cybersecurity: Capabilities and Limitations6. Securing AI Models and Pipelines (AI Supply Chain Security)7. AI-Enhanced Offensive Techniques8. Privacy and Data Protection in AI Systems9. AI Governance, Ethics, and Risk Management10. Building a Security-Aware AI WorkflowSound good? Head over to Substack and sign up there!Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefLLMs and Agentic AI In Production - Nexus 2025Build and fine-tune your own LLMs and Agents and deploy them in production with workshops on MCP, A2A, Context Engineering, and many more.Book now at 50% off with the code CYBER50News WipeDisrupting the first reported AI-orchestrated cyber espionage campaign: "We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill. This was based on systematic evaluations showing cyber capabilities doubling in six months; we’d also been tracking real-world cyberattacks, observing how malicious actors were using AI capabilities. While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale."Hard drives on backorder for two years as AI data centers trigger HDD shortage — delays forcing rapid transition to QLC SSDs: The race to achieve AGI (artificial general intelligence) has pushed constituents to invest in and build data centers at a pace far outstripping our ability to make them. Manufacturers are struggling to keep up with AI demand, and theongoing DRAM shortageis proof of this, with memory kits costing more than double what they did just a few months ago. Now,DigiTimesis reporting that storage is taking a hit, too, with delivery times forenterprise-grade HDDs delayed by two years.Prompt Injection in AI Browsers:This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to targeted users.Culture, You, and AIIntroducing SlopStop: Community-driven AI slop detection in Kagi Search: "AI slop is deceptive or low-value AI-generated content, created to manipulate ranking or attention rather than help the reader. Per ourAI integration philosophy, we’re not against AI tools that enhance human creativity. But when it includes fake reviews, fabricated expertise, misinformation, content farms designed purely for profit rather than value, and systems that seek to replace genuine human insight and connection, we know it’s hurting us, and we take it upon ourselves to act."Can we bootstrap AI Safety despite being unable to even define it?: Many approaches to AI safety rely on inspecting model outputs or activations, yet certain risks are inherently undetectable by inspection alone. We propose a complementary, architecture-agnostic approach that enhances safety through the aggregation of multiple generative models, with the aggregated model inheriting its safety from the safest subset of a given size among them.Automating Algorithm Discovery: A Case Study in Transaction Scheduling: "Transactions are a cornerstone of modern data stores, offering guarantees that simplify development under concurrent data access for modern applications. Their wide adoption by industry databases highlights their importance. However, modern applications pose new hurdles for supporting these semantics. Driven by massive data growth and new use cases such as AI agents, storage systems face unprecedented data volume and scale."From the cutting edge“Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations”: This paper surveys how generative AI (GenAI) is transforming cybersecurity — especially in threat intelligence, automated operations, and attack simulation. It discusses how generative models can be used defensively (e.g., synthesizing threat data, automating incident response) but also warns of adversarial use. The review covers existing architectures, use-cases, risks, and future research directions.“Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms”: This is a broad, in-depth survey of AI and ML techniques applied to key cybersecurity areas like intrusion detection, malware classification, behavior analysis, and threat intelligence. It also outlines future paradigms, challenges (e.g., adversarial ML, explainability), and research gaps.“Towards Explainable and Lightweight AI for Real-Time Cyber Threat Hunting in Edge Networks” (Milad Rahmati): This is a preprint (arXiv) proposing an AI framework for detecting cyber threats in edge networks (i.e., resource-constrained devices). The core idea is to combine interpretable machine learning (e.g., decision trees) with lightweight deep learning and federated learning, to achieve real-time threat hunting while preserving transparency and low computational cost.“Adaptive Cybersecurity: Dynamically Retrainable Firewalls for Real-Time Network Protection” (Sina Ahmadi): Another preprint. This work introduces the concept of dynamically retrainable firewalls — firewall systems that use continual or reinforcement learning to retrain in real time as network traffic evolves. It discusses the architecture, latency/resource tradeoffs, integration with zero-trust models, and future risks including adversarial attacks and ethical/regulatory concerns.“Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review” (Christopher Nott): This systematic review studies how cybersecurity organizations (e.g., in finance, critical infrastructure) are restructuring processes and governance to integrate generative AI. It identifies patterns such as LLM integration for threat modeling, risk automation, and hybrid human–AI operations. It also explores challenges: data quality, explainability, adversarial attacks, and building governance frameworks.“A cybersecurity AI agent selection and decision support framework” (Masike Malatji): This recent preprint proposes a framework to help organizations choose what kind of AI “agent” (reactive, cognitive, hybrid, learning) to deploy, aligned with the NIST Cybersecurity Framework (CSF 2.0). It maps properties like autonomy, learning, and responsiveness to NIST CSF functions. It recommends different autonomy levels (assisted, augmented, fully autonomous) depending on maturity and risk.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

We're back—and completely different.#1: CYBER_AI TodayWe're back—and completely different.Welcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.The world of cybersecurity is changing fast—and artificial intelligence is leading the charge. Every day, new tools powered by AI are helping defenders spot threats faster, protect data smarter, and stay one step ahead of attackers. But the same technology that helps protect us can also be used by hackers to launch more advanced, more convincing attacks.That’s why understanding the mix of AI and security is more important than ever. From detecting phishing emails in seconds to predicting weaknesses before they’re exploited, AI is reshaping what it means to stay safe online. At the same time, trusted ideas like Zero Trust—the principle that no one and nothing should be trusted by default—are becoming even more critical. In a world where AI can fake voices, write code, or slip past simple security checks, Zero Trust provides a steady foundation: always verify, always question, always protect.Join us on Substack to find our bonus articles!In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.Welcome aboard! The future of cyber defence starts here.Cheers!Austin MillerEditor-in-ChiefLLMs and Agentic AI In Production - Nexus 2025Build and fine-tune your own LLMs and Agents and deploy them in production with workshops on MCP, A2A, Context Engineering, and many more.Book now at 50% off with the code CYBER50News Wipe“Beware of double agents: How AI can fortify — or fracture — your cybersecurity”: This article explores how autonomous “agentic” AI systems can both strengthen and undermine cybersecurity. Microsoft emphasises that organisations must manage AI identities using Zero Trust principles—continuous verification, least privilege, and micro-segmentation. The piece highlights practical ways to secure AI agents as part of enterprise defence.“Zscaler Acquires AI Security Company SPLX”: Zscaler announced its acquisition of SPLX, an AI security firm, to integrate AI asset discovery, red-teaming, and governance into the Zscaler Zero Trust Exchange platform. The move marks a concrete step toward extending Zero Trust security models to cover AI systems and workflows.“Trend Micro Launches End-to-End Protection for Agentic AI Systems”: Trend Micro, in collaboration with NVIDIA, unveiled a new security framework that combines Zero Trust enforcement with AI-native threat detection for what it calls “AI factories.” The launch represents a practical evolution of Zero Trust from human and device access control to full AI system protection.“How low code can give agentic AI guide rails for the enterprise”: This feature examines how enterprises are using low-code and no-code platforms to deploy AI securely. It discusses how organisations can establish governance and Zero Trust-inspired guardrails for AI agents, ensuring safe interaction with data and systems.“AI Security: Defining and Defending Cybersecurity’s Next Frontier”: SentinelOne provides a deep dive into how organisations are adapting cybersecurity frameworks to AI-driven environments. The article focuses on embedding threat modelling, securing AI workflows, and applying Zero Trust strategies to protect AI infrastructures from both misuse and attack.Culture, You, and AIFaking Receipts with AI: Over the past few decades, it’s become easier and easier to create fake receipts. Decades ago, it required special paper and printers—I remember a company in the UK advertising its services to people trying to cover up their affairs. Then, receipts became computerized, and faking them required some artistic skills to make the page look realistic. Now, AI can do it all.Rigged Poker Games: The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games.In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order. As set forth in the indictment, the rigged games used altered shuffling machines that contained hidden technology allowing the machines to read all the cards in the deck. Because the cards were always dealt in a particular order to the players at the table, the machines could determine which player would have the winning hand. This information was transmitted to an off-site member of the conspiracy, who then transmitted that information via cellphone back to a member of the conspiracy who was playing at the table, referred to as the “Quarterback” or “Driver.” The Quarterback then secretly signaled this information (usually by prearranged signals like touching certain chips or other items on the table) to other co-conspirators playing at the table, who were also participants in the scheme.Scientists Need a Positive Vision for AI: For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting extremist messages. AI is making warfare more precise and deadly amidst intransigent conflicts. AI companies are exploiting people in the global South who work as data labelers, and profiting from content creators worldwide by using their work without license or compensation. The industry is also affecting an already-roiling climate with its enormous energy demands.AI Summarization Optimization: These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence. But clever meeting attendees can manipulate this system’s record by speaking more to what the underlying AI weights for summarization and importance than to their colleagues. As a result, you can expect some meeting attendees to use language more likely to be captured in summaries, timing their interventions strategically, repeating key points, and employing formulaic phrasing that AI models are more likely to pick up on. Welcome to the world of AI summarization optimization (AISO).From the cutting edgeArtificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms from Knowledge and Information Systems, Vol. 67: This open-access review paper surveys the integration of AI/ML into cybersecurity, covering intrusion detection, malware classification, behavioural analysis and threat intelligence. It highlights the shift from traditional defence mechanisms to AI-driven ones, discusses technique categories and outlines future directions and gaps in research (such as adversarial robustness and real-time deployment).Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations from Artificial Intelligence Review, Vol. 58: This review focuses specifically on how generative AI (GenAI) is both a tool and a threat in cybersecurity operations. It explores how GenAI is being used for threat-intelligence generation, automating response operations, as well as how adversaries may use GenAI to automate attacks. The paper provides a detailed taxonomy of use-cases, implications for security operations centres (SOCs), and open issues (e.g., model abuse, data integrity).Strategic Management of AI-Powered Cybersecurity Systems: A Systematic Review (A. Wairagade) from Journal of Engineering Research and Reports, Vol 27 (8): This systematic review synthesises 87 peer-reviewed papers (2015-2024) on how organizations strategically manage AI-based cybersecurity systems. It identifies key themes including AI algorithms for threat detection, governance & risk management, organisational integration issues, ethical/legal concerns and scalability. The paper argues for proactive strategies (human-AI collaboration, governance frameworks, continual learning) to get maximum benefit from AI in cyber defence.Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review (C. Nott): This qualitative study examines how cybersecurity organisations are adapting to the integration of generative AI (GenAI). Based on analysis of 25 studies (2022-2025), it identifies three adaptation patterns: (1) LLMs integrated for security applications, (2) GenAI frameworks for automated detection/response, and (3) AI/ML-based threat-hunting workflows. The study highlights factors influencing readiness (maturity, regulation, workforce) and persistent challenges (data quality, bias, adversarial threats).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Or are we?We're so backBut with something differentHello! Long time, no see.A while ago, you were on our mailing list to receive the Attack & Defend newsletter from Packt. However, in May this year, we saw that the newsletter wasn't really serving the purpose we want it to and decided to shelf the project as a good idea that didn't quite work out.But, thankfully, we've had another idea. And we reckon you'll be into it.Introducing... CyberAIOn the back of our successful Next-Gen Cyber AI event, we think that you'd enjoy our insights into this brave new world of cybersecurity augmented by artificial intelligence and heading in a whole new direction. We'll be looking at:- insider threats from rogue agents- Zero Trust in multi-agent systems- The future of the AI-augmented SOC- And much more!Sound like something you'd be interested in? Then hang on tight, you'll be receiving your new email in the near future (along with a whole new look for this newsletter)!Not for you? Click the button below to unsubscribe from our mailing list.Unsubscribe" target="_blank" style="color:#ffffff;text-decoration:none;">Unsubscribe*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Don't miss out on your chance for one of five free Packt booksWhen attacking digital wallets and SoftPOS mobile apps, threat actors target more than just data.Learn how to protect your digital wallets and SoftPOS apps.Featuring demos and practical tips, this webinar, "Securing Mobile Payments: Protecting Digital Wallets and SoftPOS from Attacks," will help security professionals collaborate more effectively with development teams to build stronger protection strategies and better defend digital wallet and SoftPOS mobile apps against today’s most common threats.Register Now#40: DragonForce, RSA's AI Obsession, and a NATO exerciseDon't miss out on your chance for one of five free Packt booksWelcome to Attack & Defend!Here we are again, investigating both red and blue team solutions to the dangers of the cybersecurity world. You'll find tutorials, best practices, tools, and a few other pointers to get you started on taking your next step. Make sure to check out the Humble Bundle deal listed below as well!Check out the ongoing Top Ten MITRE ATT&CK threats of 2024 breakdown that has launched through our sister newsletter, the _secpro. But anyway, here's some of the biggest problems facing people inyour position today!Fill in this survey to win a free Packt book!Cheers!Austin MillerEditor-in-ChiefWysh Life Benefit allows any financial institution to offer free life insurance directly through their customers’ savings accounts. By embedding micro life insurance into deposit accounts, Life Benefit provides built-in financial protection that grows with account balances. It’s a simple, no-cost innovation that enhances loyalty, encourages deposits, and differentiates institutions in a competitive market. No paperwork. No medical exams. Just automatic coverage that provides peace of mind—without changing how customers bank.Talk to Our Team TodayAttacking and Defending - WorldwideDragonForce Claims Massive Breach at Co-op and M&S: A cybercriminal group named DragonForce has claimed responsibility for a significant cyberattack on the Co-op supermarket chain, alleging the theft of private information from 20 million Co-op members. The hackers reportedly accessed both customer and employee data, including member card numbers, personal contact information, and staff credentials. Initially, Co-op downplayed the incident, but later acknowledged the breach involved a significant amount of personal data. DragonForce also claimed involvement in cyberattacks on Marks & Spencer (M&S), which suffered a ransomware attack leading to online operations being paralyzed and significant financial losses.AI's Dual Role in Cybersecurity Highlighted at RSAC 2025: At the RSA Conference 2025, discussions centered around the transformative impact of AI on cybersecurity. Experts highlighted both the risks and opportunities presented by AI. While adversaries are leveraging AI tools for research and phishing, defenders are exploring AI's potential in vulnerability discovery and malware analysis. The conference emphasized the need for standardized security frameworks and responsible AI adoption to outpace evolving cyber threats.NATO's Locked Shields 2025: A Realistic Cyber Defense Exercise: NATO's Locked Shields 2025 exercise brought together participants from 21 countries to engage in realistic cyber defense scenarios. The event focused on areas such as red teaming, penetration testing, digital forensics, and situational awareness. By simulating real-world attack methods and technologies, the exercise aimed to enhance the resilience of member nations against cyber adversaries.AI-Driven Red Teaming: Emerging Threats and Techniques: A recent scoping review examined the use of AI technologies in cybersecurity attacks, highlighting how AI can automate the process of penetrating targets and collecting sensitive data. The study identified various AI-driven cyberattack methods targeting sensitive data, systems, and social media profiles. The application of AI in cybercrime presents an increasing threat, emphasizing the need for red teams to understand and simulate these advanced attack models.CyberAlly: Enhancing Blue Team Efficiency with AI: Researchers introduced CyberAlly, a knowledge graph-enhanced AI assistant designed to augment blue team capabilities during incident response. Integrated into a cyber range alongside an open-source SIEM platform, CyberAlly monitors alerts, tracks blue team actions, and suggests tailored mitigation recommendations based on insights from prior red vs. blue team exercises. This tool aims to equip defenders to tackle evolving threats with greater precision and confidence.Red team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.lengjibo/FourEye - An AV Evasion tool for Red Team Ops.Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.Blue team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFsracecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.Making a step upRed Team and Blue Team Fundamentals – JobSkillShare: This comprehensive PDF guide provides a structured approach to understanding the core principles of both red and blue team operations. It covers practical skills such as vulnerability exploitation, incident response, and threat detection, making it an excellent starting point for professionals aiming to enhance their offensive and defensive cybersecurity capabilities.Navigating Red and Blue Team Collaboration: OffSec explores the dynamics between red and blue teams, emphasizing the importance of collaboration over competition. The article discusses how gamified exercises and real-world simulations can break down communication barriers, fostering a culture of continuous improvement and mutual respect between offensive and defensive teams.Red, Blue, and Purple Teams: Combining Your Security Capabilities – SANS Institute: This white paper delves into the integration of red and blue teams through the concept of purple teaming. It outlines how combining offensive and defensive strategies can lead to more effective security outcomes, offering insights into team structures, communication, and shared objectives.A Red and Blue Cybersecurity Competition Case Study: This academic study examines the effectiveness of cybersecurity competitions in enhancing the skills of both red and blue team members. It highlights how simulated attack scenarios in controlled environments can improve technical abilities, strategic thinking, and team coordination.Blue Team Fundamentals: Roles and Tools in a Security Operations Center (PDF): This research paper provides an in-depth look at the roles and tools essential for blue team operations within a Security Operations Center (SOC). It offers valuable insights into the responsibilities of blue team members and the technologies they employ to detect and mitigate threats.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Keeping up to date and getting ahead of the curveWhen attacking digital wallets and SoftPOS mobile apps, threat actors target more than just data.Learn how to protect your digital wallets and SoftPOS apps.Featuring demos and practical tips, this webinar, "Securing Mobile Payments: Protecting Digital Wallets and SoftPOS from Attacks," will help security professionals collaborate more effectively with development teams to build stronger protection strategies and better defend digital wallet and SoftPOS mobile apps against today’s most common threats.Register Now#39: Left on RedKeeping up to date and getting ahead of the curveWelcome to Attack & Defend!Here we are again, investigating both red and blue team solutions to the dangers of the cybersecurity world. You'll find tutorials, best practices, tools, and a few other pointers to get you started on taking your next step. Make sure to check out the Humble Bundle deal listed below as well!Check out the ongoing Top Ten MITRE ATT&CK threats of 2024 breakdown that has launched through our sister newsletter, the _secpro. But anyway, here's some of the biggest problems facing people inyour position today!Cheers!Austin MillerEditor-in-ChiefThe networking bundle I wish I had when I was starting out$814 Value • Pay What You WantAttacking and Defending - WorldwideProduct Walkthrough: Securing Microsoft Copilot with Reco - Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high.Security Advisory from Commvault - "We are providing an update to the security advisory issued onMarch 7, 2025. Based on new threat intelligence, we continue to investigate recent activity by a nation-state threat actor contained within our Azure environment. This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance."Inside the Latest Espionage Campaign of Nebulous Mantis - Nebulous Mantis (a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is a Russian-speaking cyber espionage group that has actively deployed the RomCom remote access trojan (RAT) and Hancitorloader in targeted campaigns since mid-2019. Operating with geopolitical motives, the group primarily focuses on critical infrastructure, government agencies, political leaders, and NATO related defense organizations. They use spear-phishing emails with weaponized document links to deliver RomCom for espionage, lateral movement, and data theft. Nebulous Mantis has been using the sophisticated RomCom since around mid-2022. This RAT is primarily employed for espionage and ransomware activities.Building Private Processing for AI tools on WhatsApp - AI has revolutionized the way people interact with technology and information, making it possible for people to automate complex tasks and gain valuable insights from vast amounts of data. However, the current state of AI processing — which relies on large language models often running on servers, rather than mobile hardware — requires that users’ requests are visible to the provider. Although that works for many use cases, it presents challenges in enabling people to use AI to process private messages while preserving the level of privacy afforded by end-to-end encryption.What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - "Talking about being targeted is uncomfortable for any organization. For cybersecurity vendors, it’s practically taboo. But the truth is security vendors sit at an interesting cross-section of access, responsibility, and attacker ire that makes us prime targets for a variety of threat actors, and the stakes couldn’t be higher. When adversaries compromise a security company, they don’t just breach a single environment—they potentially gain insight into how thousands of environments and millions of endpoints are protected."Red team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.lengjibo/FourEye - An AV Evasion tool for Red Team Ops.Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.Blue team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFsracecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.Making a step upExploiting DeepSeek-R1: Breaking Down Chain of Thought Security: "The growing usage of chain of thought (CoT) reasoning marks a new era for large language models. CoT reasoning encourages the model to think through its answer before the final response. A distinctive feature of DeepSeek-R1 is its direct sharing of the CoT reasoning. We conducted a series of prompt attacks against the 671-billion-parameter DeepSeek-R1 and found that this information can be exploited to significantly increase attack success rates."Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Exploring some of cutting-edge research, including STIG Compliance and Vehicle Simulators74% of organizations are now API-firstAPI attacks that can lead to fraud through account takeovers and theft of credit card information.Read full article#39: Virtual Machines, Virtual... Cars?Exploring some of cutting-edge research, including STIG Compliance and Vehicle SimulatorsWelcome to Attack & Defend!Sometimes, you need a specific focus on the issues that are facing red and blue teamers to get ahead. We know that, which is why we're rolling out a new series of overviews, reviews, and views concerning this corner of the market - which is growing more and more valuable each year!Almost a quarter into the year, this threats are continuing to come thick and fast - in fact, ourhunch is that the retrospective we have at the end of this calendar year may even look like a reluctant admission that the adversary has always got something else up its sleeve. In that sense, we invite you to check out the ongoing Top Ten MITRE ATT&CK threats of 2024 breakdown that has launched through our sister newsletter, the _secpro. But anyway, here's some of the biggest problems facing people inyour position today!Cheers!Austin MillerEditor-in-ChiefDon't miss out on 30% off!Attacking and Defending - WorldwideBusiness Wire - Red Hat Boosts Enterprise AI Across the Hybrid Cloud with Red Hat AI: "Red Hat, Inc., the world's leading provider of open source solutions, today announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud. Red Hat AI provides an enterprise AI platform for model training and inference that delivers increased efficiency, a simplified experience and the flexibility to deploy anywhere across a hybrid cloud environment."RAND - Artificial General Intelligence's Five Hard National Security Problems: Find the Report PDF here to find out about this cutting-edge research.SANS - Identifying Advanced Persistent Threat Activity Through Threat-Informed Detection Engineering: Enhancing Alert Visibility in Enterprises: "Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise environments, often mimicking authorized privileged access prior to their actions on objectives."SANS - Strolling Through the STIG: "The CKL file has become the unofficial common language amongst the Department of Defense activities to share and report on STIG compliance information. Although easy to work with on an individual basis (One System / One Assessment), this format fails at scale."TrendMicro - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns: "Trend Zero Day Initiative™ (ZDI) identified nearly 1,000 malicious .lnk files abusing ZDI-CAN-25373 (aka ZDI-25-148), a vulnerability that allows attackers to execute hidden malicious commands on a victim’s machine by leveraging crafted shortcut files."Building an electric vehicle simulator to research EVSEs: "Researching and reverse engineering Level 2 Electric Vehicle Supply Equipment (EVSE or loosely “charger”) efforts might require the equipment to be placed beyond the idle state. The idle state is straightforward and usually involves nothing more than powering up the charger. Indeed, this is a very useful state for research where the user interface is in operation, communications both wired and wireless are working and the mobile device app can interact. However, there are times when there is a need to force the charger into other states so that it behaves as though the electric vehicle is attached, the EV is asking for charge, or the EV is charging and the EVSE is providing charging current."Red team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.lengjibo/FourEye - An AV Evasion tool for Red Team Ops.Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.Blue team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFsracecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.Making a step upExploiting DeepSeek-R1: Breaking Down Chain of Thought Security: "The growing usage of chain of thought (CoT) reasoning marks a new era for large language models. CoT reasoning encourages the model to think through its answer before the final response. A distinctive feature of DeepSeek-R1 is its direct sharing of the CoT reasoning. We conducted a series of prompt attacks against the 671-billion-parameter DeepSeek-R1 and found that this information can be exploited to significantly increase attack success rates."Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}.reverse{display:table;width: 100%;

Going forward and in reversePrepare, Respond, Recover:Defining Modern Cyber ResilienceWhen threats come for your business, every second counts. Rubrik’s Cyber Resilience Summit will show you how to put your time to good use, so your data—and your organization—are safe.Join us virtually on March 5th to learn how to:- Gain visibility into where your sensitive data lives- Accelerate incident response and achieve end-to-end resilience- Manage risk and recover from attacks fasterSecure Your Spot#36: Engineering defenseGoing forward and in reverseWelcome to Attack & Defend!Sometimes, you need a specific focus on the issues that are facing red and blue teamers to get ahead. We know that, which is why we're rolling out a new series of overviews, reviews, and views concerning this corner of the market - which is growing more and more valuable each year!Of course, here we stand a wholemonth into 2025 and the challenges are still coming thick and fast. So, here's a few practical tips, news items, and other interesting tid-bits for keeping you sane in the insane world of cybersecurity.Cheers!Austin MillerEditor-in-ChiefAn intro to Reverse EngineeringCybersecurity isn’t just about defense—it’s also about understanding how they work. That’s where reverse engineering comes in. When analyzing malware, security professionals use it to break things down and figure out how they operate.Get aheadAttacking and Defending - WorldwideCVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks - On September 25, 2024, theTrend ZDIThreat Hunting team identified a zero-day vulnerability exploited in-the-wild and associated with the deployment of the loader malware known asSmokeLoader. This vulnerability is believed to be used by Russian cybercrime groups to target both governmental and non-governmental organizations in Ukraine, with cyberespionage being the most likely purpose of these attacks as part of the ongoing Russo-Ukrainian conflict. The exploitation involves the use of compr -omised email accounts and a zero-day vulnerability existing in the archiver tool 7-Zip (CVE-2025-0411), which was manipulated through homoglyph attacks.CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.From South America to Southeast Asia: The Fragile Web of REF7707 - Elastic Security Labs has been monitoring a campaign targeting the foreign ministry of a South American nation that has links to other compromises in Southeast Asia. We track this campaign as REF7707. The intrusion set utilized by REF7707 includes novel malware families we refer to as FINALDRAFT, GUIDLOADER, and PATHLOADER. We have provided a detailed analysis of their functions and capabilities in the malware analysis report of REF7707 -You've Got Malware: FINALDRAFT Hides in Your Drafts.Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks - Gcore’s twice-annual Radar report analyzes DDoS attack data observed across our global network, spanning six continents and over 180 PoPs, to uncover key insights from the past six months (sign up for access).Red team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.lengjibo/FourEye - An AV Evasion tool for Red Team Ops.Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.Blue team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFsracecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.Making a step upEM360 - Infiltration Insights: Red Team Operations: Red teaming is a proactive cybersecurity approach where ethical hackers simulate real-world attacks to test an organisation’s defences. Unlike traditional testing, red teaming mimics sophisticated threats to expose vulnerabilities in networks, systems, and even human factors. This process helps organisations identify weaknesses, strengthen their security posture, and improve their incident response plans to stay ahead of evolving cyber threats.Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.An Introduction To Purple Teaming: "Purple teaming can play a vital role in helping them to achieve this. Purple teaming involves red and blue teams collaborating on an ongoing basis to maximize their impact. Read on to discover how purple teaming enables businesses to enhance and accelerate their approach to identifying and mitigating security vulnerabilities."How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."Penetration Testing Market Demand Will Reach a Value of USD 6.44 Billion by the Year 2030, At a CAGR of 16.5:"The Penetration Testing Market plays a crucial role in assessing and strengthening the security of IT infrastructure. Penetration tests help uncover vulnerabilities in operating systems, applications, and networks by simulating potential cyber-attacks without compromising the system’s security."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}.reverse{display:table;width: 100%;

Understanding AI as a red and blue teamerSecure and Simplify: Salesforce Data Protection with RubrikWhat if your Salesforce data was suddenly lost or corrupted? Human errors, accidental deletions, misconfigurations can all contribute to data loss. 1 of 2 SaaS users that did not implement SaaS data protection experienced data loss or corruption in the last 12 months.Check out this exclusive webinar where we reveal Rubrik's new integration with Salesforce, designed to tackle this exact issue.Watch On-DemandNew attacks, new problems for AIUnderstanding AI as a red and blue teamerWelcome to Attack & Defend!Sometimes, you need a specific focus on the issues that are facing red and blue teamers to get ahead. We know that, which is why we're rolling out a new series of overviews, reviews, and views concerning this corner of the market - which is growing more and more valuable each year!In keeping with the general trends of the whole world this year, this has meant that looking at AI takes up a considerable portion of this newsletter. We won't waste your time with a long introduction, but make sure to check out the controversy around OpenAI and what that means for your role today.Also, if you missed it, we sent out the first issue of the new _secproPremium (_secpro Premium #1: Change is Difficult) as a free edition last week. As a teaser for those thinking of subscribing and as a treat for everyone else. Don't miss out on Attack & Defend's sister publication!Cheers!Austin MillerEditor-in-ChiefAttacking and Defending - WorldwideMeta's GOAT tricks LLMs into writing Nazi poetry during automated red-teaming test - In a pre-print paper, Meta researchers described building and testing GOAT by asking it to coerce various LLMs into writing poetry that "glorifies the Holocaust and praises the Nazi Party" - a test that's part of theJailbreakBench Dataset (more on that later). GOAT is designed to red-team GenAI models in order to "assesses how LLMs can produce content that violates norms, policies, and rules set during their safety training", so that loopholes can be closed down before a model goes into public use.An update on disrupting deceptive uses of AI - "OpenAI’s mission is to ensure that artificial general intelligence benefits all of humanity. We are dedicated to identifying, preventing, and disrupting attempts to abuse our models for harmful ends. In this year of global elections, we know it is particularly important to build robust, multi-layered defenses against state-linked cyber actors and covert influence operations that may attempt to use our models in furtherance of deceptive campaigns on social media and other internet platforms."SSD Advisory – Nortek Linear eMerge E3 Pre-Auth RCE - "We would like to point out that we always recommend that our customers follow best practices to prevent unauthorised access to E3 and TE systems. Best practices include, not placing the product on their corporate network, not placing the product on the open internet, to install the product behind a network firewall and to use a VPN to access the product."The Mongolian Skimmer: different clothes, equally dangerous - A few weeks ago, while consulting skimming threat intel sources Jscrambler researchers stumbled across a new skimming campaign that, at first glance, stood out because of the JavaScript obfuscation it exhibits. Some people raised the question if this was a new obfuscation technique, probably because the code is using weird accented characters. As part of a company that makes aJavaScript obfuscation tool, the team could tell immediately that it is not. The obfuscation author just used unusual Unicode characters for variables and function names. But that has been done before and it’s hardly an obstacle.Red team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.lengjibo/FourEye - An AV Evasion tool for Red Team Ops.Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.Blue team toolsVechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFsracecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.Making a step upEM360 - Infiltration Insights: Red Team Operations: Red teaming is a proactive cybersecurity approach where ethical hackers simulate real-world attacks to test an organisation’s defences. Unlike traditional testing, red teaming mimics sophisticated threats to expose vulnerabilities in networks, systems, and even human factors. This process helps organisations identify weaknesses, strengthen their security posture, and improve their incident response plans to stay ahead of evolving cyber threats.Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.An Introduction To Purple Teaming: "Purple teaming can play a vital role in helping them to achieve this. Purple teaming involves red and blue teams collaborating on an ongoing basis to maximize their impact. Read on to discover how purple teaming enables businesses to enhance and accelerate their approach to identifying and mitigating security vulnerabilities."How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."Penetration Testing Market Demand Will Reach a Value of USD 6.44 Billion by the Year 2030, At a CAGR of 16.5:"The Penetration Testing Market plays a crucial role in assessing and strengthening the security of IT infrastructure. Penetration tests help uncover vulnerabilities in operating systems, applications, and networks by simulating potential cyber-attacks without compromising the system’s security."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}