Learn how full‑stack developers boost productivity by 50% with AI agents that automate layout, styling, and component generation through RAG and LLM pipelines.

See how orchestration and spec‑driven workflows keep you in control of quality and consistency.

Save your seat!

Welcome to another_secpro!

Over the past week, the cybersecurity and artificial intelligence landscapes have continued their rapid convergence, with developments underscoring both the transformative potential of AI and the expanding threat surface it creates. Organisations across sectors are accelerating AI deployment to enhance threat detection, automate incident response, and reduce analyst workload. At the same time, adversaries are operationalising many of the same capabilities, leveraging generative models to scale phishing campaigns, craft more convincing social engineering pretexts, and accelerate malware development cycles.

Regulatory and governance pressures are also intensifying. Policymakers are signalling stricter expectations around AI transparency, model security, and data provenance, particularly where systems intersect with critical infrastructure or sensitive personal data. This is driving renewed focus on secure model pipelines, third-party risk management, and auditability of training datasets. Boards and CISOs alike are being pushed to treat AI risk not as an experimental concern but as an enterprise security priority.

Notably, the past week has highlighted the growing importance of supply chain resilience in AI ecosystems. From model repositories to open-source frameworks, dependencies are becoming prime targets for compromise, reinforcing the need for code integrity verification and continuous monitoring.

Taken together, the signal is clear: AI is no longer an emerging variable in cybersecurity strategy; it is now a central pillar on both sides of the threat equation. The organisations best positioned to navigate this shift will be those that integrate AI governance, security engineering, and workforce readiness into a unified operating model—balancing innovation with control as the pace of change continues to accelerate.

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

In 2025, cybersecurity experts continued to track an evolving landscape of financially motivated and geopolitically aligned threat groups whose operations grew in scale, coordination, and technical sophistication. Among the most prevalent were Cl0p, known for large-scale data-extortion campaigns exploiting zero-day vulnerabilities in managed file transfer platforms, and Qilin, a ransomware-as-a-service operation that refined double-extortion and partner affiliate models.

If you'd like to find out about our series on social engineering, start here: the adversary moves in the age of AI, then make sure to check out the articles link in this introduction: here, here, here, here, and here.

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage Campaigns: Russia-linked APT28 exploited a newly disclosed Microsoft Office vulnerability to deliver espionage malware via weaponized documents, enabling code execution and persistent access on victim systems.

CISA: VMware ESXi Flaw Now Exploited in Ransomware Attacks: Ransomware operators began exploiting a high-severity ESXi sandbox-escape vulnerability for hypervisor-level compromise, enabling lateral movement and mass virtual machine encryption.

New “Fancy” QR Codes Are Making Quishing More Dangerous: Threat actors are leveraging visually stylized QR codes to evade user suspicion and deliver phishing payloads, increasing mobile credential-harvesting success rates.

Hugging Face Abused to Distribute Financial Malware: An Android campaign used dropper apps and Hugging Face repositories to host thousands of credential-stealing APK variants targeting financial services users.

KONNI Targets Blockchain Developers with AI-Generated PowerShell Backdoor: North Korean operators used Discord lures delivering LNK-triggered, AI-assisted PowerShell malware with persistence, UAC bypass, and C2 beaconing.

SectorD Spear-Phishing Campaign Deploys RustyWater Implant: A Middle East–focused operation delivered a Rust-based implant via weaponized Word docs, featuring anti-debugging, encrypted C2 comms, and registry persistence.

VoidLink Linux Malware Framework Targets Cloud Environments: A modular cloud-focused framework written in Zig/Go/C enables reconnaissance, credential harvesting, rootkit deployment, and Kubernetes/Docker-aware exploitation.

Fake NexShield Ad-Blocker Extension Drops ModeloRAT: Malicious browser extensions delivered via malvertising executed PowerShell downloaders, leading to RAT deployment and enterprise network compromise

TCP #116: Starlink v. Iran, Agents Attack …(Darwin Salazar, Head of Growth at Monad): A weekly digest of the hottest security news covering global high-profile events such as satellite internet warfare, AI attack probes, malware leaks, and major cybersecurity M&A activity. This issue highlights geopolitical cyber interplay (Starlink vs Iran), high-volume AI infrastructure scanning by adversaries, leaked cybercrime data, and high-value acquisitions by CrowdStrike — offering broad industry impact context and emerging threat developments.

Resilient Cyber Newsletter #62: Netskope IPO, AI-Driven Attacks, Black Hat Takeaways (Chris Hughes): This weekly issue covers major industry signals including Netskope’s S-1 filing pointing toward an IPO, enterprise earnings calls, AI-driven attack activity and tooling trends, and critical insights from Black Hat. Highlights include identity threat detection playbooks and discussion around detection blind spots and proactive posture improvements.

Cyber Markets Brief #42: Google Unified Security, Forrester & Gartner on Exposure Management (Dane Disimino, i.e., Cyber PMM): A deep market-focused cyber brief highlighting Google’s unified security push, Forrester’s proactive security framing, and Gartner’s new classification of exposure management platforms. Includes vendor shifts (Deepwatch, identity security), open AI tool updates (GPT 5.1), and job/gig alerts relevant to the cybersecurity product ecosystem.

Red Teaming with Artificial Intelligence-Driven Cyberattacks: A Scoping Review (Mays Al-Azzawi; Dung Doan; Tuomo Sipola; Jari Hautamäki; Tero Kokkonen) This scoping review analyzes how artificial intelligence is being operationalized in offensive cybersecurity contexts, particularly red teaming. Screening 470 records, the authors identify AI-enabled attack vectors including automated penetration, data exfiltration, credential harvesting, and social engineering. The paper highlights how AI accelerates reconnaissance and exploitation phases while lowering attacker skill thresholds. It also frames AI-driven red teaming as a defensive necessity for simulating next-generation threats.

Securing the AI Frontier: Urgent Ethical and Regulatory Imperatives for AI-Driven Cybersecurity (Vikram Kulothungan): This article examines governance and regulatory tensions emerging from AI integration into cybersecurity systems. It surveys global regulatory frameworks (including EU risk-based models), then analyzes ethical risks such as algorithmic bias, privacy erosion, transparency deficits, and accountability gaps. The author argues for harmonized international policy and increased public AI literacy to ensure responsible deployment of AI-enabled cyber defense technologies.

Adversarial Defense in Cybersecurity: A Systematic Review of GANs for Threat Detection and Mitigation (Tharcisse Ndayipfukamiye; Jianguo Ding; Doreen Sebastian Sarwatt; Adamu Gaston Philipo; Huansheng Ning): This systematic review synthesizes 185 peer-reviewed studies on Generative Adversarial Networks (GANs) in cybersecurity. It proposes a taxonomy covering defensive functions, architectures, domains, and threat models. Findings show GANs improving intrusion detection, malware classification, and IoT security resilience. However, issues such as training instability, benchmarking gaps, computational cost, and explainability remain barriers to operational deployment.

Zero Trust Cybersecurity: Procedures and Considerations in Context (Brady D. Lund; Tae Hee Lee; Ziang Wang; Ting Wang; Nishith Reddy Mannuru):This paper evaluates Zero Trust Architecture (ZTA) as a response to increasingly sophisticated, AI-augmented threat landscapes. It details implementation principles such as continuous authentication, least-privilege access, and breach-assumption design. Case analysis focuses on high-information-exchange environments (e.g., libraries, educational institutions), illustrating how ZTA mitigates lateral movement and insider risk.

Advancing Cybersecurity Through Machine Learning: A Scientometric Analysis of Global Research Trends and Influential Contributions (Kamran Razzaq; Mahmood Shah) Using scientometric and bibliometric techniques, this study maps global research output at the intersection of machine learning and cybersecurity. It identifies publication growth, leading institutions, collaboration networks, and dominant subfields (e.g., intrusion detection, malware analytics). The authors highlight ML’s accelerating role in predictive defense and automated threat intelligence while noting concentration of influence among a small cluster of research hubs.

Integrating Artificial Intelligence into the Cybersecurity Curriculum in Higher Education: A Systematic Literature Review (Jing Tian) This systematic literature review examines how universities are embedding AI into cybersecurity education. It evaluates curriculum models, competency frameworks, lab environments, and interdisciplinary integration. The paper concludes that AI literacy is becoming foundational for cyber workforce readiness, recommending expanded hands-on training in automated defense, adversarial ML, and AI risk governance.

Brought to you in cooperation with Telerik: