SecPro

A busy week for the SEC makes for excellent new?sWebinar: Introducing a Market-Changing Approach to Mobile App SecurityJoin Guardsquare to learn more about our new guided configuration approach to mobile application protection.Our latest innovation ensures that all developers can effortlessly launch apps with industry-leading protection in less than a day.This webinar will: walk through Guardsquare's new guided configuration approach; discuss how this new approach empowers mobile app publishers to easily configure security features, receive actionable insights, and monitor protection outcomes without sacrificing app performance or user experience; and cover a case study addressing how customers successfully implemented the technology.Register NowSPONSORED#174: Hacked BackA busy week for the SEC makes for excellent newsWelcome to another_secpro!It can be hard to know what to believe when it comes to the internet. Not only are the various stories sometimes obviously contradictory, but they might also be written by people who have an interest in presenting contradictory stories to drive up engagement. With that in mind, here are some talking heads the Editor thinks you can rely on (Editor: along with, of course, the Editor...).Bruce Schneier dispelled exaggerated claims about China breaking modern encryption and highlighted concerns over AI use in whistleblower programs influencing stock markets. He also discussed the indictment of a CEO for security certification fraud and detailed an Israeli operation sabotaging Hezbollah’s communication devices. Meanwhile, Cisco reported a denial-of-service vulnerability in its VPN services, and LinkedIn was fined €310 million by the Irish Data Protection Commission for privacy violations. FortiGuard Labs identified a critical vulnerability in FortiManager software, while new ransomware (Qilin.B) with enhanced evasion tactics was documented by Halcyon. Additionally, Brazil arrested a cybercriminal involved in breaches of sensitive U.S. data, and the SEC charged companies for misleading cybersecurity disclosures.Check out _secpro premiumAs always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!Cheers!Austin MillerEditor-in-ChiefNews BytesBruce Schneier -No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer: "The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunkingsaved me the trouble of writing one. It all seems to have come fromthis news article, which wasn’t bad but was taken widely out of proportion. Cryptography is safe, andwill befor along time."Bruce Schneier -AI and the SEC Whistleblower Program: "Whistleblowing firms can also use the information they uncover to guide market investments byactivist short sellers. Since 2006, the investigative reporting siteSharesleuthclaimsto have tanked dozens of stocks and instigated at least eight SEC cases against companies in pharma, energy, logistics, and other industries, all after its investors shorted the stocks in question. More recently, a new investigative reporting site calledHunterbrook Mediaand partner hedge fund Hunterbrook Capital, have churned out18investigative reports in their first five months of operation and disclosed short sales and other actions alongside each. In at least one report, Hunterbrooksays they filed an SEC whistleblower tip."Bruce Schneier -Justice Department Indicts Tech CEO for Falsifying Security Certifications: TheWall Street Journalisreportingthat the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.Bruce Schneier -More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies: "TheWashington Posthas a long and detailedstoryabout the operation that’s well worth reading (alternate versionhere). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924."Cisco - Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability: "A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service... An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service."(Irish) Data Protection Agency - Irish Data Protection Commission fines LinkedIn Ireland €310 million: The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysisand targeted advertisingof users who have created LinkedIn profiles (members). The decision, which was made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, and notified to LinkedIn on 22 October 2024, concerns the lawfulness, fairness and transparency of this processing. The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling €310 million.FortiGuard Labs - Missing authentication in fgfmsd: A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability to be exploited in the wild.Halcyon - New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion: Researchers at anti-ransomware solutions provider Halcyon have documented a new version of the Qilin ransomware payload dubbedQilin.B for tracking. According to thePower Rankings: Ransomware Malicious Quartilereport, Qilin (aka Agenda) is a ransomware-as-a-service (RaaS) operation that emerged in July of 2022 that can target both Windows and Linux systems. ‍Qilin operations include data exfiltration for double extortion. Krebs on Security - Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach: "Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating theFBI’s InfraGardprogram and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data brokerNational Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population."Krebs on Security - The Global Surveillance Free-for-All in Mobile Ad Data: "Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites..."SEC - SEC Charges Four Companies With Misleading Cyber Disclosures:The charges against the four companies result from an investigation involving public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity. “As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement.Tenable - CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage: Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or crack the password. The vulnerability affected both the OPA CLI (Community and Enterprise editions) and the OPA Go SDK.This week's toolsgoliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.Upcoming events for _secprosSecTor(October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.LASCON 2024(October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.SANS HackFest Hollywood 2024 (October 29th): Choose Your Experience: In-Person or Live Online - whether you're planning to dive into the full HackFest experience in Hollywood, or the free, curated content offered Live Online, you'll walk away with new tools, techniques, and connections that will have a lasting impact on your career.ODSC West 2024 (October 29th): "Since 2015, ODSC has been the essential event for AI and data science practitioners, business leaders, and those reskilling into AI. It offers cutting-edge workshops, hands-on training, strategic insights, and thought leadership. Whether deepening technical skills, transforming a business with AI, or pivoting into an AI-driven career, ODSC provides unparalleled opportunities for learning, networking, and professional growth."*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A week of madness where AI went haywireIntroducing A Market-Changing Approach to Mobile App Protection by GuardsquareMobile applications face constant, evolving threats; to address these challenges, Guardsquare is proud to announce the launch of our innovative guided configuration approach to mobile app protection. By combining the highest level of protection with unparalleled ease of use, we empower developers and security professionals to secure their applications against even the most sophisticated threats. Guardsquare is setting a new standard for mobile app protection and we invite you to join us on this journey to experience the peace of mind that comes with knowing your mobile applications are protected by the most advanced and user-friendly product on the market.Learn More#171: Going hAIwireA week of madness where AI went haywireIn the lead up to October - Cybersecurity Awareness Month! - we're offering everyone a chance to jump on the _secpro train...For a limited time, get 20% off all subscriptions at the checkout. You can get access to our podcasts, our templates, our security guides, and other _secpro events for a fifth off. And you can cancel anyway. What's there to lose?Thanks and enjoy!Upgrade for 20% off!Welcome to another_secpro!AI developers and users have suffered this week, with multiple reports of difficulties and insecurities coming from the most prominent platforms in the world. If you're the kind of person who has integrated AI into their home- and worklife (as opposed to the Editor, who is currently trying to find an empty cabin in the woods...), there will be plenty worth paying attention to here...Check out _secpro premiumIf you missed it, we sent out the first issue of the new _secproPremium (_secpro Premium #1: Change is Difficult) as a free edition. As a teaser for those thinking of subscribing and as a treat for everyone else. Don't miss out!Cheers!Austin MillerEditor-in-ChiefTime for some news!Aqua Nautilus - perfctl: A Stealthy Malware Targeting Millions of Linux Servers: "The name perfctl comes from the cryptominer process that drains the system’s resources, causing significant issues for many Linux developers. By combining “perf” (a Linux performance monitoring tool) with “ctl” (commonly used to indicate control in command-line tools), the malware authors crafted a name that appears legitimate. This makes it easier for users or administrators to overlook during initial investigations, as it blends in with typical system processes."Bruce Schneier - Weird Zimbra Vulnerability: Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. "In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details..." Findthe rest on Schneier's website.Bruce Schneier - AI and the 2024 US Elections: "For years now, AI has undermined the public’s ability to trust what it sees, hears, and reads. TheRepublican National Committeereleased a provocative ad offering an “AI-generated look into the country’s possible future if Joe Biden is re-elected,” showing apocalyptic, machine-made images of ruined cityscapes and chaos at the border.Fake robocallspurporting to be from Biden urged New Hampshire residents not to vote in the 2024 primary election. This summer, the Department of Justice cracked down on aRussian bot farmthat was using AI to impersonate Americans on social media, and OpenAI disrupted anIranian group using ChatGPT to generate fake social-media comments..." Findthe rest on Schneier's website.Bruce Schneier - California AI Safety Bill Vetoed: "Governor Newsom hasvetoed the state’s AI safety bill. I have mixed feelings about thebill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s allEU."Bruce Schneier - Hacking ChatGPT by Planting False Memories into Its Data: "This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model."Cloudflare - How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack: "Since early September,Cloudflare's DDoS protection systems have been combating a month-long campaign of hyper-volumetric L3/4 DDoS attacks. Cloudflare’s defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps). The largest attack peaked 3.8 Tbps — the largest ever disclosed publicly by any organization. Detection and mitigation was fully autonomous. The graphs below represent two separate attack events that targeted the same Cloudflare customer and were mitigated autonomously."Interpol - Arrests in international operation targeting cybercriminals in West Africa: "Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria. The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing."Europol - LockBit power cut: four new arrests and financial sanctions against affiliates: "Europol supported a new series of actions against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure. A suspected developer of LockBit was arrested at the request of the French authorities, while the British authorities arrested two individuals for supporting the activity of a LockBit affiliate. The Spanish officers seized nine servers, part of the ransomware’s infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group. In addition, Australia, the United Kingdom and the United States implemented sanctions against an actor who the National Crime Agency had identified as prolific affiliate of LockBit and strongly linked to Evil Corp. The latter comes after LockBit’s claim that the two ransomware groups do not work together. The United Kingdom sanctioned fifteen other Russian citizens for their involvement in Evil Corp’s criminal activities, while the United States also sanctioned six citizens and Australia sanctioned two."Krebs on Security - A Single Cloud Compromise Can Feed an Army of AI Sex Bots: "Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape."Krebs on Security - Crooked Cops, Stolen Laptops & the Ghost of UGNazi: A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. KrebsOnSecurity has learned that many of the man’s alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.Patchstack- Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting 6+ Million Sites: "This plugin suffers from unauthenticated stored XSS vulnerability. It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request. The described vulnerability was fixed in version6.5.1and assignedCVE-2024-47374. The CCSS and UCSS generation functions_ccss()and_load() take the required parameters and HTTP headers to generate and save the data. The queue is generated using the following code lines."Securonix- SHROUDED#SLEEP: A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia: "The Securonix Threat Research team has uncovered an ongoing campaign, identified as SHROUDED#SLEEP, likely attributed to North Korea’s APT37 (also known as Reaper or Group123). This advanced persistent threat group is believed to be based in North Korea and is delivering stealthy malware to targets across Southeast Asian countries. APT37, unlike other APT groups from the region such as Kimsuky, has a long history of targeting countries outside of the expected South Korean targets. This includes a number of recent campaigns against Southeast Asia countries."This week's toolsgoliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.Upcoming events for _secprosInnovate Cybersecurity Summit (October 6-8th): Powered by the collective knowledge of cybersecurity executives, practitioners, and cutting-edge solution providers, Innovate is the premier resource for CISO education & collaboration.PSC Defense Conference(October 8th): "The PSC Defense Conference is where you will hear from senior executives across the Department of Defense and industry discuss current initiatives aimed at accelerating innovation and delivering capabilities to the Future Force."Cybersecurity Expo 2024(October 8-9th): "Please join us for the annual United States Department of Agriculture (USDA) Cybersecurity Expo on October 8th and October 9th (10:30AM-4:00PM EDT). This virtual event engages and educates cybersecurity professionals and enthusiasts with the goal of raising awareness about cybersecurity and increasing the resiliency in the event of a cyber incident."Red Hat Summit: Connect 2024 (October 15th, 17th, & 22nd): Red Hat® Summit: Connect is coming to cities across Asia Pacific. Join us as we explore the future of Al, hybrid cloud, open source technology, and IT. With plenty of opportunities to engage during sessions, demos, and networking, this year's in-person event will give you access to Red Hat experts and industry leaders- all at no cost.BSidesNYC Conference (October 19th): BSidesNYC is an information security conference coordinated by security professionals within the tri-state area as part of the larger BSides framework. The conference prides itself on building an environment focused on technical content covering various security topics - from offensive security to digital forensics and incident response.SecTor (October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.LASCON 2024 (October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{line-height:0;font-size:75%} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the week gone byBuilding GenAI infra sounds cool—until it’s 3am and your LLM is downThis free guide helps you avoid the pitfalls. Learn the hidden costs, real-world tradeoffs, and decision framework to confidently answer: build or buy? Includes battle-tested tips from Checkr, Convirza & more.Grab it now!#199: An ATT&CK Review and into the BlogosphereA look at the weekWelcome to another_secpro!For all of you who attended the RSA Conference, we hope you had a great time getting up to scratch with the goings on in this industry. Got something to share? Reply to this email and tell us about your thoughts. This week's issue contains:-Apple's AirPlay Vulnerabilities Expose Devices to Hijacking Risks-U.S. Charges 16 Russians Linked to DanaBot Malware Operation-Budget Cuts to U.S. Cybersecurity Agency Raise Concerns Amid Rising Threats-Anthropic Implements Stricter Safeguards for New AI Model Amid Biosecurity Concerns-Russian Hackers Target Western Firms Supporting Ukraine, U.S. Intelligence Reports-MITRE ATT&CK - Explained- Understanding the use cases of the MITRE ATT&CK Framework-Integrating MITRE ATT&CK with SIEM Tools-Demystifying the MITRE ATT&CK FrameworkCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefReflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 9 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy!RSA Conference 2025 – Navigating the New Cyber FrontierA reflection on this year's eventsRead the rest here!News BytesApple's AirPlay Vulnerabilities Expose Devices to Hijacking Risks: Researchers at cybersecurity firm Oligo have identified 23 significant security flaws in Apple's AirPlay system, collectively dubbed "AirBorne." These vulnerabilities could allow hackers to hijack devices connected to the same Wi-Fi network, affecting both Apple's native AirPlay protocol and third-party implementations. The discovery underscores the need for prompt security updates to protect users relying on AirPlay-compatible gadgets. Oligo's analysis reveals that the vulnerabilities stem from issues in the AirPlay protocol's implementation, allowing for zero-click remote code execution (RCE) attacks. The flaws are particularly concerning due to their wormable nature, enabling potential rapid spread across devices.U.S. Charges 16 Russians Linked to DanaBot Malware Operation: The U.S. Department of Justice has charged 16 Russian nationals associated with the DanaBot malware operation, a sophisticated tool used globally for cybercrime, espionage, and wartime attacks. DanaBot infected over 300,000 systems and was sold to other hackers via an affiliate model. Notably, it was used in state-linked espionage, including attacks on Ukraine’s defense institutions during the Russian invasion. DanaBot is a modular banking Trojan that has evolved to include functionalities such as credential theft, remote access, and data exfiltration. Its architecture allows for dynamic updates, making it adaptable to various malicious activities. Additional commentary at WeLiveSecurity.Budget Cuts to U.S. Cybersecurity Agency Raise Concerns Amid Rising Threats: Security experts warn that proposed 17% budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) could leave the U.S. vulnerable to retaliatory cyberattacks, especially as Chinese cyberattacks surge. The cuts would lead to the dismissal of 130 employees and cancellation of key contracts, compromising national cyberdefense at a time of heightened threat. Analysts express concern that the reduction in CISA's budget and workforce will hinder the agency's ability to coordinate threat intelligence sharing and respond effectively to cyber incidents, particularly those targeting critical infrastructure. See commentary by Dark Reading.Anthropic Implements Stricter Safeguards for New AI Model Amid Biosecurity Concerns: Anthropic has released Claude Opus 4, its most advanced AI model, under heightened safety measures due to concerns it could assist in bioweapons development. Internal testing indicated that the model significantly outperformed earlier versions in guiding potentially harmful activities. As a result, Anthropic activated its Responsible Scaling Policy, applying stringent safeguards including enhanced cybersecurity and anti-jailbreak measures. The Responsible Scaling Policy includes AI Safety Level 3 (ASL-3) measures, such as prompt classifiers to detect harmful queries, a bounty program for vulnerability detection, and enhanced monitoring to prevent misuse of the AI model. See Anthropic News.Russian Hackers Target Western Firms Supporting Ukraine, U.S. Intelligence Reports: Hackers affiliated with Russian military intelligence have been targeting Western technology, logistics, and transportation firms involved in aiding Ukraine. The cyber campaign sought to obtain intelligence on military and humanitarian aid shipments, using tactics like spearphishing and exploiting vulnerabilities in small office and home networks. Over 10,000 internet-connected cameras near Ukrainian borders and other key transit points were targeted. The attackers, linked to the group "Fancy Bear," employed advanced persistent threat (APT) techniques, including the exploitation of unsecured IoT devices and spearphishing campaigns, to infiltrate networks and gather intelligence on aid logistics. See the NSA report (PDF).This week's blogsMITRE ATT&CK - Explained: This comprehensive guide breaks down the MITRE ATT&CK framework, detailing its components such as tactics, techniques, and procedures. It also compares ATT&CK with the Cyber Kill Chain model, highlighting how ATT&CK provides a more flexible approach to understanding adversary behaviors across different platforms.Understanding the use cases of the MITRE ATT&CK Framework: Tailored for newcomers, this blog offers a step-by-step approach to utilizing the MITRE ATT&CK framework. It emphasizes the benefits of integrating ATT&CK into cybersecurity practices, such as improved threat detection, incident management, and communication among security professionals.Integrating MITRE ATT&CK with SIEM Tools:This article explores how to integrate the MITRE ATT&CK framework with Security Information and Event Management (SIEM) systems, specifically Microsoft Sentinel. It discusses features like the MITRE ATT&CK Blade, rule creation, and tagging, providing insights into enhancing detection and response capabilities.Demystifying the MITRE ATT&CK Framework: This blog offers a clear explanation of the MITRE ATT&CK framework, discussing its role in understanding cyber-attack patterns and applying appropriate mitigation strategies. It emphasizes the framework's value in improving an organization's cybersecurity posture and adapting to evolving threats.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at 200 issuesTrain your own R1 reasoning model with UnslothYou can now run and fine-tune Qwen3 and Meta's new Llama 4 models with 128K context length & superior accuracy. Unsloth is an open-source project that allows easy fine-tuning of LLMs and that also uploads accurately quantized models to Hugging Face. Check it out on Github!Unsloth's new Dynamic 2.0 quants outperform other quantization methods on 5-shot MMLU & KL Divergence benchmarks, meaning you can now run + fine-tune quantized LLMs while preserving as much precision as possible.Tutorial for running Qwen3 here.Tutorial for running Llama 4 here.Take a look!#200: The Bicentennial Giveaway!A look at the past 200 issuesWelcome to another_secpro!200 issues! Where does the time go? We're here providing the same usual content that we always do, but ask our readers to also check out the _secpro archive on Substack for a walk down memory lane or an exciting dive into what you missed before you subscribed. This week's issue contains:-AI Chatbots Enhance Phishing Email Sophistication- U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud-ConnectWise Breached in Cyberattack Linked to Nation-State Hackers-PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto-Earth Lamia Develops Custom Arsenal to Target Multiple Industries-China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool-Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration-Offense For Defense: The Art and Science of Cybersecurity Red TeamingCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefReflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...#1: T1055Check it out here!News BytesAI Chatbots Enhance Phishing Email Sophistication: AI chatbots like ChatGPT are making scam emails harder to detect due to their flawless grammar and human-like tone, enabling more sophisticated phishing schemes. This evolution demands new detection strategies centering on user vigilance and corporate preemptive measures. See also:Zscaler ThreatLabz 2025 Phishing ReportU.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud: The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. See also: Understanding Romance Scams and Cryptocurrency FraudConnectWise Breached in Cyberattack Linked to Nation-State Hackers: ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor.PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto: Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.Earth Lamia Develops Custom Arsenal to Target Multiple Industries: A Chinese threat actor group known as Earth Lamia has been actively exploiting known vulnerabilities in public-facing web applications to compromise organizations across sectors such as finance, government, IT, logistics, retail, and education.China-Linked Hackers Exploit Google Calendar in Cyberattacks on Governments: China-linked hackers are exploiting Google Calendar in cyberattacks on governments, using the platform to deliver malicious links and coordinate attacks, highlighting the need for increased vigilance in monitoring cloud-based services. See also:Securing Cloud-Based Collaboration Tools.This week's academiaPentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Learning about risk, CISA, and stepping upLast chance! It's nearly here!We're into our final week before we host a range of big names in the business talking about what they know best - practical security in the age of AI. Drawing on a wealth of experience, they have plenty to share and will join myself for a day of insights, explorations, and, most importantly for you, discussions that build and rebuild our understanding of the landscape in these new, particular challenges.As a thank you for your continued subscription and engagement, we've even managed to get a code especially for you, my reader: by using SECPRO60, you get 30% and can book your tickets without breaking the bank. What more could you ask for?Check out the link below and clear out your calendar for next Saturday!Check it out on Eventbrite!#214: Risky BusinessLearning about risk, CISA, and stepping upWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Risk-Based Audit Planning.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleRisk-Based Audit PlanningRisk-based audit planning prioritizes the high-risk areas of an organization so as to maximize the effectiveness of the audit. By focusing on areas with the greatest potential for financial loss, compliance issues, or operational inefficiencies, auditors can proactively identify vulnerabilities and support management in making informed decisions.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.Check out the conference on Eventbrite!News BytesThousands kept waiting for Land Rovers after hack: UK-based automaker Jaguar Land Rover (JLR) experienced a sharp production halt across several plants due to a cyberattack, affecting operations and causing delays in vehicle deliveries. The attack was attributed to a hacker alias “Rey” from the Scattered Lapsus Hunters 4.0 group. While no customer data loss has been confirmed, authorities are investigating.Cybersecurity failures rock FEMA and 24 IT staff fired: U.S. Homeland Security Secretary Kristi Noem dismissed two dozen FEMA IT staff following serious cybersecurity mishandlings. The incident involved reactivating compromised credentials after they had been disabled, despite nearly $500 million spent on cybersecurity in FY 2025. The breach may involve state-linked Chinese hackers exploiting Microsoft vulnerabilities.SentinelOne earnings point to strong AI-driven cybersecurity demand: SentinelOne delivered better-than-expected Q2 2026 results, pushing annual recurring revenue above $1 billion and raising full-year guidance. The surge was driven by increased demand for AI-shielded cybersecurity solutions, including its acquisition of Prompt Security. Analysts attribute growth to rising generative-AI threats and tighter regulatory demands.The Resilient Retailer’s Guide to Proactive Cyber Defense: Retailers such as Co-operative and M&S are under rising threat from SIM-swapping and misconfigured appliances. This guide offers a defense blueprint: strong security hygiene, enforced password policies, timely patching, employee training, MDR services, and “assume breach” readiness help mitigate risks and safeguard reputations.Chinese hackers infiltrated critical British infrastructure: GCHQ revealed that Chinese state-sponsored group Salt Typhoon has compromised the UK’s critical infrastructure—telecoms, transport, and governmental systems—as part of a broader global espionage campaign. Active since 2021, the group is linked to multiple Chinese firms, with operations traced in 80 countries, including sensitive targeting of the UK’s NCSC.Grok's security measures have been potentially bypassed, allowing for millions to be affected with malware: Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.This week's academiaPatient Care Technology Disruptions Associated With the CrowdStrike Outage (Jeffrey L. Tully; Sumanth Rao; Isabel Straw; Rodney A. Gabriel; Christopher A. Longhurst; Stefan Savage; Geoffrey M. Voelker; Christian J. Dameff): Cross-sectional study of 2,232 U.S. hospitals showing widespread disruptions to patient-facing and operational systems during the July 2024 CrowdStrike incident; proposes internet-measurement methods to monitor critical healthcare tech in real time.LLM Agents Can Autonomously Exploit One-Day Vulnerabilities (Richard Fang; Xinye Li; Mohit Iyyer; Yixuan Li; Yanjun Qi; David Evans; Neil Gong; Z. Morley Mao; Aurore Fass; Danqi Chen; et al.): Shows that language-model agents, given tools and goals, can autonomously find and exploit freshly disclosed (“one-day”) software bugs, raising urgent questions about automated vulnerability exploitation and defenses.On the Feasibility of Using LLMs to Execute Multistage Network Attacks (Aidan D. Singer; Mark Goldstein; Pang Wei Koh; Adam Gleave; Micah Goldblum; Zico Kolter; Dan Hendrycks) Evaluates whether modern LLMs can plan and carry out realistic, multi-step network intrusions; reports non-trivial success on chained attack tasks and analyzes controls needed to prevent misuse.Con Instruction: Universal Jailbreaking of Multimodal LLMs via Non-Textual Modalities (Zhichao Geng; Haohan Wang; Shiyu Chang; Bo Li; Huan Zhang; et al.): Demonstrates a general jailbreak strategy for multimodal models by embedding adversarial “instructions” in images/audio/etc., transferring across models and tasks; highlights weaknesses beyond text-only prompts.Injecting Universal Jailbreak Backdoors into LLMs in Minutes (Zhuowei Chen; Qiannan Zhang; Shichao Pei): Introduces JailbreakEdit, a model-editing method that plants a universal jailbreak backdoor post-training—in minutes—without dataset poisoning, preserving model utility while reliably bypassing safety.Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack (Piotr Przymus; Thomas Durieux):Forensically reconstructs the XZ backdoor (CVE-2024-3094), showing how long-term social engineering and project maintenance tactics enabled the attack; offers actionable lessons for OSS governance and CI/CD.Source: Reddit*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Getting our head around a notable adversaryInterested in an upcoming event?Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!Check it out on Eventbrite!#213: Crushing SpidersGetting our head around a notable adversaryWelcome to another_secpro!This week, we dive into getting a better understanding of Scattered Spider, dealing with the adversary, and keeping your organisation safe. Also, check out our news, academic reviews, and memes to stretch your skills and check your mental chops!Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleScattered Spider: an in-depth technical and contextual reportScattered Spideris a loosely organised, financially motivated cybercriminal collective that first attracted major public attention in2023and has remained active through 2024 and 2025. The group is notable not for extremely sophisticated zero-day exploits but for a focused, repeatable playbook that combines targeted social engineering, identity compromise, and opportunistic use of legitimate administrative tools to gain and expand access inside large companies.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.Check out the conference on Eventbrite!News BytesThe Era of AI-Generated Ransomware Has Arrived: Cybercriminals are increasingly harnessing generative AI tools like Anthropic’s Claude and Claude Code to automate the creation of ransomware—even by those lacking technical expertise. One group, GTG-5004, used AI to craft and market ransomware with sophisticated evasion techniques, while another, GTG-2002, automated the full attack lifecycle—from finding targets to drafting ransom notes. Separately, ESET uncovered “PromptLock,” the first known AI-powered ransomware prototype that generates attack scripts using locally hosted models. Though not yet deployed, it underscores a worrying shift toward AI-driven cybercrime.Enterprise Security Faces New Challenge as Attackers Master Digital Impersonation: A threat collective known as Scattered Spider (also tracked as UNC3944, Oktapus, and Muddled Libra) is advancing enterprise-targeted social engineering techniques. Their tactics include vishing, smishing, SIM-swap attacks, and helpdesk impersonation, bypassing MFA and abusing admin tools like PowerShell and AnyDesk—a strategy known as “Living off the Land.” The report urges organizations to fortify defenses via behavioral analytics, advanced email and endpoint protection, and thorough security awareness training.Data I/O Shuts Down Systems in Wake of Ransomware Attack: Electronics manufacturer Data I/O experienced a ransomware attack in August 2025—prompting a full shutdown of internal IT systems to contain the breach. The disruption affected communication, shipping, receiving, and manufacturing support, though business operations themselves aren’t yet severely impacted. Given Data I/O’s role as a supplier to major tech players like Tesla, Google, Amazon, and Microsoft, experts warn of broader supply-chain risks and underscore the need for adversarial emulation and proactive defense strategies.Ransomware Attack Disrupts Maryland’s Paratransit Service for Disabled Travellers: The Maryland Transit Administration’s Mobility paratransit service, serving disabled passengers, was hit by a ransomware attack, rendering it unable to process new ride requests. While core transit services—like buses, light rail, and MARC—remain operational, the breach underscores a disturbing trend of cyber threats targeting critical accessibility services. Maryland officials are urging affected users to use the alternative Call-A-Ride program while recovery efforts are underway.Nevada Hit by Cyberattack: State Offices Shut for Two Days: A cyberattack forced Nevada state offices to close for two days, causing outages across government websites and phone lines. While emergency services and citizen data are reportedly unaffected, the incident highlights how public infrastructure remains a high-value target—and the urgent need for hardened defenses and rapid recovery plans.This week's academiaNot on my watch: ransomware detection through classification of high-entropy file segments (Fran Casino; Darren Hurley-Smith; Julio Hernandez-Castro; Constantinos Patsakis): Proposes a method to distinguish encrypted bitstreams (typical of ransomware writes) from other high-entropy data like compression. The approach improves adaptability and accuracy and is positioned for integration into EDR systems. Journal of Cybersecurity.Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats (Amjad Hussain; Ayesha Saadia; Musaed Alhussein; Ammara Gul; Khursheed Aurangzeb): Introduces a GN-BiLSTM model that detects ransomware, classifies category, and attributes family on obfuscated datasets and a large self-collected corpus; reports high accuracy across all tasks. PeerJ Computer Science.A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption (Jaehyuk Lee; Jinwook Kim; Hanjo Jeong; Kyungroul Lee): Studies how attackers use format-preserving encryption to evade entropy-based detectors and presents ML models that detect such files with strong precision across datasets. Sensors, 25.Source: Reddit*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A step beyond the Kill ChainInterested in an upcoming conference?Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!Check it out on Eventbrite!#212: See ya, CKC!A step beyond the Kill ChainWelcome to another_secpro!This week, we're reflecting on the CKC and giving you a handy, printable short guide on the various rungs on the ladder. It's something to help new recruits and non-specialists understand your now mature position - a difficult task on some days!Also, check out our news and academic reviews sections to stretch your skills and check your mental chops!Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefThis week's articleReflecting on the Cyber Kill ChainWhen we talk about “actions on objectives” in cybersecurity, we’re talking about the part of an attack where the intruder finally tries to get what they came for. It’s the payoff stage. They’ve already found a way in, moved through the network, and positioned themselves to strike. At this point, the attacker shifts from preparation to execution. This is where the real damage happens: data gets stolen, systems get destroyed, or resources get used for the attacker’s purposes.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.Check out the conference on Eventbrite!News BytesUK Telecom Incurs Major Data Theft via Warlock Ransomware: On August 12, Colt Technology Services (UK telecom provider) experienced a cyberattack tied to the Warlock ransomware group. The company had to take internal systems offline—such as its Colt Online customer portal and Voice API platform—after attackers exploited a SharePoint vulnerability (CVE-2025-53770) to extract cryptographic keys and exfiltrate several hundred gigabytes of sensitive data, including financial records, employee salaries, and network diagrams. The stolen data was listed for sale on a Russian Tor forum. The breach highlights urgent needs for improved patch management and security protocols in critical infrastructure sectors.Businesses Urged to Adopt a New Cyber Defense Playbook Amid AI Strains: A commentary urging businesses to revamp their approach to cybersecurity due to compounding challenges: burnout among security professionals, AI-driven threats, and geopolitical risks (notably around Taiwan and China). It advocates for C-level involvement, better staffing, education, and legislation like Japan’s Active Cyber Defense laws, which expand pre-emptive responses and public-private sharing.Report: We’ve Entered the "AI Hacking Era"—Both Offense and Defense: Recent findings suggest both cyber defenders and attackers are increasingly deploying AI tools—from automating social engineering and vulnerability scanning to coding support. Google and CrowdStrike utilize AI for vulnerability detection and response; a startup, Xbow, even climbed the HackerOne leaderboard using AI. However, critics highlight concerns over low-quality reports and lack of novel vulnerability discovery. Russian hackers reportedly embed AI in malware to autonomously exfiltrate sensitive data from Ukrainian networks.Australia Seen as Complacent in Cybersecurity — Alert Issued by Malcolm Turnbull: Former PM Malcolm Turnbull condemned Australia’s lax cybersecurity posture. He cited research from Semperis showing that nearly half of cyberattacks occur on under-staffed weekends or holidays. Business leaders and regulators are treating attacks as routine costs, and major institutions delayed basic security measures like MFA. The report also noted frequent ransom and physical threat demands. Turnbull stressed cyber risk must become an executive-level priority.Murky Panda Escalates Cloud & Telecom Intrusions: The China-linked cyber espionage group Murky Panda (aka Silk Typhoon) has intensified attacks targeting the cloud and telecom sector. They abuse trusted cloud relationships and rapidly weaponize N-day and zero-day vulnerabilities, exploiting internet-facing appliances to breach networks across North American government, technology, academic, legal, and professional service sectors."Ramp and Dump" Phishing—Targeting Brokerage Accounts in a New Scheme: KrebsOnSecurity reports that cybercriminals are deploying phishing kits that convert stolen card data into mobile wallet compromises, pivoting to manipulate penny stocks. Attackers use multiple compromised brokerage accounts to inflate stock prices, then sell off shares once values rise—without needing to generate public hype. The FBI is actively investigating this new "ramp and dump" method.This week's academiaThe significance of artificial intelligence in zero trust technologies: a comprehensive review (Deepa Ajish): Peer-reviewed survey that maps how AI techniques—such as behavioral analytics, continuous authentication, and federated/edge learning—augment core Zero Trust tenets (“never trust, always verify”). It reviews recent literature and outlines open challenges (ethics, drift, governance) for deploying AI across ZT policy decision and enforcement points. Journal of Electrical Systems and Information Technology, vol. 11, article 30.A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture (Asif Ali Laghari; Abdullah Ayub Khan; Amel Ksibi; Fahima Hajjej; Natalia Kryvinska; Ahmad Almadhor; Mohamad Afendee Mohamed; Shtwai Alsubai; et al.) Proposes and evaluates an AI-enabled Zero Trust intrusion-detection architecture for IIoT. Uses ML/DL (including federated approaches) to support continuous verification and micro-segmented control in industrial networks, reporting high detection efficacy with resource trade-offs between ML and DL models. Scientific Reports (Nature Portfolio), vol. 15, article 26843.Developing an AI-Powered Zero-Trust Cybersecurity Framework for Malware Prevention in Nuclear Power Plants (Sajedul Talukder; Palash Kumar Bhowmik; Piyush Sabharwall; Syed Bahauddin Alam): U.S. Department of Energy/Idaho National Laboratory technical paper proposing an AI-driven Zero Trust model (with host intrusion prevention, user-behavior analytics, and network segmentation) tailored to nuclear plant operational networks. It argues for continuous authentication/authorization and AI-assisted prevention to defeat advanced malware (post-Stuxnet threat model).Idaho National Laboratory (PDF).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at the issuesWeb Devs: Turn Your Knowledge Into IncomeBuild the knowledge base that will enable you to collaborate AI for years to come.💰 Competitive Pay Structure⏰ Ultimate Flexibility🚀 Technical Requirements (No AI Experience Needed)Weekly payouts + remote work: The developer opportunity you've been waiting for!The flexible tech side hustle paying up to $50/hourApply now!#201: Anarchy in the CyberUKA look at the issuesWelcome to another_secpro!For everyone who won a prize from our last issue, you will receive an email this week to roll out an offer. Keep your eyes open and we'll arrange your gift! This week's issue contains:-New Linux Vulnerabilities (Schneier)- Microsoft Offers Free Cybersecurity Support to European Governments- One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts- Infosecurity Europe 2025 Highlights Emerging Cyber Threats- Victoria's Secret Shuts Down Website Following Cyberattack- Google Uncovers Vishing Campaign Targeting Salesforce Users-Dell Addresses Critical Vulnerabilities in PowerScale OneFS- PentestGPT: An LLM-empowered Automatic Penetration Testing Tool-Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration-Offense For Defense: The Art and Science of Cybersecurity Red TeamingCheck out _secpro premiumCheers!Austin MillerEditor-in-ChiefThis week's articlesCyberUK 2025: Building Resilience in a Shifting Cyber LandscapeA retrospective on the UK's biggest event so far this year. CyberUK 2025, held in Manchester from May 6–8, brought together over 2,000 cybersecurity professionals, policymakers, and industry leaders to tackle the pressing challenges facing the UK's digital landscape. Organized by the National Cyber Security Centre (NCSC), this year's conference centered around the theme “Transforming Resilience. Countering Threats.”Get up to speedAI GRCJoin Hemang as he sketches out the issues for GRC in the age of AI. This was our premium expert article for_secpro last month, so make sure to sign up on Substack and find out everything we have to offer!Check it out now!Reflecting on MITRE ATT&CKMaking our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 10 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:- #1: T1055- #2: T1059- #3: T1333- #4: T1071- #5: T1562- #6: T1486- #7: T1082- #8: T1547- #9: T1506- #10: T1005We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! And now, here is our number one...News BytesNew Linux Vulnerabilities (Schneier): Tracked asCVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.Microsoft Offers Free Cybersecurity Support to European Governments: Microsoft has launched a new initiative to provide European governments with free cybersecurity support aimed at enhancing defenses against increasingly sophisticated cyber threats, including those powered by artificial intelligence (AI).One-Third of U.S. Cybersecurity Agency Staff Depart Amid Budget Cuts: Since the beginning of President Trump's second term, approximately one-third of the workforce at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have left, significantly weakening one of the country's key defenses against cyber threats.Infosecurity Europe 2025 Highlights Emerging Cyber Threats: Infosecurity Europe 2025, held at the ExCeL in London, marked its 30th anniversary with a focus on "Building a Safer Cyber World". Keynote speakers addressed evolving cyber threats, the impact of quantum and AI technologies, and the geopolitical dimensions of cybersecurity.Victoria's Secret Shuts Down Website Following Cyberattack: Victoria's Secret has temporarily shut down its online operations following a suspected cyberattack, although its physical retail stores continue to function normally. The company has engaged third-party cybersecurity experts to investigate the breach.Google Uncovers Vishing Campaign Targeting Salesforce Users: Google has disclosed details of a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion.Dell Addresses Critical Vulnerabilities in PowerScale OneFS: Dell Technologies has released a critical security advisory addressing multiple flaws in its PowerScale OneFS. The most severe allows unauthenticated remote attackers to access and manipulate the file system.This week's academiaPentestGPT: An LLM-empowered Automatic Penetration Testing Tool: This paper introduces PentestGPT, an automated penetration testing tool powered by Large Language Models (LLMs). The study evaluates the performance of LLMs on real-world penetration testing tasks and presents a robust benchmark created from test machines. Findings reveal that while LLMs demonstrate proficiency in specific sub-tasks, they encounter difficulties maintaining an integrated understanding of the overall testing scenario. PentestGPT addresses these challenges with three self-interacting modules, each handling individual sub-tasks to mitigate context loss.Enhancing Cybersecurity Resilience Through Advanced Red-Teaming Exercises and MITRE ATT&CK Framework Integration: This study presents a transformative approach to red-teaming by integrating the MITRE ATT&CK framework. By leveraging real-world attacker tactics and behaviors, the integration creates realistic scenarios that rigorously test defenses and uncover previously unidentified vulnerabilities. The comprehensive evaluation demonstrates enhanced realism and effectiveness in red-teaming, leading to improved vulnerability identification and actionable insights for proactive remediation.Offense For Defense: The Art and Science of Cybersecurity Red Teaming: This article delves into the methodologies, tools, techniques, and strategies employed in red teaming, emphasizing the planning practices that underpin successful engagements. It highlights the strategic application of cyber deception techniques, such as honeypots and decoy systems, to enhance an organization’s threat identification and response capabilities. The piece underscores the importance of continuous improvement and adaptation of strategies in response to evolving threats and technologies.Upcoming events for _secpros this yearHere are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Another look at CISA and a survey of the landscapeBeating the Bots: How to Stop Automated Mobile App AttacksProtecting your mobile app and defending its APIs from bots and automated attacks is more important than ever. Learn how modern API protections can help prevent attacks and mitigate bot impact. Start prepping your defenses by registering for our upcoming webinar.Register Now#215: AI RegeneratingAnother look at CISA and a survey of the landscapeWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Use of AI in Audit Planning.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefAI-Powered Platform EngineeringPlatform engineering is moving fast and AI is at the center of it. In this 5 hour workshop, George Hantzaras will show you how to design golden paths, build smarter developer portals, and bring AI into ops and observability. You’ll leave with practical patterns, real examples, and a 90-day roadmap to start implementing right away.Seats are limited!Reserve your spot today at 30% offHere's a little meme to keep you going...Source: RedditThis week's articleUse of AI in the Audit ProcessAI is revolutionizing various industries, including auditing. Traditionally, auditing has been a manual and time-consuming process, requiring auditors to sift through large volumes of data to identify discrepancies and ensure compliance. However, with the advent of AI, the audit process is becoming more efficient, accurate, and insightful. AI can analyze vast amounts of data quickly, identify patterns, and even predict potential risks, making it an invaluable tool in modern auditing.Read the rest here!News BytesSnowflake-Linked Data Breaches Hit Multiple Firms: Attackers exploited stolen credentials to access customer environments on the Snowflake cloud platform, impacting high-profile companies and exposing large datasets. Investigators warn of ongoing attempts to monetize the stolen data.Critical Infrastructure Targeted in ‘Volt Typhoon’ Campaign: A sophisticated state-aligned threat group expanded its Volt Typhoon operations, deploying stealthy living-off-the-land techniques to compromise U.S. energy and transportation sectors without triggering standard alerts. For further coverage from May, see here.Okta Warns of Credential Stuffing Surge Against Admin Portals: Identity management provider Okta reported a sharp spike in automated credential stuffing attacks on its administrator portals, prompting urgent guidance on MFA enforcement and IP allowlisting.New macOS Spyware ‘FrostedWeb’ Slips Past Apple’s Security Controls: Researchers detailed a novel macOS spyware strain capable of bypassing Gatekeeper and XProtect, harvesting browser data and keystrokes while maintaining persistence through undocumented APIs.This week's academiaHere Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications: Introduces Morris-II, a self-replicating “AI worm” that exploits RAG/GenAI pipelines by embedding adversarial, self-replicating prompts which cause GenAI apps to both execute malicious payloads and propagate the prompt to other agents. The paper demonstrates feasibility in controlled environments and proposes detection/mitigation (the “Virtual Donkey”) to detect propagation. (Stav Cohen, Ron Bitton, Ben Nassi and collaborators).Ransomware 3.0: Self-Composing and LLM-Orchestrated: A proof-of-concept study showing how LLMs can autonomously orchestrate full ransomware campaigns: reconnaissance, synthesis of payloads (code), environment-specific adaptation, exfiltration/encryption, and personalized extortion. The work demonstrates the economic feasibility of LLM-driven ransomware and argues for new behavioral/telemetry defenses. (Md Raz, Meet Udeshi, P. V. Sai Charan, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri)Multimodal Prompt Injection Attacks: Risks and Defenses: Systematic study of prompt-injection threats when inputs are multimodal (text + images + other modalities). Identifies new attack vectors that bypass text-only defenses (for example, embedding malicious instructions in images or mixed content) and evaluates mitigation strategies — useful reading for defenders building multimodal LLM appsPrompt Injection 2.0: Hybrid AI Threats: Extends prompt-injection analysis to hybrid attacks that combine classical web/vulnerability techniques (XSS, CSRF, etc.) with prompt-injection to escape sandboxing and exfiltrate data. The paper analyzes attack chains, demonstrates proof-of-concepts, and evaluates defensive measures that bridge web security and LLM guardrails.Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks (PDF): Presents and characterizes Task-in-Prompt (TIP) attacks — adversarial inputs that appear as innocuous tasks but cause LLMs to perform unintended or harmful actions. The paper provides taxonomy, attack generation techniques, responsible disclosure details, and recommended mitigation guidance for model builders and integrators. This paper was presented at ACL and has sparked active discussion in the NLP/AI safety community. (S. Berezin et al.)A Survey on Model Extraction / Model-Stealing Attacks and Defenses for Large Language Models: A comprehensive survey and taxonomy of model extraction attacks against deployed LLMs (functionality extraction, training-data extraction, prompt-targeted attacks), plus an overview of defensive techniques (rate-limiting, watermarking, API-level defenses). This survey is gaining traction as practitioners scramble to protect proprietary models and user privacy. (K. Zhao et al.)Source: Reddit*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A look at CISA and the wider landscape#216: Agile Audits in the Age of AIAnother look at CISA and a survey of the landscapeWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Agile Auditing.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefAI-Powered Platform EngineeringPlatform engineering is moving fast and AI is at the center of it. In this 5 hour workshop, George Hantzaras will show you how to design golden paths, build smarter developer portals, and bring AI into ops and observability. You’ll leave with practical patterns, real examples, and a 90-day roadmap to start implementing right away.Reserve your spot today at 30% offHere's a little meme to keep you going...Source: RedditThis week's articleAgile auditingAI is revolutionizing various industries, including auditing. Traditionally, auditing has been a manual and time-consuming process, requiring auditors to sift through large volumes of data to identify discrepancies and ensure compliance. However, with the advent of AI, the audit process is becoming more efficient, accurate, and insightful. AI can analyze vast amounts of data quickly, identify patterns, and even predict potential risks, making it an invaluable tool in modern auditing.Read the rest here!News BytesChrome 0-day (CVE-2025-10585): Google disclosed and patched CVE-2025-10585, a type-confusion bug in the V8 JavaScript / WebAssembly engine that has been observed exploited in the wild. Because this is an actively-exploited browser engine bug, the authoritative technical artifact is Google’s Chrome release/security bulletin (stable channel update) and associated vendor advisories rather than a research whitepaper. The release notes identify the V8 type-confusion fix and list affected Chromium builds.Chaos Mesh “Chaotic Deputy” GraphQL flaws: JFrog Security (and follow-ups in the vulnerability ecosystem) published a technical disclosure of a set of critical flaws in Chaos-Mesh’s controller manager that expose an unauthenticated GraphQL debug API. The exposed API allows attacker-controlled calls (including endpoints to kill processes inside pods, manipulate iptables, etc.), enabling remote code execution and potential full Kubernetes cluster takeover if the operator does not restrict access. JFrog’s writeup includes proof-of-concept explanations, recommended mitigations and the patched versions.DELMIA Apriso CVE-2025-5086: CISA added CVE-2025-5086 (deserialization of untrusted data in Dassault Systèmes DELMIA Apriso) to its KEV catalog after evidence of active exploitation. The vulnerability allows maliciously crafted serialized input to trigger remote code execution — attackers in observed campaigns delivered malicious DLLs via the flaw. CISA’s KEV listing and the NVD entry provide technical details, affected versions and required mitigation timelines (patch or compensating controls).Shai-Hulud: Unit 42/Sysdig technical investigations: Multiple security research teams identified a novel, self-replicating worm campaign (tracked as Shai-Hulud) that has compromised hundreds of NPM packages. The malware steals developer credentials/tokens (npm, GitHub, cloud keys), implants backdoors and malicious CI workflows, and uses those stolen tokens to publish infected package updates — creating a developer-to-supply-chain propagation mechanism. Unit 42 and Sysdig provide in-depth technical writeups (IOC lists, indicators, malware behavior, recommended detection and remediation steps).EggStreme APT framework by Bitdefender: Bitdefender published a detailed technical report on a newly observed APT toolkit dubbed EggStreme, used in targeted espionage against a Philippine military organization. Bitdefender’s writeup is a full technical breakdown: multi-stage loaders, fileless/in-memory reflective loading, DLL sideloading techniques, gRPC-based C2, and modular backdoor/keylogger payloads (EggStremeFuel → EggStremeLoader → EggStremeReflectiveLoader → EggStremeAgent). The report contains IOCs, behavioral descriptions and recommended detection rules. This is effectively a vendor whitepaper / technical advisory. Axios abuse through the “Salty 2FA” phishing kits: ReliaQuest published a technical “Threat Spotlight” describing a surge in automated phishing using the Axios HTTP client and abuse of Microsoft 365 Direct Send to evade mail defences. Their analysis documents how Axios-based tooling and specialized phishing kits (nicknamed “Salty 2FA”) attempt to harvest credentials or bypass MFA at scale. The ReliaQuest writeup includes telemetry, attack flows, and mitigation guidance (policy hardening, Direct Send restrictions, EDR/IDS detection hints).This week's academiaMultimodal Prompt Injection Attacks: Risks and Defenses: Systematic study of prompt-injection threats when inputs are multimodal (text + images + other modalities). Identifies new attack vectors that bypass text-only defenses (for example, embedding malicious instructions in images or mixed content) and evaluates mitigation strategies — useful reading for defenders building multimodal LLM appsPrompt Injection 2.0: Hybrid AI Threats: Extends prompt-injection analysis to hybrid attacks that combine classical web/vulnerability techniques (XSS, CSRF, etc.) with prompt-injection to escape sandboxing and exfiltrate data. The paper analyzes attack chains, demonstrates proof-of-concepts, and evaluates defensive measures that bridge web security and LLM guardrails.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Brought to you by Frontegg with Packt _secproYou may have outsourced CIAM to the engineering team, but security still gets the call when there’s a breach. It’s time for you to take control, not the blame.Frontegg gives security teams direct control over the policies that safeguard your customer-facing application. No more waiting for developers to implement step-up MFA or manage compliance updates.That’s whereFrontegg’sAI Security Suitecomes in.We’ve built our platform to address the realities you face every day:• Adaptive anomaly detectionthat learns user behavior and flags deviations in real time.• Identity and session protection, like impossible travel, to battle account takeovers and bots.• Policy automation at scaleso your access controls are consistent.• Operational visibilitythat integrates directly into your existing SecOps workflow.The result: faster detection, fewer false positives, and a security posture that evolves as threats do.Start Your Free TrialDelivered by Packt SecPro in partnership with Frontegg.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Climbing off the CKC ladderInterested in an upcoming conference?Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!Check it out on Eventbrite!#211: The Zero Trust FundClimbing off the CKC ladderWelcome to another_secpro!This week, we're finishing off our focus on the final piece of the Cyber Key Chain: "actions on objectives". Next week, we're rolling out a recap of the CKC and taking a vote on what we do next - because we're nothing if not democratic!Also, check out our news and academic reviews sections to stretch your skills and check your mental chops!Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefThis week's article"Actions on Objectives" in the Cyber Kill ChainWhen we talk about “actions on objectives” in cybersecurity, we’re talking about the part of an attack where the intruder finally tries to get what they came for. It’s the payoff stage. They’ve already found a way in, moved through the network, and positioned themselves to strike. At this point, the attacker shifts from preparation to execution. This is where the real damage happens: data gets stolen, systems get destroyed, or resources get used for the attacker’s purposes.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Mark helps organizations meet cybersecurity and digital transformation goals by combining learnings from across Microsoft customers with Microsoft’s experience operating and protecting hyper-scale cloud services.Mark is co-author of the Zero Trust Playbook (http://zerotrustplaybook.com) and co-host of the Azure Security Podcast. Mark actively contributes to open standards and publications including the Zero Trust Reference Model, Zero Trust Commandments, Security Principles for Architecture, NIST Guide for Cybersecurity Event Recovery (800-184), NIST Guide to Enterprise Patch Management (800-40), Microsoft Digital Defense Report, and Microsoft Security blogs.Mark also chairs the Security Forum and co-chairs the Zero Trust Architecture (ZTA) working group at The Open Group and has presented numerous conferences including Black Hat USA, RSA Conference, Gartner Security & Risk Management, BSides, Microsoft BlueHat, Microsoft Ignite, and Financial Executives International.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.With a life-long passion for actionable delivery and Computer Architecture, and over 40 publications and presentations at blind-refereed fora, Nikhil has delivered Enterprise, AI, Cloud, Security, SOA, Information, Enterprise and Application Architecture solutions for Fortune 10 organizations to startups. A successful MIT Startup mentor, he has taken companies to market, run legacy modernization initiatives, and led small to large teams. Clients include AMEX, bonddeskgroup, Comerica Bank, The Hartford, Sovereign Bank, St. John Health Systems, AFLAC, GMAC, etc.. Known as a trusted partner and change leader, Nikhil often acts in CXO advisory and leadership roles.As a thought leader Nikhil has been invited to and led and authored numerous global industry standards, such as co-chairing the Zero Trust Working Group, SOA Reference Architecture and SOA for Business Technology Guide, and is actively involved in Precision Medicine, Digital Transformation, Zero Trust and APIs/ SOA. Nikhil started ApTSi to create the solutions company of the future based on innovation and application with a belief that actionable solutions combine people, process, technology, frameworks and products, to provide high quality, risk managed, agile solutions.Check out the conference on Eventbrite!News BytesAccenture’s Largest-Ever Cybersecurity Acquisition: CyberCX Deal: Accenture has agreed to acquire CyberCX, an Australian cybersecurity firm founded in 2019 with 1,400 employees and a presence in Australia, New Zealand, London, and New York. The purchase, reported to be over A$1 billion (~US$650 million), marks Accenture’s biggest move in the cybersecurity space to date and follows its pattern of expanding services to meet escalating AI-related threats.Shift to Offensive Security as Proactive Defense: In response to rising automation and AI-driven cyber threats—highlighted by recent UK retail breaches—this article advocates for offensive security. Techniques like red teaming and penetration testing are recommended to identify and mitigate vulnerabilities before they’re exploited, shifting from reactive to evidence-based defense.UK’s Chronic Cyber Skills Shortage Exposes SMEs to Risk: The UK is facing a serious shortage of cybersecurity professionals—particularly in SMEs—which jeopardizes national cyber resilience. A report by De Montfort University for the All-Party Parliamentary Group on Cyber Innovation calls for a national skills taxonomy, standardized recruitment, and interdisciplinary training to bridge the gap.Fragmented Cybersecurity Tools Undermine Organizational Defense: As businesses adopt an expanding mix of disconnected security tools to manage evolving infrastructure, they face visibility gaps, data silos, and inefficient risk response. The article urges the adoption of unified, AI-driven cybersecurity platforms to consolidate asset management, threat detection, and compliance for stronger defense.Cybersecurity Must Be ‘Secure by Design’ Rather Than Reactive: Responding to rapidly evolving cyber threats, the UK Public Accounts Committee criticizes outdated “build and forget” security models. The piece calls for embedding cybersecurity across system lifecycles, regulatory reform (e.g., Cyber Security and Resilience Bill), continuous monitoring, and workforce development to shift toward a proactive posture.This week's academiaZero trust cybersecurity: Critical success factors and a maturity assessment framework (William Yeoh, Marina Liu, Malcolm Shore, Frank Jiang): Reports a three-round Delphi study with 12 security experts to identify the critical success factors for zero-trust programs. It organizes eight dimensions—identity, endpoint, application/workload, data, network, infrastructure, visibility & analytics, and automation & orchestration—and proposes a practical maturity assessment to benchmark adoption.Verify and trust: A multidimensional survey of zero-trust security in the age of IoT (Muhammad Ajmal Azad, Sidrah Abdullah, Junaid Arshad, Harjinder Lallie, Yussuf Hassan Ahmed): A peer-reviewed survey that synthesizes zero-trust principles and technologies for IoT systems, covering authentication/authorization models, policy-based access, micro-segmentation, and the use of blockchain. It maps applications across sectors and highlights open research issues and deployment recommendations.A Proposal for a Zero-Trust-Based Multi-Level Security Model and Its Security Controls(Jae-Won Park, Hye-Young Park, H. Youm): Proposes and implements a model that fuses Multi-Level Security (MLS) with zero-trust principles. The paper details policy enforcement and control mechanisms to continuously verify subjects and objects across classification levels, and discusses how the integrated approach mitigates lateral movement and insider threats.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Moving up the Cyber Kill ChainNeed something to read?Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification exam. With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of the Certified Ethical Hacker 312-50 Exam Guide.- Learn how to look at technology from the standpoint of an attacker- Understand the methods that attackers use to infiltrate networks- Prepare to take and pass the exam in one attempt with the help of hands-on examples and mock testsCheck it out today!#210: Hitting C2 with Defensive C4A look at the issuesWelcome to another_secpro!This week, we're looking at installation on CKC, reflecting on the week's biggest stories, and heading out into the quagmire of modern academia. Sound good? Scroll down and check out what we have on offer.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefThis week's articlesC2 in the Cyber Kill ChainTo understand the role of command and control in a cyber attack, it's helpful to start with the step that immediately precedes it—installation (handily,that’s exactly what we discussed last week). When someone talks about a cyber attack moving beyond just probing or scanning, they’re often referring to the attacker getting something persistent inside the target’s system...Read the rest here!News BytesGreedyBear Steals $1 M in Crypto Using 150+ Malicious Firefox Wallet Extensions: A campaign codenamed GreedyBear exploited over 150 malicious extensions in the Firefox marketplace, disguised as popular crypto wallets (e.g., MetaMask, Exodus). By using a tactic called “Extension Hollowing”, attackers first built credibility by uploading benign extensions, then weaponized them later—resulting in the theft of over $1 million in cryptocurrency.Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems: Two critical remote code execution (RCE) vulnerabilities (CVE‑2025‑54948 and CVE‑2025‑54987, CVSS 9.4) in Trend Micro Apex One Management Console—on-premise—are being actively exploited in the wild. A temporary fix tool is available while a formal patch is expected mid‑August. Mitigation guidance includes restricting remote access and patching promptly.Storm‑2603 Deploys DNS‑Controlled Backdoor in Warlock and LockBit Ransomware Attacks: The threat actor Storm‑2603 has exploited SharePoint vulnerabilities, deploying a DNS‑based backdoor (AK47DNS) and HTTP variant (AK47HTTP) to deliver both Warlock and LockBit ransomware. Using tools like PsExec and masscan, it executed a sophisticated hybrid of APT and criminal tactics targeting Latin American and APAC organizations since early 2025.CL‑STA‑0969 Installs Covert Malware in Telecom Networks During 10‑Month Espionage Campaign: A state-sponsored threat cluster, CL‑STA‑0969 (linked to Liminal Panda), infiltrated Southeast Asian telecommunication infrastructure for nearly 10 months. Though no data was stolen, victims were implanted with various advanced tools (e.g., AuthDoor, Cordscan, EchoBackdoor, ChronosRAT) for persistent covert access and intelligence gathering.Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps: A flaw named MCPoison (CVE‑2025‑54136, CVSS 7.2) in the AI-powered Cursor code editor could allow remote code execution (RCE). An attacker can initially gain code trust through a benign Model Context Protocol (MCP) configuration, then swap it for malicious content—executed silently when the user opens Cursor. Fixed in version 1.3 with stricter approvals.Akira Ransomware Exploits SonicWall VPNs in Likely Zero‑Day Attack on Fully‑Patched Devices: The Akira ransomware group has been leveraging SonicWall SSL VPNs, possibly exploiting a zero-day vulnerability, even on fully patched devices. Attacks began mid‑July, and organizations are advised to disable VPN access temporarily, enforce multi-factor authentication (MFA), audit user accounts, and bolster password hygiene.This week's academiaFrom Texts to Shields: Convergence of Large Language Models and Cybersecurity (Tao Li, Ya‑Ting Yang, Yunian Pan, Quanyan Zhu):This paper explores how large language models (LLMs) intersect with cybersecurity—ranging from using LLMs for vulnerability analysis in 5G networks to generative security engineering. It also examines challenges like transparency, ethics, and safety in deploying LLMs and proposes a research roadmap for secure adoption in cyber contexts.Cybersecurity through Entropy Injection: A Paradigm Shift from Reactive Defense to Proactive Uncertainty (Kush Janani): Introduces the concept of deliberately injecting entropy—randomness—into systems to enhance unpredictability and thwart attackers. The study includes theoretical foundations, practical implementations (like ASLR and moving target defenses), and shows how entropy-based approaches can cut attack probability dramatically (by over 90%) with minimal performance impact.Neuromorphic Mimicry Attacks Exploiting Brain‑Inspired Computing for Covert Cyber Intrusions (Hemanth Ravipati): Examines vulnerabilities in neuromorphic computing—hardware designed to mimic brain functioning. The research introduces “Neuromorphic Mimicry Attacks” (NMAs), where attackers subtly manipulate neural activity to breach systems undetected. It proposes defenses tailored to neuromorphic systems, like anomaly detection and secure synaptic protocols.Cyber Shadows: Neutralizing Security Threats with AI and Targeted Policy Measures (Marc Schmitt, Pantelis Koutroumpis): Analyzes the concept of “cyber shadows”—hidden or indirect threats in the digital age—and advocates for a dual approach combining AI-driven systems (like intrusion detection) with policy and regulatory mechanisms to form a more robust, multilevel cybersecurity strategy.Prompt Injection—Emerging Risks in LLM‑Integrated Cybersecurity Systems (Various): Discusses "prompt injection" attacks—where malicious inputs manipulate LLM behavior. Notably, a 2025 report revealed academic papers embedding hidden prompts to skew AI-powered peer review systems, illustrating how prompt injection can compromise academic integrity. This underscores present-day vulnerabilities in AI-assisted processes.Interested in an upcoming conference?Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!Check it out on Eventbrite!*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

A last look at Hemang Doshi's advice for AI, auditing, and privacyYou may have outsourced CIAM to the engineering team, but security still gets the call when there’s a breach. It’s time for you to take control, not the blame.Frontegg gives security teams direct control over the policies that safeguard your customer-facing application. No more waiting for developers to implement step-up MFA or manage compliance updates.Start Your Free TrialTake a look at the Security Suite directly#217: Privacy and YouAnother look at CISA and a survey of the landscapeWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Data Privacy Program and Principles.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefAdvance your technical career with actionable, practical solutionsAWS re:Invent 2025 Las VegasTransform your skills at AWS re:Invent 2025. Master new AWS services, join immersive workshops, and network with top cloud innovators at AWS re:Invent 2025. As a re:Invent attendee,you'll receive 50% discount code towards any AWS Certification exam.Our 2025 event catalog is now available!Explore the EventHere's a little meme to keep you going...Source: RedditThis week's articleData Privacy Program and PrinciplesAI is revolutionizing various industries, including auditing. Traditionally, auditing has been a manual and time-consuming process, requiring auditors to sift through large volumes of data to identify discrepancies and ensure compliance. However, with the advent of AI, the audit process is becoming more efficient, accurate, and insightful. AI can analyze vast amounts of data quickly, identify patterns, and even predict potential risks, making it an invaluable tool in modern auditing.Read the rest here!News BytesCisco ASA / FTD Zero-Days Under Active Exploitation: On 25 September, Cisco and CISA published security advisories confirming that multiple zero-day vulnerabilities affecting Cisco ASA / FTD (Firewall, VPN) products are being actively exploited. Two of these (CVE-2025-20333, CVE-2025-20362) were confirmed to have been exploited in the wild.Threat actors have leveraged advanced evasion techniques (disabling logs, intercepting CLI commands, modifying boot processes) and deployed bootkits such as RayInitiator combined with malware (e.g., LINE VIPER) to persist across reboots and firmware upgrades. The urgency prompted CISA to issue an Emergency Directive 25-03, mandating U.S. federal agencies to inventory, assess, and mitigate vulnerable Cisco devices.Continued Attack Campaign on Cisco Firewalls (Rommon / Bootkit-level Persistence) (PDF): Following the zero-day disclosures, deeper forensics revealed that the adversaries are not merely exploiting web/VPN logic flaws, but targeting the ROM Monitor (ROMMON) / boot environment of ASA devices. The RayInitiator bootkit persists in the boot chain, and it loads LINE VIPER, a malware module that can intercept commands, bypass VPN AAA, suppress logs, and embed itself into core ASA processes (e.g. lina). Some devices lack Secure Boot / Trust Anchor support, making them more vulnerable. These mechanisms impede forensic detection and complicate patching strategies — for example, even after reboots or upgrades, malicious modules can survive.Scattered Spider: Retail Service Desk Exploits Renewed Focus: Throughout the week, multiple analyses surfaced reaffirming that the hacking collective Scattered Spider (aka UNC3944 / Octo Tempest) is continuing to rely heavily on social engineering of service desks / help desks to gain initial footholds in enterprise networks. A new PDF—Cross-Sector Mitigations: Scattered Spider—jointly produced by sector cyber-information shares, outlines updated TTPs (tactics, techniques, procedures) and countermeasures for financial services, IT/retail, health, etc. In one prominent case, attackers impersonated internal staff, tricked the helpdesk into resetting MFA / disabling controls, and escalated privileges inside M&S / Co-op systems. Forensic Visualization Toolkit: Enhancing Threat Hunting: In a freshly published academic work (11 September 2025), researchers present “Enhancing Cyber Threat Hunting – A Visual Approach with the Forensic Visualization Toolkit”. The toolkit offers interactive visualizations of forensic and telemetry data (network, file access, process graphs) to assist threat hunters in spotting anomalies that may evade automated detection systems. The authors argue that combining human analytical insight with visualization accelerates detection of stealthy threats, especially those embedded in normal-looking activity windows.The paper includes realistic case studies and performance comparisons, making it a timely reference for SOC / IR teams aiming to ramp threat‐hunting maturity.Burnout in Cybersecurity: A Strategic Risk Report: While not a direct breach event, a notable paper published earlier in 2025 — “A Roadmap to Address Burnout in the Cybersecurity Profession” — has gained renewed attention this week in security circles. The work synthesizes findings from a multi-disciplinary workshop involving practitioners, academics, and ex-NSA cyber operators. It outlines the human, organizational, and workflow stresses contributing to attrition and mental fatigue, and presents a roadmap of interventions (training, rotation, psychological support, team-based structures) to mitigate erosion of security capacity. Given current pressure on SOC/IR teams (e.g. responding to high-tempo incidents like the Cisco zero-days), this issue is increasingly treated as a strategic risk in cybersecurity planning.Digital Forensics & Risk Mitigation Strategy for Modern Enterprises: Another academic contribution gaining traction is “Comprehensive Digital Forensics and Risk Mitigation Strategy for Modern Enterprises”, published February 2025. The paper walks through a simulated case of a large identity/data-analytics firm under attack and develops an integrated strategy covering pre-incident readiness (forensic architecture design, monitoring), live response, post-incident lessons, and regulatory compliance.It emphasizes adaptive AI/ML techniques, integration of threat intelligence into forensics workflows, and continuous “forensic readiness” as a discipline. In the context of emerging threats (e.g. boot-level persistence, identity-based service desk attacks), the paper serves as a robust blueprint for mature enterprise response programs.This week's academiaAdversarial Machine Learning: A Taxonomy and Terminology: A comprehensive NIST report that builds a clear taxonomy and standardized terminology for adversarial machine learning (AML). It describes attacker goals and capabilities across ML life-cycles, categorizes AML attack and defense types, and outlines current technical and measurement challenges for trustworthy AI in security-sensitive systems. Highly cited and used as a baseline by both researchers and practitioners.(A. Vassilev et al. NIST Trustworthy & Responsible AI group).On Adversarial Attack Detection in the Artificial Intelligence Era: Survey/analysis of detection techniques for adversarial attacks on ML models, contrasting classic concealment/malware tactics with modern adversarial-example threats. The paper evaluates state-of-the-art detection approaches and points to gaps where attackers are leveraging large models and automation to evade defenses. Useful for defenders designing layered ML security. (N. Al Roken and collaborators).A Defense-Oriented Model for Software Supply Chain Security: Introduces the AStRA graph-based model (Artifacts, Steps, Resources, Principals) to represent software supply chains and reason about security objectives and defenses bottom-up. Applies the model to case studies and maps past supply-chain attacks to show where defenses succeed or fail — a practical roadmap for research and industry focusing on supply-chain mitigations (SBOMs, build integrity, provenance, etc.). (E. A. Ishgair and coauthors).Securing Automotive Software Supply Chains: NDSS paper that examines unique risks in automotive software supply chains (ECUs, OTA updates, third-party components). It evaluates real automotive update pipelines, shows practical attack scenarios, and recommends defenses tailored to the automotive context (signing, reproducible builds, hardened update channels). Very relevant given recent high-profile industrial supply-chain incidents. (Marina Moore, Aditya Sirish A. Yelgundhalli, Justin Cappos).Managing Deepfakes with Artificial Intelligence: Introducing a Business/Privacy Calculus: Academic analysis of deepfake threats and defenses from both technical and socio-economic angles. Proposes an AI-assisted detection/mitigation framework and a privacy/business calculus for organizations to evaluate risks vs. countermeasure costs (useful for enterprises facing deepfake-enabled fraud or reputational attacks). Timely as synthetic media use explodes. (G. Vecchietti and collaborators).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Interested in something new?Life doesn't stand still. Neither does cybersecurity. In part, this is because cybersecurity is a concept and concepts can't stand at all—still or otherwise—but that is a concern for another day. If you have a finger on the pulse of the current landscape, you've probably noticed that quite a lot of people have quite a lot to say about AI, its role in cybersecurity, and how the future seems to be changing... and possibly even for the better.If you're interested in keeping up with this conversation (or you have been living under a rock and need to do some quick catching up), you might like our soon-to-be available newsletter:CyberAI with Packt. We will be riding the currents of the day, diving into the emerging issues and getting to the heart of the problem with our friends working on the front lines and wanting to show their battle scars. Sound like something interesting? Check out the survey below and tell us what you'd like to see.Take the survey - get the newsletter#218: AI for BeginnersA friendly resource for people low down the ladderWelcome to another_secpro!This week, we've included a PDF resource to help you improve your training sessions and help the non-specialists amongst us to make the right moves in the age of AI. We've also expanded the news we've been pouring over as well as included a few academic essays. Check them out!- A Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”- Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025- Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025)- Analysis of Publicly Accessible Operational Technology and Associated Risks- Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited- Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363)- Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”- CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks- FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”- Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport DisruptionsCheck out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleCybersecurity AI FAQsA cybersecurity professional's worst nightmare often instead an APT, a skilled hacker, or even a bored script kiddie with time to waste. It's often the most fearsome threat to internal security known to humanity: the average Joe employee.The kinds of errors that the adversary can seize upon are the kinds of errors that the average Joe makes through ignorance - and, often, it's not entirely his fault that he's ignorant about these things. Due to the nature of cybersecurity and cyberthreats, even a curious layman with a strong sense of responsibility to make sure he understands the newest emergent threats doesn't have enough time to get into the nitty-gritty of what makes a seemingly innocent action into the very thing the adversary needs to get working. Because of that, we've put together a handy little 10-point document to share with your coworkers, staple to walls, and build into your training sessions.Click below to check it out!Get the shareable document hereNews BytesA Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict”: This arXiv paper provides a novel geopolitical threat-intelligence-based analysis of cyber threats targeting the energy sector. By applying generative AI to structure raw threat data, the authors map actor origins vs target geographies, assess detection tool effectiveness (especially learning-based), and highlight evolving trends (including supply chain, third-party, and state-actor activity) in the energy domain. Their findings offer actionable insights into risk exposure and resilience for operators and policymakers.Kaspersky ICS CERT: Dynamics of External and Internal Threats to Industrial Control Systems, Q2 2025: This report examines threat activity targeting ICS (Industrial Control Systems) in Q2 2025, breaking down external vs internal threats, types of malware detected, and penetration depth across network boundaries. Key findings include that ~20.5% of ICS systems blocked some threats, with malware types including spyware, backdoors, malicious scripts, and rogue documents. The report also analyses “borderline” systems where initial external penetration meets internal propagation, highlighting persistent risks in OT infrastructures.Threat landscape for industrial automation systems (Kaspersky ICS CERT, Q2 2025): A companion to the previous report, this document specifically focuses on industrial automation systems (e.g., HMIs, SCADA, local control networks) and tracks how often these systems are attacked, what types of malware and scripts are used, and the trends in exposure over time. It also discusses implications for segmentation, detection, and response in critical infrastructure settings.Analysis of Publicly Accessible Operational Technology and Associated Risks: This research quantifies and analyses OT devices exposed on the public internet, identifying nearly 70,000 such systems globally using vulnerable protocols (e.g. ModbusTCP, EtherNet/IP, S7). The authors use automated screenshot analysis to reveal exposed HMIs/SCADA interfaces, outdated firmware, and predictable configurations. The study underscores how misconfigured or publicly accessible OT systems create dangerous attack paths into critical infrastructure.Tenable FAQ on CVE-2025-20333 / CVE-2025-20362: Cisco ASA / FTD Zero-Days Exploited: Tenable’s research team provides a detailed walkthrough of two zero-day vulnerabilities actively exploited in Cisco’s Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) products (CVE-2025-20333 and CVE-2025-20362). They explain how these flaws can be chained, the attack surface involved (VPN web server), the threat actor attribution (UAT4356 / ArcaneDoor), and mitigation strategies. This is timely given the widespread deployment of Cisco ASA in critical networks.Kudelski Security Advisory: Cisco ASA WebVPN & HTTP Zero-Day Vulnerabilities (CVE-2025-20333 / CVE-2025-20362 / CVE-2025-20363): This threat research brief gives technical detail on how Cisco ASA vulnerabilities impacting WebVPN and HTTP/HTTPS services are being actively exploited by state-sponsored attackers. It highlights persistent techniques (including firmware and ROM modification), evasion of logging, and the survival of implants across device reboots/updates. Useful for defenders needing to understand the root cause and attack chain.Greenbone: “Cisco CVEs 2025: Critical Flaws in ASA & FTD”: Greenbone’s security blog summarises the newly disclosed Cisco CVEs (including CVE-2025-20333 and CVE-2025-20362) and provides context for detection and remediation via their vulnerability scanners. They explain the exploitation risk (especially for unpatched VPN web server configurations) and give guidance for scanning and prioritising vulnerable assets.CIRT.GY Advisory: Cisco ASA and FTD Zero-Day Vulnerabilities Actively Exploited in State-Sponsored Attacks: This advisory provides detailed technical description and IOCs (Indicators of Compromise) for the exploitation of Cisco ASA/FTD zero-days by threat actors, particularly focusing on configuration bypass, persistence, and the importance of isolating impacted devices. It also includes recommendations for network segmentation and migration to supported hardware due to end-of-life concerns.FortiGuard Labs: “Threat Signal Report – ArcaneDoor Attack (Cisco ASA Zero-Day)”: FortiGuard provides a technical briefing on the ArcaneDoor espionage campaign, tracking its evolution, exploitation patterns, and implications for Cisco firewall deployments. The report discusses how the attackers maintain persistence, perform reconnaissance and lateral movement, and how defenders should respond at scale.Black Arrow Cyber Threat Intelligence Briefing (26 Sept 2025): MFA Bypass, Supply Chain and Airport Disruptions: In their weekly digest, Black Arrow highlights several important cyber events: (1) the exploitation of MFA bypass and third-party/supply chain weaknesses contributing to prolonged cyber incidents, (2) disruption at European airports via attacks targeting Collins Aerospace’s Muse software, and (3) increasing sophistication of ransomware groups focusing on data theft. While not a formal academic paper, this briefing is authored by credible threat intelligence analysts and includes incident patterns, risks, and mitigation recommendations.This week's academiaRansomware 3.0: Self-Composing and LLM-Orchestrated: introduces a research prototype and threat model for LLM-orchestrated ransomware that uses large language models at runtime to synthesize payloads, perform reconnaissance, and carry out extortion in a closed loop. The paper evaluates this capability across personal, enterprise and embedded environments and presents behavioral signals/telemetry to help build defenses. This work sparked media attention because it shows how low-cost LLMs could materially lower the barrier to generating effective malware (research demonstration, not a deployed criminal campaign).Author(s): (Md Raz, Meet Udeshi, P.V. Sai Charan, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri.)A Survey of Attacks on Large Language Models: a systematic survey cataloguing attacks against LLMs and LLM-based agents (training-phase attacks, inference-phase attacks, availability/integrity attacks). The paper reviews representative methods and defenses, organizes threat taxonomies, and highlights open research challenges for securing deployed LLM systems. This is useful background for anyone tracking LLM security trends and countermeasures. (Wenrui Xu, Keshab K. Parhi)To Patch or Not to Patch: Motivations, Challenges, and Implications for Cybersecurity: a focused review on why organizations delay or avoid applying security patches. The paper synthesizes industry and academic literature to identify incentives/disincentives (resource limits, legacy systems, risk perceptions, vendor relationships, human factors) and discusses implications for vulnerability management and policy. Highly relevant given recurring mass-exploitation incidents (Log4Shell, WannaCry, supply-chain incidents) where delayed patching was critical. (Jason R. C. Nurse, Institute of Cyber Security for Society / University of Kent)Unraveling Log4Shell: Analyzing the Impact and Response to the Log4j Vulnerability: a comprehensive technical measurement and analysis of the Log4Shell (Log4j/CVE-2021-44228) incident: discovery timeline, exploitation patterns, measured attack volumes, impacted sectors, and mitigation/response strategies. Useful both as a historical case study and as a guide to improving open-source component hygiene and incident response practices.Author(s): John Doll, Carson McCarthy, Hannah McDougall, Suman Bhunia (Dept. of Computer Science & Software Engineering, Miami University).*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}